Skip to content
Home » Can I Sue My Employer for Leaking My Personal Information?

Can I Sue My Employer for Leaking My Personal Information?

Law

If you’ve found out that your employer leaked your personal information, it can feel like a punch in the gut. You trusted your workplace to keep your details private, and now that trust is broken. Whether it was your health records, financial information, or even personal life details, having that information exposed can leave you feeling violated, embarrassed, and even unsafe.

You might be wondering:
Can I sue my employer for this?
 The short answer is: Yes, in many cases you can. But there’s more to it than just filing a lawsuit. The law has rules about what counts as a violation, what evidence you need, and what kind of claims you can make.

This article will walk you through everything you need to know — in plain English — so you can decide on your next steps with confidence.

Why This Is Such a Big Deal

Your personal information isn’t just a bunch of random facts. It can reveal private things about your health, finances, beliefs, or personal life. Once it’s out there, you can’t take it back.

Leaked personal information can lead to:

  • Embarrassment or emotional distress (people knowing things you wanted private)
  • Financial harm (identity theft, fraud, ruined credit)
  • Job-related problems (loss of opportunities or harassment at work)
  • Safety concerns (stalking, threats, or discrimination)

That’s why the law takes certain kinds of privacy breaches seriously — and why you might have the right to take legal action.

What Counts as “Personal Information”?

Personal information can mean different things in different laws, but here are common examples:

  • Health information (medical history, diagnoses, disabilities, test results)
  • Financial data (Social Security number, credit card details, bank account numbers)
  • Employment records (performance reviews, complaints, commendations)
  • Criminal background information
  • Genetic information
  • Memberships or affiliations (religious, political, or support groups like Alcoholics Anonymous)

Not every piece of personal information is legally protected — but when it is, your employer has a duty to keep it safe.

When Your Employer Can Disclose Information

It’s important to understand that not every disclosure is illegal. Employers can share certain information if:

  • It’s required by law (for example, to comply with a court order or government investigation).
  • There’s a legitimate business reason (such as sharing emergency health info with medical staff to save your life).
  • You gave written consent for the disclosure.

For example:

  • If you work in a high-security job and your mental health poses a safety risk, your employer may legally share that with security personnel.
  • If you file for medical leave, your employer may tell your supervisor about the accommodations you need — but not all your medical details.

If the disclosure goes beyond these limits, that’s when legal problems for the employer begin.

When Disclosure Becomes Illegal

Disclosure may be illegal if:

  • It’s about your private life, not related to work.
  • It would be offensive to a reasonable person if made public.
  • There’s no legitimate public interest or business reason for sharing it.

Examples of illegal disclosures:

  • Telling co-workers you are HIV positive.
  • Revealing that you’re a member of a support group like Alcoholics Anonymous.
  • Sharing your salary history when it has nothing to do with the current work situation.
  • Publishing your Social Security number in an internal email to the whole office.

Common Legal Claims You Might Use

If you sue, you’ll need to base your lawsuit on an actual legal cause of action. Here are the most common ones used in cases like this:

1. Invasion of Privacy

This is a broad claim and can cover different types of wrongdoing:

  • Intrusion upon seclusion – Deliberately invading your private space or affairs.
  • Public disclosure of private facts – Sharing private info that most people would find offensive.
  • False light – Sharing misleading information that harms your reputation.
  • Appropriation of your name or likeness – Using your identity without permission (more common in marketing or advertising).

2. Negligence

If your employer failed to take reasonable steps to protect your data (for example, not securing personnel files or leaving medical records on a shared drive), you may be able to sue for negligence.

3. Breach of Confidentiality

If your employer promised — in writing or in policy — to keep certain information confidential and broke that promise, you may have a breach of confidentiality case.

4. Violations of Specific Laws

  • Americans with Disabilities Act (ADA) – Requires employers to keep disability-related info confidential.
  • Family and Medical Leave Act (FMLA) – Protects medical records related to leave requests.
  • Genetic Information Nondiscrimination Act (GINA) – Prohibits sharing genetic information.
  • State privacy laws – Many states have their own rules protecting employee information.

5. Intentional Infliction of Emotional Distress

If the disclosure was malicious and caused severe emotional harm, you might have a claim for emotional distress.

What About HIPAA?

A lot of people think HIPAA (Health Insurance Portability and Accountability Act) automatically protects them from their employer leaking health information. That’s only true in certain situations.

HIPAA usually applies to:

  • Healthcare providers
  • Health plans
  • Health plan administrators

If your employer is acting as your health plan administrator (such as managing a group health insurance plan), HIPAA rules may apply. But if your employer learned your health info directly from you (not through a health plan), HIPAA often doesn’t apply — though other laws might.

How to Prove Your Case

To win a lawsuit, you’ll need evidence. Start gathering it as soon as possible.

Useful evidence includes:

  • Written policies (employee handbook, confidentiality agreements)
  • Emails or messages showing the disclosure
  • Witness statements from people who heard or saw what happened
  • Proof of harm (medical bills, credit monitoring costs, therapy receipts, lost wages)
  • Records of complaints you made internally or externally

Even if you’re not ready to sue yet, having this documentation will help an attorney evaluate your case.

What You Can Do Before Filing a Lawsuit

1. Talk to an Employment Attorney

An attorney can tell you if you have a strong case, what laws apply, and whether to negotiate or sue. Many offer free consultations.

2. File a Complaint with a Government Agency

Depending on the type of information leaked:

  • EEOC – If it involves discrimination or harassment related to a disability, gender, race, etc.
  • State labor department – For violations of state privacy or labor laws.
  • HHS Office for Civil Rights – For HIPAA-related complaints.

3. Use Internal Channels

Sometimes a disclosure is accidental and can be addressed internally. Filing an internal complaint also creates a paper trail.

Damages You Might Recover

If you win your lawsuit, you might be able to recover:

  • Economic damages – Money lost due to the leak (stolen funds, identity theft costs, lost wages).
  • Non-economic damages – Pain, suffering, and emotional distress.
  • Punitive damages – Extra money meant to punish the employer for bad behavior.
  • Attorney’s fees – In some cases, the employer may have to pay your legal costs.

Special Rules for Government Employees

If you work for a government agency, you may have extra protections under your state constitution. For example, some states (like Arizona) specifically protect against the disturbance of “private affairs” without legal authority. This can make it easier to hold a government employer accountable.

Realistic Expectations

While it’s possible to sue, not every case will be worth it. Sometimes:

  • The harm is minimal, and the cost of suing outweighs the benefit.
  • The disclosure was legal or protected under an exception.
  • It’s hard to prove the leak caused your damages.

That’s why talking to an attorney early is key — they can help you decide whether to settle, file a complaint, or go to court.

Steps to Protect Yourself Going Forward

Even if you’re dealing with a leak now, you can take steps to reduce future risk:

  1. Limit what you share – Only provide personal information that’s truly necessary.
  2. Ask about confidentiality policies before giving sensitive details.
  3. Keep your own records – Store copies of important forms, agreements, and communications.
  4. Monitor your credit – Use free credit reports or paid monitoring to catch misuse early.
  5. Document any concerns – Keep notes if you suspect your employer is mishandling your data.

Final Thoughts

If your employer has leaked your personal information, you have every right to feel angry, hurt, and worried. This is more than just “office gossip” — it’s a breach of trust that can cause real harm to your life, finances, and career.

The good news is, the law does provide protections in many situations. Whether through a lawsuit, a government complaint, or a negotiated settlement, you have options to hold your employer accountable.

The first step is understanding your rights — and now you do. The next step is deciding how to use them.

If you’re in this position right now, don’t wait. Talk to an employment attorney, gather your evidence, and take action. Your personal information is exactly that — personal — and you have the right to protect it.