It feels reasonable to claim that part of the reason that coaching works boils down to the fact that the coaching conversation remains confidential. That confidentiality increases trust, which leads to greater disclosure, enabling greater insights.
And that confidentiality remains important when technology enters the picture – perhaps it even becomes more important, as the risk of someone else being able to listen in potentially increases.
When meeting someone remotely, or when relying on some sort of platform to connect us in the first place, the natural tendency is to rely on the confidentiality built into the technology, but it’s important to draw a distinction between three different concepts here.
When we say to a coachee that we’ll hold the contents of a coaching conversation confidential (with certain valid exceptions of course), that means no-one else will find out what we discussed. Even if someone asks us, we won’t break that confidentiality.
The trust from the coachee in our unwillingness to break confidentiality is directly proportionate to how much value they’ll get from the coaching. And yet introducing technology in the form of capturing coaching goals and notes, or using audio or video communications technology, automatically changes the landscape. Suddenly, the question isn’t how willing we are as coaches to break confidentiality, but what job roles those people have.
Here’s why: a technology system needs people with elevated access privileges in order to make it work. If you forget your password, the only person who can help you is someone with an account that grants them the ability to bypass that control. And that means, no communications technology is confidential.
There are hypothetical exceptions to that – WhatsApp, for example, uses “zero knowledge encryption”, or “end to end encryption”, meaning that apart from the authorized users, no-one else can read your messages. But this isn’t perfect – tricking the system into thinking you’re a different user would grant you access to read their messages, and all encryption can be unencrypted.
Privacy, while extremely important, is quite different from confidentiality. In the world of technology, the word “privacy” means “compliance with data protection regulations”, the most significant of which would be the EU’s General Data Protection Regulation, or GDPR.
Under these regulations, if it’s reasonable for you to have access to personal data and you’re given permission, however sensitive, it’s fine for you to have it. For example, plenty of organizations automatically record all phone conversations to use them as part of compliance exercises, performance reviews, and training case studies. Anyone in any of the teams involved in those activities, as well as the team that provides technical support for the phones, may therefore have access to listen to the phone conversations.
To summarize: confident compliance with GDPR and its global equivalents is not at all the same as confidentiality.
At a more technical level, providers will talk with much greater certainty around their security measures. Firewalls, intrusion prevention, encryption, anti-malware, biometrics, multifactor authentication…it’s a rich and complex world, full of acronyms and in-jokes.
And this is what we have to pin our hopes on from a practical perspective – privacy is based on good principles and rules, while security is far more tangible and operational. It’s within this sphere that the 1s and 0s making up an email become garbled by an encryption tool (when they’re encrypted – they often aren’t).
But again, this doesn’t mean confidentiality. It’s easy to trip into the comfortable snare of information security controls, but high levels of security aren’t the same as confidentiality.
Think about it like this:
- Confidentiality is writing a full transcription of a coaching session, locking it in a box only you have the key to, and burying that box somewhere only you know exists within a building only you have access to.
- Security is pinning that transcription on a notice board inside a locked room that ten people have a key to, only two of whom you know.
Like privacy, security is a good thing – we’re not live-streaming our coaching sessions to the world – but it isn’t the same as the conversation being confidential, and given the sensitive nature of some of what can come up in coaching, we should bear that in mind.
So, what can we do?
Where we find ourselves is at a point where pragmatism forces us to make some trade-offs. We can die on the hill of confidentiality, in practice meaning we opt to never coach someone, or we can choose to make some compromises, in an informed and transparent way. So here are some practical steps:
- Find out what security and privacy looks like within the technology tools we’re using. If we know where the weak spots are, we can mitigate those areas, and perhaps change to alternative tools that are more appropriate.
- Share the situation with our coachees. Would they get more value from the coaching if they felt more confident and in control of the confidentiality aspects?