Confidentiality is one of the first questions that comes up when a workplace investigation begins. People want to know if what they share will stay private and who will have access to the information. These concerns are completely natural. After all, trust in the process often rests on how well confidentiality is explained and upheld.
In this blog we will look at why confidentiality matters, what it does and does not mean in practice, and how to communicate the boundaries clearly to your people. We will also untangle the difference between anonymity and confidentiality, as this is often a point of confusion. By the end, you should feel clearer on how to balance transparency, trust and the legal requirements that sit behind a fair investigation.
Why confidentiality matters
Investigations can only work if people feel safe enough to speak openly. Without that sense of security, individuals may hold back key information, or worse, decide not to come forward at all.
For employers, confidentiality is not just about reassurance. It protects the integrity of the investigation itself. When handled properly, it prevents:
- gossip spreading around the organisation
- reputational harm to individuals involved before any findings are reached
- the risk of claims being compromised because information is shared too widely
Take for example a situation where a manager shares details of an ongoing investigation in casual conversation. Even without meaning to, this can shape how colleagues view those involved. It can fuel speculation and make witnesses less likely to contribute. Once that trust is broken, it is difficult to rebuild.
Another common pitfall is treating confidentiality as secrecy. Some organisations try to “shut down” all discussion, giving little information to anyone. This can backfire. If people feel they are being kept in the dark, they may assume the worst, fuelling rumours rather than stopping them. The key is balance: protecting information, while giving enough clarity to show the process is being handled fairly.
What can and cannot be kept confidential
This is where many organisations stumble. Confidentiality has limits, and being clear about them from the outset avoids misunderstandings later.
What you can reasonably keep confidential:
- the details of the allegations beyond those who need to know
- the identity of witnesses during the investigation stage
- the evidence gathered until findings are ready to be shared
What cannot stay completely confidential:
- the fact that an investigation is taking place (those involved will need to know)
- information that must be disclosed to give someone a fair chance to respond
- situations where there is a legal duty to report, for example safeguarding concerns
This is also where anonymity often gets confused with confidentiality. An anonymous complaint can be submitted, but it limits what you can do in response. Without knowing who raised the concern, it can be difficult to test credibility, gather evidence or provide feedback. For example, if an unsigned note claims harassment is happening in a particular team, the organisation can make some enquiries, but it will struggle to move to a formal process without the complainant’s input.
A confidential complaint, on the other hand, means the person’s identity is known but not shared beyond those who genuinely need to know. This allows the organisation to take action while still protecting the individual as far as possible.
It is important to explain this difference to your people. Once someone speaks up and identifies themselves, it cannot stay anonymous. What you can do is keep their information confidential within the boundaries of a fair process.
Who needs to know what and when
A good principle is to share information only on a need to know basis. That means limiting details to those who are directly involved in managing or responding to the investigation.
Think about the groups who may need access:
- the investigator, who requires the full picture
- HR or people leads, to ensure compliance and record keeping
- the individual facing allegations, who must see enough detail to respond fairly
- witnesses, who may need context but not the whole case file
Timing matters too. Not everyone needs to know everything straight away. For example, outcomes are usually shared with the parties directly involved, but they do not have to be circulated across the wider team. In fact, doing so can expose the organisation to unnecessary risk.
A common mistake is telling line managers more than is necessary “to keep them in the loop”. This can be risky. While managers often want updates, unless they are directly responsible for managing the investigation outcome, sharing too much information can blur boundaries and increase the chance of leaks.
Handling leaks or breaches of confidentiality
Even with the best intentions, confidentiality can slip. Perhaps someone shares more than they should in conversation, or documents are left unsecured.
When this happens, the response should be swift and proportionate. That might include:
- reminding individuals of their obligations
- putting practical safeguards in place, such as password protection
- in serious cases, taking disciplinary action if the breach was deliberate
Realistically, most breaches are accidental. For example, forwarding an email chain with attachments that include sensitive details. But even if unintentional, it can still cause damage. Acting quickly shows your people that you take confidentiality seriously and are committed to repairing trust.
Just as important is being upfront with those affected. If confidentiality has been compromised, explain what has happened and what steps are being taken to address it. Silence will only fuel mistrust.
Practical takeaways
To keep workplace investigations confidential, remember these key points:
- be clear at the outset about what confidentiality means and where the limits are
- explain the difference between anonymous and confidential complaints
- share information only on a need to know basis
- avoid the extremes of either secrecy or oversharing
- take swift action if a breach occurs
Confidentiality is not about creating secrecy but about managing information responsibly.
Workplace investigations depend on trust, and confidentiality is central to that trust. By setting clear boundaries and explaining the difference between anonymity and confidentiality, you create a fairer, safer process for everyone involved.
If you would like support with an independent workplace investigation, or advice on how to set up processes that protect both people and the organisation, contact us at Hello
