Workplace Investigation Confidentiality Rules: What HR Can and Cannot Share

6/26/2026

When an employee files a harassment complaint or a whistleblower report lands on your desk, one of the first things HR professionals say is, “We’ll keep this confidential.” But what does that promise actually mean — and can you even make it? Understanding workplace investigation confidentiality rules is one of the most nuanced challenges in HR practice, and getting it wrong can expose your organization to liability from multiple directions at once.

Too much secrecy can undermine the investigation itself, violate employees’ legal rights, and leave your organization unable to mount critical legal defenses. Too little discretion can compromise witness testimony, expose the complainant to retaliation, and destroy trust in the entire process. This guide breaks down exactly what HR can and cannot share during a workplace investigation — and the legal frameworks that dictate those boundaries.

What “Confidentiality” Actually Means in Workplace Investigations

One of the most common misconceptions in HR is that investigation confidentiality means absolute silence. It does not. In practice, workplace investigation confidentiality rules require HR to share certain information with certain people at specific times — while restricting unnecessary disclosure to those who have no legitimate need to know.

Confidentiality Is Not Secrecy

A workplace investigation is not a classified government operation. Information must flow to the accused party (who needs enough detail to respond meaningfully), witnesses (who need context to provide relevant testimony), management (who may need to implement interim measures), legal counsel, and sometimes regulatory agencies when mandatory reporting applies.

What confidentiality does mean is that HR should limit disclosure to the minimum information necessary for each audience, avoid casual discussion of the matter, and clearly instruct all participants about their own confidentiality obligations.

The “Need to Know” Standard

The practical framework most employment attorneys recommend is the need-to-know standard: share only what each person needs to fulfill their role in the investigation or comply with legal requirements. A witness does not need the full scope of the complaint. A department manager implementing a schedule change does not need the underlying allegations in detail.

This standard protects investigation integrity, reduces retaliation risk, and demonstrates responsible handling — without imposing an unrealistic blanket of silence. (For foundational best practices, see our guide on how to conduct a workplace investigation.)

The NLRB and Banner Health: Why Blanket Confidentiality Policies Are Risky

For years, many employers maintained standard investigation policies that included language like “Do not discuss this investigation with anyone.” That practice was fundamentally reshaped by the National Labor Relations Board’s landmark decision in Banner Estrella Medical Center (358 NLRB 809, 2012) and subsequent guidance.

What the NLRB Ruled

The NLRB held that blanket confidentiality instructions during workplace investigations can violate employees’ Section 7 rights under the National Labor Relations Act (NLRA) — the right to engage in concerted activity, which includes discussing wages, working conditions, and workplace concerns with coworkers. This applies to both union and non-union workplaces.

Under the Banner Health framework, employers cannot issue a one-size-fits-all confidentiality directive. Instead, HR must conduct a case-by-case assessment and demonstrate a legitimate business justification for restricting an employee’s right to discuss the matter. Acceptable justifications include:

• Witness protection: A credible concern that witnesses could be intimidated, coerced, or retaliated against
• Evidence preservation: A risk that evidence could be destroyed or fabricated
• Testimony integrity: A likelihood that witnesses will coordinate or alter their accounts if allowed to discuss the case
• Flight risk or safety concern: Circumstances suggesting the accused or others may flee, engage in harmful behavior, or obstruct the investigation

What This Means for HR in 2026

Although the NLRB’s composition and interpretive priorities shift with each administration, the Banner Health framework remains the most widely cited standard, and many employment attorneys advise treating it as the baseline. As of 2026, the practical guidance is:

1. Do not use boilerplate confidentiality language that prohibits all discussion of the investigation
2. Document your case-specific analysis of why confidentiality restrictions are justified for each participant
3. Tailor your instructions — some witnesses may need stricter confidentiality directives than others based on the specific risk factors present
4. Explain the reason for the confidentiality request when possible (e.g., “We’re asking you not to discuss this with other potential witnesses to protect the integrity of the process”)

For a deeper look at how investigation best practices have evolved, visit the Workplace Investigations FAQ page.

What HR Can Share — and with Whom

Understanding workplace investigation confidentiality rules requires clarity about the different audiences involved and what each is entitled to know.

Disclosures to the Complainant

The complainant has a legitimate interest in knowing that their complaint was received and is being taken seriously, the general timeline, any interim protective measures, and the outcome in general terms (e.g., “The investigation has concluded, and appropriate corrective action has been taken”). You are not obligated to share the specific disciplinary action taken against the accused — doing so creates privacy issues and defamation exposure. However, providing no closure can undermine the Faragher-Ellerth defense (discussed below) and discourage future reporting.

Disclosures to the Accused

The accused needs the nature of the allegations in enough detail to respond meaningfully — vague statements like “someone has raised a concern” are insufficient. They must have the opportunity to respond to specific factual claims and receive notice of any interim measures affecting their employment. You should not disclose the complainant’s identity unless the investigation cannot proceed without it. When identity must be revealed, document why and inform the complainant beforehand.

Disclosures to Witnesses

Witnesses should receive enough factual context for relevant testimony — but not a full briefing on the complaint. Provide clear instructions about what you are asking them not to discuss and why, and assure them they will not face retaliation. Avoid “leading” interviews by over-sharing: telling a witness that multiple people have already corroborated the complaint contaminates testimony.

Disclosures to Management

Managers may need to know that an investigation is underway, what interim measures to implement, and the general outcome with corrective actions they are responsible for enforcing. Restrict details to operational need-to-know — a senior VP does not need witness statements, just the conclusion and the action plan.

The Faragher-Ellerth Defense and Why Closing the Loop Matters

The Faragher-Ellerth defense — from Faragher v. City of Boca Raton (524 U.S. 775, 1998) and Burlington Industries v. Ellerth (524 U.S. 742, 1998) — provides employers an affirmative defense to vicarious liability for supervisor harassment. The employer must prove it exercised reasonable care to prevent and promptly correct harassing behavior, and that the employee unreasonably failed to use available corrective opportunities.

How Confidentiality Intersects with This Defense

An overly rigid confidentiality posture can undermine this defense. Failing to communicate outcomes to the complainant signals that the employer did not “promptly correct” the behavior. Refusing to share corrective measures makes it appear no action was taken. Excessive secrecy discourages future reporting, weakening the argument that accessible corrective opportunities existed.

The takeaway: share enough to demonstrate that the organization took the matter seriously and implemented appropriate corrective action. You do not need to disclose specific disciplinary details — but complete silence is a strategic and legal mistake.

For more guidance on building investigation processes that support your legal defenses, explore the Internal Investigations Certificate Program.

State Privacy Laws and Additional Confidentiality Considerations

Federal standards set the floor, but many states impose additional requirements that affect workplace investigation confidentiality rules. HR professionals must account for their specific state landscape.

State-Specific Considerations

• California: The CCPA/CPRA grants employees certain rights over personal information, and California has strong anti-retaliation protections under the Labor Code. Employers should be cautious about what employee data is collected and disclosed during investigations.
• Illinois: The Workplace Transparency Act restricts confidentiality provisions in settlement agreements related to workplace harassment or discrimination, signaling a trend toward limiting employer secrecy around outcomes.
• New York: State and NYC human rights laws require prompt investigative action, and the NYC Commission on Human Rights has emphasized that retaliation protections extend to all investigation participants.
• Recording consent states: In two-party consent states (e.g., California, Illinois, Pennsylvania, Florida), investigation interviews cannot be recorded without all parties’ knowledge — you must be transparent about documentation methods.

Unionized Workplaces

In union environments, employees may have Weingarten rights to union representation during investigatory interviews that could lead to discipline. Collective bargaining agreements may contain specific provisions about investigation procedures and information sharing, and union representatives who participate have their own obligations and rights regarding information they receive.

Documentation and Record Retention

Every confidentiality instruction you give should be documented in writing. Best practices include:

• Providing each participant with a written confidentiality notice that specifies what they are being asked not to discuss and why
• Having participants sign an acknowledgment (though refusal to sign should not prevent the investigation from proceeding)
• Retaining all confidentiality-related documentation as part of the investigation file
• Following your organization’s record retention schedule, which should comply with EEOC guidance recommending that personnel and employment records be retained for at least one year from the date of the action involved

This documentation serves as evidence that your organization took a thoughtful, legally compliant approach — not a blanket prohibition that could violate employees’ rights.

Building a Confidentiality Framework That Works

Rather than relying on ad hoc decisions, HR departments should develop a structured confidentiality framework that guides every investigation.

Step 1: Assess the Risk Factors

Before issuing any confidentiality instructions, evaluate whether there is a credible risk of witness intimidation, evidence destruction, safety concerns, or whether the nature of the allegation (e.g., sexual assault, financial fraud) warrants heightened discretion.

Step 2: Tailor Instructions by Role

Participant	What to Share	What to Restrict
Complainant	Acknowledgment, timeline, interim measures, general outcome	Specific discipline of accused, witness identities
Accused	Nature of allegations (sufficient detail for response), interim measures	Complainant identity (when possible), witness names
Witnesses	Relevant factual context for their testimony	Full scope of complaint, other witness statements
Management	Operational need-to-know (interim measures, outcome, action plan)	Detailed witness statements, evidentiary details

Step 3: Deliver Instructions Clearly

Use plain language — not legalistic boilerplate. A good confidentiality instruction sounds like:

“We are asking you not to discuss the details of this interview or the investigation with coworkers who may also be involved, because we want to ensure that everyone provides their own independent account. You are not prohibited from discussing your own working conditions, but we ask that you help us protect the fairness and integrity of this process.”

Step 4: Document Everything

Record the date and time confidentiality instructions were given, the specific instructions provided (ideally in writing), the justification for the level of restriction, and any questions the participant asked. This level of documentation separates a defensible investigation from one that crumbles under legal scrutiny. For more on documentation best practices, see writing workplace investigation reports that hold up.

For a comprehensive, hands-on approach to mastering these skills, the Workplace Investigation Training Program covers confidentiality management alongside interviewing techniques, evidence handling, and report writing.

Frequently Asked Questions

Can HR require employees to keep a workplace investigation completely confidential?

No. Under the NLRB’s Banner Health framework, blanket confidentiality mandates can violate employees’ Section 7 rights under the NLRA. Employers must demonstrate a case-specific business justification — such as protecting witnesses or preserving evidence — before restricting discussion. Tailored, justified confidentiality instructions are permissible; blanket gag orders are not.

Does the complainant have a right to know the outcome?

No federal statute requires disclosure, but the Faragher-Ellerth defense strongly favors providing at least a general summary. Telling the complainant that the investigation concluded and appropriate action was taken demonstrates your duty to promptly correct the behavior, without disclosing specific disciplinary details.

What should HR do if a witness refuses to agree to confidentiality?

Document the refusal, proceed with the interview, and note any heightened risks. A refusal should not prevent the investigation from moving forward. If the witness’s stance threatens investigation integrity, consult legal counsel — but do not retaliate against the witness for asserting their rights.

How long should investigation records and confidentiality documentation be retained?

The EEOC recommends retaining employment records for at least one year from the personnel action involved. If a discrimination charge has been filed, retain records until fully resolved. Many organizations adopt three- to seven-year retention periods to account for statutes of limitations. Investigation files, including confidentiality notices, should follow the same schedule.

Take the Next Step: Master Workplace Investigation Best Practices

Workplace investigation confidentiality rules are just one piece of a complex, high-stakes process. From conducting defensible interviews to writing reports that hold up in court, every phase of an investigation demands training, judgment, and legal awareness.

The Internal Investigations Certificate Program from HRCertification provides hands-on training in confidentiality management, witness interviewing, evidence preservation, legal frameworks, and report writing — designed for HR professionals, compliance officers, and in-house counsel who need defensible investigation skills.

Participants earn continuing education credits applicable to SHRM and HRCI recertification.

👉 Enroll in the Internal Investigations Certificate Program today and build the skills to handle your organization’s most sensitive situations with confidence.