INFORMATION SECURITY AND CONFIDENTIALITY POLICY
We fully abide to Data Protection Act 1998 by maintaining confidentiality and security of information. We acknowledge that our employees, volunteers, learners and other stakeholders will use information about individuals and organisations during the course of our service delivery. All information will be used for the purpose it has been collected and staff will take necessary steps to protect and securely store such information.
Data Protection Act Principles:
Information about individuals, whether on computer or on paper, falls within the scope of the Data Protection Act and must comply with the data protection principles. These are as follows:
- Obtained and processed fairly and lawfully.
- Held only for specified purposes.
- Adequate, relevant and not excessive.
- Accurate and up to date.
- Not kept longer than necessary.
- Processed in accordance with the Act.
- Kept secure and protected.
- Staffs are able to share information with their line manager where necessary to discuss issues and seek advice.
- Staff should avoid exchanging personal information about individuals with whom they have a professional relationship.
- Staff should avoid talking about organisations or individuals in social settings.
- Staff will treat information as confidential and will not disclose to anyone, other than their line manager, any information considered sensitive, personal, financial or private without the knowledge or consent of the individual, or an officer, in the case of an organisation.
- If it is necessary to discuss difficult situations with each other to gain a wider perspective on how to approach a problem the organisation’s consent must be sought before personal information enters into the discussion, unless it is beyond doubt that the organisation would not object to this.
Where there is a legal duty on Results to disclose information, the person to whom the confidentiality is owed will be informed that disclosure has or will be made.
Information about ethnicity and disability of users is kept for the purposes of monitoring our equal opportunities policy and also for reporting back to our partners.
Access and sharing of information
Information is confidential to Results as an organisation and may be passed to staff, managers and other partners to ensure the best quality service for users.
Where information is sensitive, i.e. it involves disputes or legal issues; it will be confidential to the employee dealing with the case and their line manager. Such information should be clearly labelled ‘Confidential’ and only nominated staff will be entitled to access the information and the name of the individual or group who may request access to the information.
Users may have access to their records held in their name or that of their organisation. The request must be in writing to the Director giving 15 days’ notice and be signed by the individual, or in the case of an organisation’s records, by the Chair or Executive Officer. Employees may have access of their personnel records by giving 7 days’ notice in writing to the Director.
Information will only be shared among our personnel and stakeholders on a need to know basis. Information will only be used for the purpose it has been collected. Should collected information required to be used for another purpose, the individual or organisation in question will be informed.
General non-confidential information about organisations is kept in unlocked filing cabinets with open access to all staff. Information about volunteers, learners, stakeholders and other individuals will be kept in filing cabinets by staff directly responsible.
All information deemed confidential will be stored in locked filling cabinets and for information stored on computers restricted users will be using password to access such information.
Employees’ personnel information will be kept in lockable filing cabinets and accessible only by authorised staff members.
Internal Verifiers and Assessors are responsible for:
- Maintaining the confidentiality and security of documentation and portfolios of evidence whilst in their possession
- Ensuring that candidate evidence and personal details are not left unattended in public areas, their working environment, cars or other forms of transport
- Using recorded mail delivery when posting confidential material
- Information to the centre coordinator of any failures to comply with this policy or possible instances of malpractice
Learners are responsible for:
- Not leaving portfolio evidence unattended in public places, within their working environment, cars or other of transport
- Maintaining client confidentiality through removing all names, addresses or identifying statements from portfolio evidence. For example, clients should be referred to as A, B OR C
- Seeking the permission of clients or their families before involving them in assessment process. If a client is unable to give their permission, then must be sought from appropriate personnel
Breach of confidentiality:
Employees who are dissatisfied with the conduct or actions of other colleagues should raise this with their line manager using the grievance procedure, if necessary, and not discuss their dissatisfaction outside the organisation.
Staff accessing unauthorised files or breaching confidentially may face disciplinary action. Ex-employees breaching confidentiality may face legal action.