SAMPLE DOCUMENT

CONFIDENTIALITY POLICY

DATE

Disclaimer: Framework (South East) Ltd. have taken all reasonable care in relation to the accuracy of the information in this document. The information is intended as a guide only and does not purport to be a legal interpretation. Framework Ltd does not make any warranties regarding the accuracy or completeness of the data.

Framework Ltd. recommends that when Centres require legal advice they should contact their own Solicitors/Legal Advisors and when Centres require information on child welfare and protection they contact the Child and Family Agency or the Gardaí.

1. THE PURPOSEOF THIS POLICY

The purpose of this Confidentiality Policy is to provide the Board, staff, volunteers and clients with the organisation an understanding of:

  • What confidentiality is;
  • Clear guidelines regarding handling of confidential information;
  • Prescribed limits of behaviour and assigned responsibilities in relation to confidentiality.

The Board of the ……………………… reserve the right to change the Policy and to expect adherence to the changed Policy.

Confidentiality is central and integral part of the organisation, it offers safety and privacy. Information given is held in strict confidence and in line with Data Protection Acts.

2. CONFIDENTIALITY

The Board, employees and volunteers are required at all times to maintain absolute

confidentiality in respect of matters which come to their knowledge in the course of

their work. This includes matters internal to the ……………………. and matters in

relation to Project users (unless there is a child protection issue). This

does not apply to communications made by them in the normal conduct of

work for the organisation or when specific consent to disclose information has been

given by the Board.

The following information outlines other situations where confidentiality would be

essential:

  • One to one conversations with users of the ………………………..;
  • Board meetings;
  • Support, Supervision and Appraisal discussions;
  • Files which are deemed confidential by the Board;
  • Meetings between staff;
  • Discussions in relation to finances.

Employees and Directors are also required and expected to maintain this standard of

confidentiality when they leave the organisation.

3. PURPOSE OF COLLECTING INFORMATION

The …………………………. collects and uses personal information for the following purposes only in order to:

  • Meet insurance policy requirements;
  • Provide personnel, payroll and pension administration services;
  • Up-date databases within the organisation;
  • Enhance or improve service users experience of services;
  • Recruit and select staff and volunteers for available positions;
  • Provide screening services, including Garda Vetting;
  • Provision of one to one support services;
  • Comply with good employment practice;
  • Assessment and referral purposes;
  • Dealing with Grievance and disciplinary issues.

4. PRINCIPLES GOVERNING CONFIDENTIALITY

In addition to the duty of care regarding Confidentiality outlined above, the Data Protection Acts imposes legal obligations on the………………. Board, its staff and volunteers.

The ………………… takes seriously its responsibilities under the Data Protection Acts. The organisation is aware of and acts in accordance with the following eight Data Protection principles regarding information:

  • Obtain and process information fairly;
  • Keep it only for one or more specified, explicit and lawful purposes;
  • Use and disclose information only in ways compatible with these purposes;
  • Keep it safe and secure;
  • Keep it accurate, complete and up-to-date;
  • Ensure it is adequate, relevant and not excessive;
  • Retain for no longer than is necessary;
  • Allow individual’s access to their personal data, on request;

5. EMPLOYEE FILES

Under Data Protection, all employees are entitled to access their personnel file where information on them is kept, in hard and soft copy format, to support their employment with the organisation.

Upon joining the organisation, personnel information will be requested from staff in order that ...... may effectively administer employment contracts.

…………………… will require for example, PPS numbers to process tax deductions, bank details for payment purposes, date of birth for pension purposes (if applicable) and home and next of kin details in case of emergency.

In the event of an emergency, the organisation needs to ensure that accurate employee details are on file for ease of reference. To assist the organisation it is important that all employees inform the Coordinator of any relevant changes, such as change of address, contact telephone numbers or next of kin details.

The organisation is committed to:

  • Keeping all personnel information confidential, safe and secure
  • Making sure the information is accurate, up to date and as complete as possible
  • Destroying irrelevant information as necessary.

All personnel information regarding employment may be held on computer and also in staff personnel files. Copies of any memos or emails relating to changes in staff terms and conditions of employment may also be stored electronically or on staff personnel files. There will be limited access to personnel files in order to protect employees and applicants from discrimination, identity theft and breach of privacy.

Employees’ personnel files are very important to the organisation and such, most, but not all, documents relating to employment will be kept in the personnel files in a hard or soft format, including:

  • A job description for the position that each employee of the organisation holds;
  • The job application, CV and any references of the employee;
  • The offer of employment to the employee;
  • Revenue information which includes tax credit and cut off information;
  • A signed employment contract;
  • A receipt or signed acknowledgement of the employee having seen and received the organisation’s staff handbook;
  • All appraisal/performance evaluations information;
  • Support and Supervision records;
  • Signed Time Record Sheet;
  • Signed Annual Leave Record Sheet;
  • Any agreement relating to benefits that each employee has;
  • All sick leave which include sick certification and records;
  • Emergency contact and next of kin forms;
  • Any written complaints from co-workers or Centre users;
  • Awards or certificates of excellent performance on the job;
  • Any documents relating to completed training programs;
  • Records and notes of any disciplinary proceedings taken against an employee;
  • Any notes or warnings on bad attendance or punctuality issues;
  • Garda Clearance form(s);
  • Any written agreements or acknowledgments between each employee and the organisation on specific work related matters;
  • Any documents that relate to an employee leaving the organisation (such as an exit interview or a document that lays out clearly the reasons why an employee was terminated).

Information will not be disclosed to any external third party without your consent, except where necessary to comply with statutory requirements or where an organisation is acting on our behalf, for example, the Auditor. Internally the information may be made available to the Administrator for payroll purposes only, the Coordinator, members of the Staff Liaison Group, the VBOM, or as circumstances dictate. Staff may at any time, request access to the information held about you and such requests should go to the Coordinator and access will be provided within 4 weeks.

Maintaining Personnel Files

At least once a year, employees’ personnel files will be inspected and cleaned out of all unnecessary documents. When going through the personnel files, documents which are not necessary will be taken out and destroyed.

6. EMAIL AND INTERNET POLICY

Email:

This policy applies to all employees and volunteers who are granted the use of the ………………………….. internet and email facilities. Emails fall under the scope of the Data Protection Act. Under this legislation the email originator, all email recipients and any person named in the email are entitled to view the information about them and it is incorrect they are entitled to have it corrected.

Home or personal use has a ‘domestic exemption’ from data protection law; however, the ………………………..has not such exemption even for personal emails if they originate from the organisations equipment.

Privacy

The …………………………… reserves the right to access and disclose the contents of a user’s email messages from a computer within the premises, in accordance with its legal and audit obligations, and for legitimate operational reasons.

Use of email

All Board members, staff and volunteers must adhere to the following when using email facilities;

  • Staff and volunteers are expected to act ethically and responsibly in their use of emails and to comply with relevant national legislation;
  • Discrimination, victimisation or harassment via email on the nine grounds of gender, martial status, family status, sexual orientation, religion, age, disability, race and membership of the traveller community is prohibited;
  • Staff and volunteers must not bully / harass / sexually harass or hassle individuals via email;
  • Messages which are likely to be considered abusive, offensive or inflammatory should not be sent. The sending of such emails is prohibited;
  • The creation and/or forwarding of pornographic mail / images are prohibited and constitute gross misconduct;
  • In the event that staff or volunteers are found to be using the e-mail to commit a criminal offence the relevant authorities will be notified as a matter of course.

All of the above are prohibited and will be dealt with in accordance with the …………………………… disciplinary procedures.

Also employees should be aware of the following:

  • Emails can be easily forwarded to other parties. Individuals should be aware that anyone mentioned in an email under data protection has the right to see it;
  • The creation or forwarding of advertisements, chain letters or unsolicited emails is prohibited;
  • Caution should be exercised when opening emails and attachment from unknown sources;
  • All equipment must have up to date anti-virus software installed and be operational on the computer they access emails on;
  • All emails or attachments which are encrypted or compressed should be decrypted or decompressed and scanned for viruses by the recipient.

Internet:

The ……………………. staff and volunteers must adhere to the following when using its facilities/equipment to connect to the internet:

  • Access to the internet is provided by the organisation for the purposes of dealing with work related issues and must not be abused for personal use;
  • Commercial use, which is not connected to or approved by the Board is strictly prohibited and will be dealt with in accordance with the disciplinary procedures;
  • Individuals are expected to act ethically and responsibly in their use of the internet and to comply with the relevant national legislation;
  • The Board, Staff and volunteers must not use the …………………………. internet connection to scan or attack other individuals / devices / organisations.
  • The accessing or downloading of pornographic material or any other offensive material is strictly prohibited and will be dealt with in accordance with the disciplinary procedures.
  • The downloading or distribution of adult/child pornography constitutes gross misconduct and will be dealt with in accordance with the disciplinary procedures.
  • In the event that staff or volunteers are found to be using the internet to commit a criminal offence the relevant authorities will be notified as a matter of course.

7. LIMITS TO CONFIDENTIALITY

In exceptional circumstances the organisation may need to break confidentiality if they believe there is a real intent of serious harm or danger to either their client or another individual. Such circumstances may pertain to issues relating to child protection, sexual abuse, rape, self-harm, suicidal ideation or criminal activity. In as far as is possible, in such cases, a full explanation will be given regarding the necessary procedures that may need to be taken.

8. DATA PROTECTION RESPONSIBILITIES

Specific Responsibilities

The ………………………… is responsible for ensuring that the Board, all staff and volunteers involved in dealing with confidential information and data receive appropriate training, supervision and support regarding the Policy and their legal responsibilities. All staff must sign a Confidentiality Agreement.

The Board of Director’s responsibilities

It is the responsibility of the Board to ensure that a Policy is in place and adhered too.

Co-ordinator’s Responsibility

The Co-ordinator is responsible for ensuring that a copy of this document is available to all staff and volunteers and is available to users of the service. It is the responsibility of the Co-ordinator to ensure the staff sign the agreement and have received training as necessary.

Individual’s Responsibility

Individual Directors, staff and volunteers are required to act in accordance with the Policy, failure to do so will be considered as an act of gross misconduct and will result in disciplinary action.

9. WRONGFUL DISCLOSURE

Wrongful disclosure can occur in at least two ways. It can be by either act or omission. The first would be where confidential information is deliberately passed on to a third party. The second would be where confidential information is disclosed to a third party through negligence. Wrongful disclosure will be considered as an act of gross misconduct and will result in disciplinary action.

10. POLICY FEEDBACK AND REVIEW

Constructive feedback on this Policy is always welcome. It must be given to
The …………………… Co-ordinator who will ensure that this is fed back to the Board who will consider changes to be made.

The Confidentiality Policy was adopted at Management Committee Meeting.

Signed:

Dated:

CONFIDENTIALITY AGREEMENT

I have read and understand the content of the …………………….. Confidentiality Policy.

I agree to act in accordance with the Confidentiality Policy.

I am aware that information that:

a).Is or has been obtained during, or in the course involvement, or hasotherwise been acquired in trust due to involvement with the organisation,

b).Relates particularly to the organisation’s business, clients or that of other persons or bodies with whom we have dealings of any sort, and

c).Has not been made public by, or with our authority.

Is confidential, and (save in the course of our business or as required by law) a Director / employee / volunteer / service user shall not at any time, whether before or after the end of their involvement, disclose such information in any form to any person without the Boards written consent.

I agree to exercise care to keep safe all documentary or other material containing confidential information, and at the time of end of my involvement with the ………………….., or at any other time upon demand, return to the organisation any such material in my possession.

I agree not to disclose any information held by the organisation and not independently available to a third party without the individual’s written consent and permission from the Board.

I realise that a breach of confidentiality is considered an act of Gross Misconduct and is subject to disciplinary action.

Signed: ______

Role: ______

Dated:______

FRAMEWORK EXTERNAL DOCUMENT: Sample Confidentiality Policy