{"id":760,"date":"2026-07-08T15:34:42","date_gmt":"2026-07-08T15:34:42","guid":{"rendered":"https:\/\/www.derbyshiredomesticabusehelpline.co.uk\/?page_id=760"},"modified":"2026-07-08T15:47:03","modified_gmt":"2026-07-08T15:47:03","slug":"confidentiality-policy-2","status":"publish","type":"page","link":"https:\/\/www.derbyshiredomesticabusehelpline.co.uk\/pl\/confidentiality-policy-2\/","title":{"rendered":"Polityka poufno\u015bci"},"content":{"rendered":"<h2 class=\"wp-block-heading\">Polityka poufno\u015bci<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Reviewed:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 07\/12\/2025<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Due:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a007\/12\/2027<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>1. Introduction<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Elm Foundation is committed to protecting all personal, sensitive, and confidential information it holds, processes, or shares. This Confidentiality Policy outlines the legal, ethical, and operational requirements that apply to all employees, volunteers, contractors, and students.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This version strengthens compliance with:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>UK GDPR and Data Protection Act 2018<\/li>\n\n\n\n<li>Common Law Duty of Confidentiality<\/li>\n\n\n\n<li>Human Rights Act 1998 (Article 8)<\/li>\n\n\n\n<li>Computer Misuse Act 1990<\/li>\n\n\n\n<li>ICO Codes of Practice<\/li>\n\n\n\n<li>Safeguarding legislation (Children and Adults)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The organisation is legally and ethically required to ensure that confidential information is protected from unauthorised disclosure, accidental loss, misuse, or inappropriate access. This duty applies to all employees, regardless of role.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>2. Zakres<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Niniejsza polityka dotyczy:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All employees (permanent and temporary)<\/li>\n\n\n\n<li>Volunteers, trustees, students, and contractors<\/li>\n\n\n\n<li>Any person who accesses confidential information in the course of their duties<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">It covers all forms of information, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Paper and electronic records<\/li>\n\n\n\n<li>Verbal information<\/li>\n\n\n\n<li>Emails, messaging systems, recorded media<\/li>\n\n\n\n<li>Mobile phones, laptops, tablets, USB devices<\/li>\n\n\n\n<li>Photographs, CCTV, and digital images<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>3. Roles and Responsibilities<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">3.1 Chief Executive (CEO)<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Holds ultimate accountability for compliance with confidentiality and information governance<\/li>\n\n\n\n<li>Acts as Senior Information Risk Owner (SIRO)<\/li>\n\n\n\n<li>Signs off organisational decisions relating to information risk<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">3.2 Head of Operations<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensures this policy is embedded across operational systems<\/li>\n\n\n\n<li>Oversees compliance and ensures breaches are escalated<\/li>\n\n\n\n<li>Ensures employees have appropriate training and supervision<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">3.3 Service Managers<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure employees contracts include confidentiality clauses<\/li>\n\n\n\n<li>Provide induction and ongoing supervision covering confidentiality<\/li>\n\n\n\n<li>Report breaches immediately<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">3.4 All Employees<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Every employee must:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Complete confidentiality and GDPR training<\/li>\n\n\n\n<li>Follow all organisational policies and legal requirements<\/li>\n\n\n\n<li>Always safeguard confidential information<\/li>\n\n\n\n<li>Report breaches or concerns immediately<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">A breach of confidentiality may result in disciplinary action up to and including dismissal and may lead to civil or criminal proceedings.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>4. Key Principles of Confidentiality<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">All employees must adhere to the following:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>Confidential information must be always protected.<\/li>\n\n\n\n<li>Access must only occur on a strict &#8216;need-to-know&#8217; basis.<\/li>\n\n\n\n<li>Information must only be used for the purpose for which it was collected.<\/li>\n\n\n\n<li>Information sharing must be lawful, minimal, justified, and documented<strong>.<\/strong><\/li>\n\n\n\n<li>All decisions to share or disclose must be recorded.<\/li>\n\n\n\n<li>Concerns about sharing must be escalated to a manager, Head of Operations, or CEO.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">The organisation must always be able to justify any decision to share information.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>5. Information Handling and Security Requirements<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Employees must ensure:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Workspaces are kept clear<\/li>\n\n\n\n<li>Confidential documents are stored in locked locations when not in use<\/li>\n\n\n\n<li>Electronic information is stored on authorised, encrypted systems only<\/li>\n\n\n\n<li>No confidential information is saved to personal devices<\/li>\n\n\n\n<li>Personal email accounts are never used for work information<\/li>\n\n\n\n<li>Printed confidential documents are shredded.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Employees must never:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Leave records visible or unattended<\/li>\n\n\n\n<li>Discuss confidential matters in public or open spaces<\/li>\n\n\n\n<li>Share passwords or allow others to use their login<\/li>\n\n\n\n<li>Access records out of curiosity or without legitimate purpose<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Unauthorised access is gross misconduct and may be a criminal offence.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>6. Disclosing Personal or Confidential Information<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Information must only be disclosed when one of the following conditions applies:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">6.1 With Consent<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Valid, informed, written consent from the individual<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">6.2 When Required by Law<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Court orders, statutory requests, or legal duties<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">6.3 Safeguarding<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Where a child or adult is at risk of harm<\/li>\n\n\n\n<li>MARAC or safeguarding referrals<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">6.4 Public Interest<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>To prevent serious crime or risks to the public<\/li>\n\n\n\n<li>Must be authorised by a Head of Service<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">6.5 Anonymised Data<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Information anonymised in accordance with ICO standards<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">All disclosures must be appropriately recorded and justified.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>7. Working Remotely or Offsite<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Employees working away from organisational premises must:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Minimise the amount of confidential information taken offsite<\/li>\n\n\n\n<li>Ensure documents are kept in sealed, non-transparent holders<\/li>\n\n\n\n<li>Always keep confidential material on their person while travelling<\/li>\n\n\n\n<li>Store documents securely at home (e.g., locked drawer)<\/li>\n\n\n\n<li>Never leave documents visible in cars, public areas, or shared homes<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Electronic devices must:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Be encrypted<\/li>\n\n\n\n<li>Never be shared with family members<\/li>\n\n\n\n<li>Be locked when not in use<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The removal of physical documents from premises must be pre-approved by a manager.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>8. Carelessness and Avoidable Breaches<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Employees may be personally liable for breaches caused by carelessness.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Examples include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Leaving records unattended<\/li>\n\n\n\n<li>Failing to lock screens<\/li>\n\n\n\n<li>Discussing confidential information where others may overhear<\/li>\n\n\n\n<li>Losing devices containing sensitive information<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Password sharing or leaving systems logged in is gross misconduct and may lead to dismissal.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>9. Abuse of Privilege<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Under no circumstances may employees:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Access records of friends, family, or acquaintances<\/li>\n\n\n\n<li>Access information out of personal curiosity<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Such access is:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A breach of contract<\/li>\n\n\n\n<li>A breach of the Data Protection Act 2018<\/li>\n\n\n\n<li>Potentially a criminal offence under the Computer Misuse Act 1990<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Audits will be conducted to identify inappropriate access.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>10. Reporting Breaches<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">All employees must report confidentiality breaches immediately to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Their Service Manager<\/li>\n\n\n\n<li>Head of Operations<\/li>\n\n\n\n<li>CEO (all breaches must be brought to the CEO&#8217;s attention)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Reportable breaches include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Unauthorised system access<\/li>\n\n\n\n<li>Loss or theft of documents or devices<\/li>\n\n\n\n<li>Mis-sent emails<\/li>\n\n\n\n<li>Unlawful disclosures<\/li>\n\n\n\n<li>Password sharing<\/li>\n\n\n\n<li>Incorrect disposal of confidential waste<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>11. Training<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">All employees must complete:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Induction confidentiality training<\/li>\n\n\n\n<li>GDPR refresher training<\/li>\n\n\n\n<li>Additional training where role-specific risks apply<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Training compliance will be monitored.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>12. Monitoring and Audit<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Compliance with this policy will be monitored through:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Internal audits<\/li>\n\n\n\n<li>External audits by commissioners and accreditation bodies<\/li>\n\n\n\n<li>Line management oversight<\/li>\n\n\n\n<li>Incident reports and lessons learned<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Audit findings will be reviewed by the Board of Trustees.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>13. Dos and Don\u2019ts<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Do:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Protect all personal and confidential information<\/li>\n\n\n\n<li>Validate identity before sharing information<\/li>\n\n\n\n<li>Share the minimum necessary<\/li>\n\n\n\n<li>Record decisions to share without consent<\/li>\n\n\n\n<li>Report breaches immediately<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Don\u2019t:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Share information without lawful basis<\/li>\n\n\n\n<li>Store confidential material at home unless authorised<\/li>\n\n\n\n<li>Use personal devices for organisational work<\/li>\n\n\n\n<li>Keep information longer than necessary<\/li>\n\n\n\n<li>Forward work emails to personal accounts<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>14. Appendices (Retained and Expanded)<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Appendix A: Legislation Summary<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Appendix B: Examples of Breaches<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Appendix C: Definitions<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Appendix A<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Elm Foundation is obliged to abide by all relevant UK and European Union<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">legislation. The requirement to comply with this legislation shall be devolved to<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">employees of The Elm Foundation, who may be held personally accountable for any<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">breaches of information security for which they may be held responsible. The Elm<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Foundation shall comply with the following legislation and guidance as appropriate:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">GDPR and DPA 2018<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Regulate the use of \u201cpersonal data\u201d and sets out six principles to ensure that<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">personal data is:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">1. Processed lawfully, fairly and in a transparent manner in relation to individuals<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">2. Collected for specified, explicit and legitimate purposes and not further<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">processed in a manner that is incompatible with those purposes; further<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">processing for archiving purposes in the public interest, scientific or historical<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">research purposes or statistical purposes shall not be considered to be<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">incompatible with the initial purposes<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">3. Adequate, relevant and limited to what is necessary in relation to the<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">purposes for which they are processed<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">4. Accurate and where necessary kept up to date<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">5. Kept in a form which permits identification of data subjects for no longer than<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">is necessary for the purposes for which the personal data are processed<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">6. Processed in a manner that ensures appropriate security of the personal data,<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">including protection against unauthorised or unlawful processing and against<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">accidental loss, destruction or damage, using appropriate technical or<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">organisational measures.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa The duty to share information can be as important as the duty to protect<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">patient confidentiality<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Article 8 of the Human Rights Act (1998)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Refers to an individual\u2019s \u201cright to respect for their private and family life, for their<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">home and for their correspondence\u201d. This means that public authorities should take<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">care that their actions do not interfere with these aspects of an individual\u2019s life. 11<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>The Computer Misuse Act (1990)<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Makes it illegal to access data or computer programs without authorisation and<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">establishes four offences:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Unauthorised access to data or programs held on a computer e.g. to obtain or<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">view information about friends and relatives.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Unauthorised access with the intent to commit or facilitate further offences<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">e.g. to commit fraud or blackmail.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Unauthorised acts with intent to impair, or with recklessness so as to impair,<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">the operation of a computer e.g. to modify data or programs held on computer<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">without authorisation; and<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Making, supplying or obtaining articles for use in offences 1-3<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Common Law Duty of Confidentiality<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Information given in confidence must not be disclosed without consent unless there<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">is a justifiable reason e.g. a requirement of law or there is an overriding public<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">interest to do so.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Appendix B<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>What should be reported?<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Misuse of personal data and security incidents must be reported so that steps can be<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">taken to rectify the problem and to ensure that the same problem does not occur<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">again.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">All breaches should be reported to a Service Manager, Head of Operations or CEO.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The CEO should be informed of all breaches.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If employees are unsure whether a particular activity amounts to a breach of an information<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">governance or IT security policy, they should discuss their concerns with their<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Service manager. The following list gives examples of breaches of this policy which<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">should be reported:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Sharing of passwords<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Unauthorised access to systems either by employees or a third party<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Unauthorised access to person-identifiable information where the member of<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">employees does not require access or have a need to know 12<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Disclosure of person-identifiable information to a third party where there is no<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">justification and you have concerns that it is not in accordance with data<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">protection legislation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Sending person-identifiable or confidential information in a way that breaches<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">confidentiality<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Leaving person-identifiable or confidential information lying around in a public<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">area<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Theft or loss of person-identifiable or confidential information<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Disposal of person-identifiable or confidential information in a way that<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">breaches confidentiality i.e. disposing of person-identifiable information in an<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">ordinary waste paper bin.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Seeking Guidance<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It is not possible to provide detailed guidance for every eventuality. Therefore, where<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">further clarity is needed, the advice of a Service Manager should be sought.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Appendix C<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Person-identifiable information is anything that contains the means to identify a<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">person, e.g. name, address, postcode, date of birth, NHS number, National<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Insurance number etc. Any data or combination of data and other information, which<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">can indirectly identify the person, will also satisfy the definition.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Confidentiality<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A duty of confidence arises where one person discloses information to another (e.g.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">patient to clinician) in circumstances where it is reasonable to expect that the<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">information will be held in confidence.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Special categories of personal information (previously known as \u2018sensitive\u2019<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">personal data) as defined by GDPR and the DPA 2018 refers to personal<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">information about:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Race or ethnic origin<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Political opinions<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Religious or philosophical beliefs 13<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Trade union membership<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Genetic and Biometric data<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Health data<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Sexual history and\/or sexual orientation<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u25aa Criminal convictions data<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Non-person-identifiable information can also be classed as confidential such as<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">confidential business information e.g. financial reports; commercially sensitive<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">information e.g. contracts, trade secrets, procurement information, these should also<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">be treated with the same degree of care.<\/p>","protected":false},"excerpt":{"rendered":"<p>Confidentiality Policy Reviewed:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 07\/12\/2025 Due:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a007\/12\/2027 1. Introduction The Elm Foundation is committed to protecting all personal, sensitive, and confidential information it holds, processes, or shares. This Confidentiality Policy outlines the legal, ethical, and operational requirements that apply to all employees, volunteers, contractors, and students. This version strengthens compliance with: The organisation is legally and ethically [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"open","template":"","meta":{"footnotes":""},"class_list":["post-760","page","type-page","status-publish","hentry"],"meta_box":[],"_links":{"self":[{"href":"https:\/\/www.derbyshiredomesticabusehelpline.co.uk\/pl\/wp-json\/wp\/v2\/pages\/760","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.derbyshiredomesticabusehelpline.co.uk\/pl\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.derbyshiredomesticabusehelpline.co.uk\/pl\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.derbyshiredomesticabusehelpline.co.uk\/pl\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.derbyshiredomesticabusehelpline.co.uk\/pl\/wp-json\/wp\/v2\/comments?post=760"}],"version-history":[{"count":1,"href":"https:\/\/www.derbyshiredomesticabusehelpline.co.uk\/pl\/wp-json\/wp\/v2\/pages\/760\/revisions"}],"predecessor-version":[{"id":761,"href":"https:\/\/www.derbyshiredomesticabusehelpline.co.uk\/pl\/wp-json\/wp\/v2\/pages\/760\/revisions\/761"}],"wp:attachment":[{"href":"https:\/\/www.derbyshiredomesticabusehelpline.co.uk\/pl\/wp-json\/wp\/v2\/media?parent=760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}