Protecting Confidentiality in a Collaborative Environment

By Chris Utley, CPA, CA, published in CPABC in Focus
Published: November/December 2013

Teamwork is an integral part of the learning and training process for professional accountants. As university and accounting students, we work in teams and study groups on many different projects and assignments. As we start our professional lives, we’re assigned to various teams to work together on different projects for our employers.

Working in teams enables us to benefit from the sharing of ideas, inputs, and efforts. It also fosters the development of professional relationships and friendships, many of which will endure long after our career paths have diverged and we’ve moved on to new opportunities.

Where this collegial culture can lead to problems, however, is in the sharing of confidential client information and proprietary employer information. Thankfully, some basic precautions can help you stay onside.

A sample “sharing” scenario

Let’s say you currently work in public practice and specialize in tax. Providing tax advice and recommending tax strategies is an integral part of your job. As part of this work for your clients, you most likely research past advice and strategies within your own organization, which would include similar advice provided to other clients. This is all part of the process of doing the best job for your clients and employer.

Let’s imagine that you’re struggling to create the right strategy for one of your clients. Maybe you have an innovative approach in mind, but you’re just not sure if it’s the best plan. There are individuals in your circle of friends and contacts who work in the same field—albeit with different organizations—and you think it would be extremely useful to tap into their pool of expertise.

Why not consult your network and ask these friends and colleagues if they’ve encountered a similar situation? Maybe they could share examples of advice given and strategies recommended. Alternatively, you could run your draft advice and strategy—or at least parts of this strategy, so as not to give away the full picture—by your network for their feedback. This kind of knowledge-sharing can have enormous benefits for professionals and, in turn, the clients they serve. The danger lies in the details—what information you can and can’t share, in what context, and for what purpose.

The repercussions of a breach

Let’s say that in the interests of expanding your knowledge, you share information with a colleague that should have been kept confidential. The conduct committee of your legacy regulatory body will take into account the use of this confidential information, the motives behind this usage, and your level of experience.

Deliberate breaches of confidentiality will likely result in losses of membership. Sometimes, however, well-intentioned individuals who inadvertently find themselves in these kinds of scenarios may be given a second chance; even so, they will likely be found in breach of the code of ethics and sanctioned with large fines and full case costs, and may also be required to attend ethics courses.

Note that there may also be consequences, such as internal discipline measures, within your employer organization. Consider, for example, that an individual breach could put your entire organization (firm, employer) offside of privacy legislation.

Precautionary measures

Before consulting with your network, be sure to take the following precautions:

  • Delete any personal and specific client details before sharing information.
  • Avoid sharing proprietary information specific to your employer organization—such as templates, checklists, and forms—with colleagues in other organizations.
  • Do not share information without the knowledge and written consent of your client and/or employer. Codes of ethics require that confidential client and employer information shall not be disclosed except in certain situations and under certain conditions, one of which is the receipt of written consent from the applicable party.
  • If you plan to discuss strategies on a no-name basis or plan to distribute client or firm information that has been redacted, make sure you clear it with your supervisor first.
  • Consider the whole picture. Each piece of information taken separately may not amount to a breach of confidentiality, but combined, these various pieces of information could amount to a breach. For example, even if you do not specifically identify a client when describing a scenario, if you disclose enough information that a listener could figure out the identity of said client with a reasonable amount of inquiry, then you have, in all likelihood, breached confidentiality.

Finally, a message to all employers: Reinforce your internal policies regarding the use of company and client information.

Staying onside

As a professional accountant, you have a duty of confidentiality to clients that is of paramount importance. You also have a duty to recognize information that is proprietary to your organization.

We understand that you want to provide exemplary service to your clients, do the best job for your employer, and improve your knowledge and efficiency—these are all meaningful goals. Just be sure that in pursuing these goals, you keep confidentiality top of mind.

Chris Utley is the director of ethics at the ICABC. He thanks Ted Tanaka, barrister & solicitor, for his assistance with the article. Tanaka is the manager, regulatory practices at CGA-BC.