Duty of Confidence Code of Practice
Total Page:16
File Type:pdf, Size:1020Kb
Version No: V4 Date: May 2018 Duty of Confidence Code of Practice MAY 2018 Duty of Confidence Details: Review Frequency: Date of last review: Date of next review: Every three years Created March 2018 to May 2021 replace Confidentiality Procedure Service number ID Manual: Information Management (Transformation and Partnerships) (if appropriate) Revision Approved Review Version Version ref Reviser History by Date Lawrence 31 March 2017 Draft Serewicz Paula 3 May 2018 Draft V2 Sheen Lawrence 4 May Draft V3 Serewicz Paula 11 May V4 Final IGG 22/5/18 May 2021 Sheen 2 22 MAY 2018 Duty of Confidence Contents 1. Introduction ...................................................................................................................................4 2. Purpose ..........................................................................................................................................4 3. Scope..............................................................................................................................................4 4. Responsibilities............................................................................................................. ................5 Specific other staff:..........................................................................................................................6 5. Confidentiality ...............................................................................................................................7 6. How to Ensure Confidentiality.....................................................................................................8 6.1 Anonymise Data............................................................................................................................9 6.2 Sharing of Information...................................................................................................................9 6.3 Information Sharing and Disclosure across Agencies ................................................................11 6.4 Disclosure Required by Law .......................................................................................................11 6.5 Disclosure with Consent ............................................................................................................12 6.6 Disclosure in the Public Interest..................................................................................................13 6.7 Disclosure to Elected Members or MP’s.....................................................................................14 6.8 Deceased Records.....................................................................................................................15 6.9 Telephone Conversations ..........................................................................................................15 6.11 Public Access Points................................................................................................................16 6.12 Security in Offices .....................................................................................................................16 6.13 Working Away from the Office Base .........................................................................................17 6.14 Confidentiality for anonymous referrers....................................................................................17 6.15 Transferring Confidential Information....................................................................................18 Use of E-Mail Systems..................................................................................................................18 Use of Postal Systems ..................................................................................................................18 6.16 Data used for Research and Statistical Purposes ...................................................................19 7 Breach of Confidence .................................................................................................................19 Related Documents.................................................................................................................... .........20 3 22 MAY 2018 Duty of Confidence 1. Introduction A duty of confidence arises when one person discloses information to another in circumstances where it is reasonable to expect that the information will be held in confidence e.g. information provided to your doctor or lawyer would be confidential. Confidentiality is a legal obligation that is derived from case law. The council handles a significant amount of personal and financial information that is confidential and some jobs have extra responsibilities regarding confidentiality because of the type of personal data they handle. Confidential information is important to the way we work since it represents the trust between our service users and the council. Our service users trust us to maintain confidentiality so that their personal lives are protected and their information is only shared where there is a legal basis to do so. At the same time, the duty of confidence gives assurance to council employees that the council will treat employee information with appropriate care. Within this circle of confidence and trust, the council is able to provide its services to the benefit of the public. All employees and agents who work for the Council are bound by a legal duty of confidence to protect confidential information they may come in contact with during the course of their work. This is not just a requirement of their contractual responsibilities but also a requirement of the common law duty of confidence and where this involves personal information, the Data Protection Act 2018 (DPA18). For some staff it is also a requirement of their professional code of conduct. 2. Purpose The purpose of this document is to provide an overall understanding of the duty of confidence. This includes how it works in practice, what needs to be done to safeguard confidentiality and the consequences should it be breached. As a corporate document, it will supplement and not supersede the duty of confidence requirements as set out by legislation, case law or professional practices. 3. Scope This policy applies to all full time and part time employees and to associated individuals who work for the Council including agency staff, contractors and others employed under a contract of service. The policy also applies to Members in their role as a Member of the Council. The policy covers all confidential information that the Council holds in any medium such as paper, CD/DVD, USB sticks, computer or even heard by word of mouth. 4 22 MAY 2018 Duty of Confidence 4. Responsibilities Members All elected members are to be made fully aware of this policy and of their duties and responsibilities to safeguard confidentiality. Members are also bound by the Members’ Code of Conduct and are their own data controllers for any case work linked to their duties. Staff All staff will be required to complete mandatory data protection training appropriate to their role and will be required to sign a confidentiality statement as follows: staff employed on a permanent, temporary or casual contract are required to sign an appropriate Statement of Particulars as part of their contract of employment which provides a written undertaking to conform to the provisions of this procedure. • Agency workers are required to sign a confidentiality statement within the De Poel agreement. • Students, Volunteers and Work experience must read and discuss this procedure with their manager and this must be recorded as part of their placement by completion of the SS432 (Appendix 1). • Researchers must sign up to the appropriate confidentiality agreements included within the relevant Research Approval Governance process Any breach of confidentiality, inappropriate use of service user records, staff records or business sensitive/confidential information, or abuse of computer systems is a disciplinary offence, which could result in dismissal or termination of employment contract, and must be reported. Corporate Management Team (CMT) CMT has overall responsibility for ensuring that staff comply with the Councils legal obligations regarding the handling of personal information and for the development of any service specific guidance for sharing of information. Senior Managers Senior Managers are responsible for ensuring that all staff are compliant with the requirements of the policy and that confidentiality and for advising, dealing with and monitoring any issues regarding disclosure or access to information. Team Managers All Team Managers must ensure that they know and understand this procedure and all related organisational procedures for access to personal records. They must be aware of the need to conform to these procedures and the actions agreed for sharing 5 22 MAY 2018 Duty of Confidence information. They are also responsible for ensuring their staff are aware of the requirements and should be the first point of contact for staff for the provision of advice and support on confidentiality issues. Information Management Team (IMT) The IMT based in Transformation and Partnerships provides the Data Protection liaison for the Council and will provide advice, guidance and support in relation to confidentiality and Data Protection issues. Legal Services Legal services will provide advice and guidance on legal issues to the Information Management Team – services should not seek legal advice direct without