Discover the corporate confidentiality lessons learned from recent UK bank CEO resignations and safeguard your company with essential strategies to fortify corporate confidentiality in our latest article.

Earlier this year we saw the resignations of not one but two UK bank CEOs within the space of a couple of days should have sent more than a minor ripple through the boardrooms of the country.

NatWest CEO, Alison Rose found herself at the centre of a media frenzy when former UKIP leader and Brexit champion Nigel Farage, discovered the reasons behind his proposed ousting from Coutts Bank.

It transpired that Ms Rose had attended an awards event where she had engaged in a conversation with BBC news business editor, Simon Jack.  After the event, Mr Jack subsequently referenced on Twitter, a “trusted and senior source”, who had confirmed that the de-banking of Mr Farage had been for “commercial reasons”.

A Subject Access Request from Mr Farage later confirmed that the committee at Coutts Bank board had discussed Mr Farage’s business and determined he was a risk to their reputation based on his political views.

48 hours following Ms Rose’s resignation Coutts CEO Peter Flavel also resigned.

This story serves as a timely reminder of the importance of following corporate policy and maintaining the confidence of a private customer or for that matter any personal information held in trust.

Engaging in a casual conversation with a high-profile journalist, regardless of the time, or location is high risk if questions turn to customer accounts. Divulging any information would be deemed a breach of confidence. The journalist, not bound by any confidentiality agreement, would be free to report it on the BBC website or social platforms. Even with the source anonymised, the event would quickly be checked, and a simple investigation of attendees led to a conclusion on the source.

Here are a few Dos and Don’ts to consider in corporate confidentiality.


  1. Define Confidentiality: Clearly define what constitutes sensitive/confidential information within the organisation. This includes data related to employees, customers, suppliers, financial information, strategic plans, and any other proprietary information.
  2. Educate and Train: Ensure all senior executives are educated and trained on the importance of corporate confidentiality and data protection. Host (or ensure your employees attend) regular workshops and seminars to reinforce the significance of safeguarding sensitive information.
  3. Need-to-Know Basis: Share sensitive information only with those who have a legitimate interest and need to be aware within the organisation. Implement strict access controls to limit exposure and ensure information is shared on a need-to-know basis. Make sure to safeguard your team.
  4. Secure Communication Channels: Use secure communication channels, such as encrypted emails and password-protected documents, when sharing information internally or externally.
  5. Non-Disclosure Agreements (NDAs): Employ NDAs with employees, contractors, suppliers, and other stakeholders to remind them of their legal obligations and to maintain confidentiality. NDAs should not be used indiscriminately as their legitimacy can be easily undermined if the application is not reasonable and proportionate.
  6. Incident Reporting: Establish a clear protocol for reporting any breaches of confidentiality or suspected data leaks. Promptly investigate and address any such incidents. If authorities or an industry body requires notification, ensure they are fully informed.
  7. Regular Audits: Conduct regular audits of data handling practices and confidentiality measures to identify and address potential weaknesses.

Do Nots:

  1. Share Confidential Information Casually: Refrain from discussing sensitive matters casually or in public places where conversations can be overheard.
  2. Unauthorised Disclosure: Avoid sharing confidential information with individuals who are not authorised or have a legitimate interest.
  3. Social Media Caution: Do not discuss or share confidential information on personal or public social media platforms, including, but not limited to, Facebook, Twitter, Instagram, Threads, TikTok or LinkedIn.
  4. Unencrypted Communication: Do not send sensitive information via unsecured channels like regular email or unencrypted messaging apps or intranets if they can be accessed by unauthorised employees.
  5. Gossiping: Refrain from participating in office gossip or spreading rumours that involve sensitive company information, this extends beyond working hours.

Disciplinary Actions for Breach of Corporate Confidence:

If a senior executive is found to have breached confidence, the executive board, director(s) or business owner(s) may consider the following disciplinary actions:

  1. Formal Investigation: The board should conduct a thorough investigation to ascertain the extent of the breach and the potential impact on the organisation.
  2. Reassignment: Depending on the severity of the breach, the executive may be reassigned to a different role within the organisation, where they have restricted access to sensitive information.
  3. Training and Re-education: The executive may be required to undergo additional training and re-education on confidentiality practices to prevent future incidents.
  4. Public Apology: If the breach has affected stakeholders outside the organisation, the executive may be required to issue a public apology.
  5. Termination: In severe cases of intentional or repeated breaches, the senior executive responsible may face termination of employment.
  6. Legal Action: If the breach involves a violation of legal regulations, the company may pursue legal action against the individual to seek damages and protect its interests.
  7. Review and Strengthen Policies: The executive board should review existing confidentiality policies and implement stronger measures to prevent similar breaches in the future.

Maintaining confidentiality is paramount for any organisation wishing to build trust in its various working relationships. This is possible through establishing clearly defined and communicated protocols to protect the interests of employees, customers, and suppliers.

There is also the importance of preserving the reputation and success of the organisation which can take years to build but only minutes to unravel.

Get in touch with us.

This field is for validation purposes and should be left unchanged.