UK Employee Reference Letters: What Employers Can and Can’t Say

When you’re running a small business, you’ll probably be asked to provide an employee reference letter sooner or later. It might be for a departing team member, a former intern, or an employee moving on to a new opportunity.

On the surface, it feels simple: write a few lines about what they did and when they worked for you.

But references can create real legal and practical risk for employers - especially if you accidentally say too much, say something misleading, or share information you shouldn’t. The good news is that with a sensible process (and the right wording), you can provide helpful references without exposing your business.

This guide breaks down what you can and can’t say in a UK employee reference, what legal issues to watch for, and how to put a simple reference process in place that your team can follow confidently.

Do Employers Have To Provide A Reference Letter In The UK?

In most cases, there’s no general legal duty to provide a reference letter for an employee or ex-employee.

That said, there are a few important exceptions and practical realities:

• Contractual obligations: Sometimes an Employment Contract or settlement terms may require you to provide a reference (often with agreed wording).
• Regulated sectors: Some industries have regulatory rules or expectations around references and information sharing (for example, certain roles in financial services). What’s required varies by sector and role, and there may be specific duties around fitness/propriety or safeguarding.
• Consistency and fairness: Even when you don’t “have to”, refusing a reference in a way that looks inconsistent or targeted can create employee relations problems (and in some cases legal risk).

If you’re thinking “can we just refuse all references?”, it’s sometimes possible - but it’s not always the best approach. There are also situations where refusing might not be sensible (for example, where you’ve historically given references, or where a refusal could look retaliatory).

If you’re unsure, it’s worth checking your internal policy and past practice, and getting advice on whether refusing a reference in your particular scenario could create risk.

What Legal Risks Come With Writing A Reference Letter?

A reference letter is usually short - but it can still carry legal weight. The main risks tend to fall into a few buckets.

Negligent Misstatement (Saying Something Inaccurate Or Misleading)

If you provide a reference that is careless and a new employer reasonably relies on it, your business could face a claim if it turns out the reference was misleading and causes loss.

This can cut both ways:

• Overly positive references that omit serious, relevant concerns you knew about (for example, substantiated misconduct) can create risk.
• Overly negative references that exaggerate or imply misconduct without evidence can also cause problems.

The practical takeaway: stick to what you can prove, and avoid speculation.

Defamation (Damaging Someone’s Reputation)

References are a common area where employers worry about defamation. In simple terms, defamation risk can arise if you publish a statement about someone that harms their reputation and you can’t justify it.

Employers sometimes assume “it’s confidential so it doesn’t count”. But references are still written communications shared with a third party, so you should treat them carefully.

A safer approach is to:

• Keep language factual and evidence-based
• Avoid emotive labels (“untrustworthy”, “lazy”, “toxic”)
• Avoid implying misconduct unless it’s supported by findings and it’s appropriate to disclose

Discrimination And Victimisation Risk

References can create discrimination risk if the content (or your decision to give/refuse a reference) is influenced by a protected characteristic, such as age, disability, race, sex, religion, pregnancy/maternity, or sexual orientation.

This can also show up as victimisation, for example where an employee has raised a grievance or tribunal claim and then receives an unfairly poor reference because of it.

The safest practice is to use a standard process, keep references consistent, and avoid including anything unrelated to their role.

Data Protection (UK GDPR And The Data Protection Act 2018)

A reference letter typically includes personal data (name, job title, performance information, dates of employment). That means UK GDPR and the Data Protection Act 2018 matter.

Key practical points for small business employers:

• Only share what’s necessary for the purpose of the reference.
• Keep it secure (send to a verified email address, limit access internally).
• Be careful with sensitive data (for example, health information or disciplinary allegations).
• Have a clear internal process so managers aren’t freelancing with personal data.

Even if you don’t have a huge HR team, getting your data handling foundations right (including a GDPR package that matches how you actually operate) can save a lot of stress later.

What Can You Include In A Reference Letter (Safely)?

If you want the safest route, the most common approach is a factual reference.

A factual reference letter typically confirms objective, verifiable information, such as:

• Employee’s full name
• Job title(s)
• Dates of employment (start date and end date)
• Employment status (full-time/part-time)
• Brief description of duties (high-level)
• Optional: final salary (only if you’re comfortable and it’s requested/necessary)

This style of reference is popular with small businesses because it’s low risk and quick to produce. It also avoids getting dragged into subjective debates about performance or personality.

In many cases, a factual reference is enough for the hiring employer to tick their compliance boxes, especially where the candidate is also providing interviews, portfolios, and other references.

Can You Include Performance Comments?

Yes - but you need to be careful.

If you choose to include performance comments in a reference letter, aim for wording that is:

• True: you genuinely believe it, and you can justify it
• Fair: not cherry-picked or misleading
• Evidence-based: consistent with performance reviews, KPIs, or documented feedback
• Proportionate: you’re not including irrelevant information

A good middle ground can be a short, balanced sentence that reflects documented reality, such as:

• “They met the requirements of their role and worked reliably within our customer support team.”
• “They consistently achieved agreed monthly targets during their employment.”

Avoid “hidden meaning” phrases that can be interpreted as coded negativity (for example, “we confirm employment only”). If you’re doing a factual reference, it’s better to be transparent about that policy.

Should You Mention Sickness Absence Or Health?

Generally, avoid including health information in a reference letter unless there is a very clear lawful reason and it’s strictly necessary.

Health information is typically “special category data” under UK GDPR, and it can also link into disability discrimination risk. Even well-intentioned comments can cause issues (for example, trying to “explain” a performance issue by referring to an employee’s health).

If the new employer asks about sickness absence, tread carefully. Often the right response is to provide a factual reference and decline to go further unless you’ve taken advice - and only disclose anything additional where you have a clear lawful basis, it’s fair and accurate, and it’s genuinely relevant to the role.

What Should You Avoid Saying In A Reference Letter?

Knowing what not to include is just as important as knowing what you can include.

Unproven Allegations Or “Rumours”

A reference letter is not the place for “we heard that…” or “there were concerns that…” unless:

• there were formal findings, and
• you have clear records, and
• it’s appropriate and necessary to disclose (often after taking advice).

If something was alleged but not proven, including it can be unfair and risky.

Subjective Or Emotional Descriptions

Avoid loaded character statements that you can’t evidence. Examples include:

• “They were dishonest.”
• “They had a bad attitude.”
• “They were a nightmare to manage.”

If there’s a legitimate performance or conduct issue you need to reflect, anchor it in facts and documentation, or consider sticking to a factual reference.

Confidential Business Information

Be careful not to disclose:

• Client lists
• Confidential projects
• Internal investigations
• Commercially sensitive issues

Even if the employee has left, your duties around confidentiality don’t disappear. A casual reference letter is an easy place for a busy manager to overshare and create unnecessary risk - especially if you’ve had confidentiality breaches in the past and you’re already on alert.

Anything Inconsistent With Your Own Records

If your reference letter says “excellent performance”, but you have performance management records showing serious concerns, you’re creating a mismatch that can come back to bite you.

That’s one reason it’s so important to have proper performance documentation and a clear HR process (even a lightweight one). If you use tools like performance improvement plans, they should be run carefully and consistently - otherwise references become much harder to get right.

How To Set Up A Simple, Low-Risk Reference Process In Your Business

Small businesses often run into trouble with references because there’s no consistent process. One manager says yes, another says no, someone uses a personal email, someone else writes a two-page character testimonial.

A simple internal system can reduce your risk quickly.

1) Decide Your Default Reference Type (Factual vs Detailed)

Most SMEs choose one of these approaches:

• Factual only: safest and easiest to apply consistently.
• Factual by default, detailed only in limited cases: for example, where HR approves and there’s strong documentation.

Once you decide, write it down as a policy and apply it consistently.

2) Centralise Who Is Allowed To Give References

Ideally, references should be given by:

• HR (if you have HR)
• The business owner/director
• A nominated manager with a template to follow

This helps avoid “informal references” and prevents managers from accidentally creating legal risk in off-the-cuff emails.

It also helps to remind managers that emails can be legally significant - a quick message sent without thinking can still be relied on later.

3) Use A Template Reference Letter (And Stick To It)

A good template reference letter should include:

• Who the reference is addressed to (and “To Whom It May Concern” as a fallback)
• Employee name
• Job title and dates of employment
• Optional: short description of duties
• A clear limitation statement (see below)
• Name, role and signature of the authorised referee

If you want managers to follow the process, the template needs to be short and easy.

4) Add Sensible “Protection” Wording (Without Overdoing It)

Many employers add wording to clarify the limits of the reference, such as:

• that it’s given in good faith
• that it’s based on company records
• that it’s confidential to the recipient

Be aware: disclaimers don’t automatically remove all risk - but they can help set expectations and reinforce that the reference is limited in scope.

5) Treat Reference Requests As Part Of Your Wider HR Foundations

References don’t exist in a vacuum. They connect to:

• Your employment documentation
• Your disciplinary and performance procedures
• Your confidentiality expectations
• Your data protection compliance

If you’re hiring your first employees (or scaling up), it’s worth getting these foundations right early with proper Workplace Policy documents so you’re not improvising later when reference requests land on your desk.

Key Takeaways

• An employee reference letter can create legal risk for employers if it’s misleading, inconsistent with records, or includes unnecessary personal data.
• In most cases, employers don’t have a general legal duty to provide a reference, but contracts, regulated sectors, and consistency can matter.
• A factual reference (job title, dates, and basic duties) is usually the safest option for small businesses.
• Avoid including unproven allegations, subjective character judgments, health information, or confidential business details.
• Set up a simple internal process: decide your approach, nominate who can give references, and use a template for consistency.
• References involve personal data, so keep UK GDPR principles in mind - only share what’s necessary and keep it secure.

Note: This article is general information only and isn’t legal advice. If you’d like advice on your situation, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.