{{org_field_logo}}
{{org_field_name}}
Confidentiality — General Organisation Policy
Note:
This policy template provides a general framework to be adapted by any organisation. It could be used for administrative staff and sections in a care organisation to complement the respective policies on the care issues.
[{{org_field_name}}] hereinafter referred to as “the Organisation” is committed to providing a confidential service to its users. No information given to the Organisation will be shared with any other organisation or individual without the user’s express permission.
This policy sets out how the Organisation expects its employees to treat confidential information — see below for definition of this term. It applies to all employees and workers and to [delete as appropriate] board members, investors and volunteers who may have access to confidential information and personal data.
Confidential Information
Confidential information means personal communication or information relating to an organisation’s business that is unknown to the public and only shared between a few people. This information comes into the possession of the Organisation through its work.
Common examples of confidential information include, but are not limited to, the following.
- Unpublished financial information.
- Customer lists and data.
- Intellectual property, such as patents, formulas and new technologies.
- Data from external parties.
- Business and product information, such as pricing, marketing and other strategies.
- Documents marked confidential.
- Unpublished goals and forecasts marked confidential.
{{org_field_name}} holds personal data about its staff, users, members, etc which will only be used for the purposes for which it was gathered and will not be disclosed to anyone outside of the organisation without prior permission in accordance with the Data Protection Act 2018.
Obligations on Employees
- All confidential information should be locked or secured at all times. It should not be taken outside the Organisation’s premises.
- All paper-based and electronic data should be stored in accordance with the principles and guidance of the Data Protection Act 2018.
- Information should only be disclosed to others when authorised by senior management.
- Confidential information should not be used for personal profit or benefit.
- Confidential information must not be replicated and stored on insecure devices.
- These restrictions will continue to apply even after the employee has stopped working for the Organisation.
All personal data will be dealt with sensitively and in the strictest confidence internally and externally.
Breaches of Confidentiality
The Organisation recognises that occasions may arise where individual workers feel they need to breach confidentiality. Confidential or sensitive information relating to an individual may be divulged where there is risk of danger to the individual, a volunteer or employee, or the public at large, or where it is against the law to withhold it. For example, information may be divulged to external agencies such as the police or social services. Where a worker/employee feels confidentiality should be breached, they should raise the matter immediately with their Line Manager who will discuss the options available and decide whether confidentiality should be breached.
The duty of confidentiality is always subject to the legal requirements of the Public Disclosure (“Whistleblowing”) Act 1998, provided any disclosure is made in accordance with the provisions of this Act.
Consequences of Wilful Breach
An employee or worker who wilfully breaches these confidentiality guidelines will face disciplinary action under the Organisation’s disciplinary procedures. The breach or breaches may constitute potential gross misconduct which may result in dismissal and legal action.
The policy is binding on individuals even after they have left the Organisation’s employment.
Training and Review
All existing and new employees and workers will be made aware of this confidentiality policy through induction and further training.
Legislative Framework
The Organisation will monitor this policy to ensure it meets statutory and legal requirements including the Data Protection Act 2018, and the General Data Protection Regulation, the Public Disclosure Act 1996, the Employment Rights Act 1996, the Children’s Act 2004, the Rehabilitation of Offenders Act 1974 and the Prevention of Terrorism Act 2005. Training on the policy will include these aspects.
Note:
The Confidentiality Policy could also state that the following clauses be included in any confidentiality or non-disclosure agreement (now frequently used in business) between the Organisation and a member of its staff, aimed at protecting information and specifying specific uses for disclosed information. This might be necessary where sensitive information needs to be shared and would provide legal remedies if there is any release of confidential information. The clauses are as follows.
- A non-compete clause, prohibiting the recipient of the information from starting a competing company or divulging confidential information to a competitor.
- A non-solicit clause, prohibiting the recipient from poaching employees from the Organisation.
If an employer does wish to include these clauses, legal advice should always be sought. Both clauses will be time-limited.
Note: This model Confidentiality Policy provides general guidelines; legal advice should be sought on further specific issues.
Responsible Person: {{org_field_registered_manager_first_name}} {{org_field_registered_manager_last_name}}
Reviewed on: {{last_update_date}}
Next review date: this policy is reviewed annually (every 12 months). When needed, this policy is also updated in response to changes in legislation, regulation, best practices, or organisational changes.
Copyright ©2024 {{org_field_name}}. All rights reserved