1.1.3 Confidentiality and Loss of Sensitive Data |
Contents
- Taking or Sending Personal Information about Service Users Out of the Office
- Any Breach of Confidentiality
1. Taking or Sending Personal Information about Service Users Out of the Office
There are times when it is necessary to take service users’ records out of the office. On such occasions it is essential that the utmost care is taken to keeping the personal data safe. Please be reminded of the following:
The Data Protection Act and the Human Rights Act require that we give priority to maintaining confidentiality in relation to personal records that we hold about individuals and families. For social care professionals this is also a requirement of the Code of Ethics and professional registration.
Each person who has access to confidential data about individuals in any format (paper, electronic, photographic) must take the personal and professional responsibility to keep such data secure at all times. This includes maintaining security where agreement has been given to working on records from home or other bases by remote electronic access.
Paper records (print outs or original documents) should not be removed from the office, unless it is for agreed professional tasks relating to court, professional meetings (i.e. child protection or children looked after functions) and meetings with service users.
Removal of papers for any other reason must be with line manager’s agreement and a record should be kept of that agreement (on carefirst/careworks running records), indicating which papers have been removed and when they will be returned/destroyed
Confidential data held on USB memory sticks must be password protected.
Notebooks must be kept secure and identity of children and families or their addresses kept secure.
Any confidential documents being sent by email, fax or post should be sent securely and password protected where necessary. Care must always be taken with emails, fax and post that the data is being sent to the correct address and addressee and that the intended recipient has a right to the information.
2. Any Breach of Confidentiality
Any breach of confidentiality arising from loss or theft must be reported to the Police immediately and details passed to the relevant line-manager.
For all breaches, a detailed report of the information unlawfully disclosed, lost or stolen must be made to the Asst Director with a risk assessment of the likely outcomes of the breach/loss and the actions being taken to minimise impact on service user/s & redress the loss.
The Council’s Insurers should be informed through the Insurance Section based at Tooley Street.
Consideration should be given to whether the Council’s media office should be advised of the loss if there is a risk to the Council’s reputation.
The service user should be informed in a face to face meeting what data has been disclosed, lost or stolen and also in writing after a face to face discussion.
On receiving a report of the breach of confidentiality the Assistant Director will make a decision with the Caldicott Guardian, and possibly with legal advice, what further action may need to be taken. This will include the need to consider a disciplinary investigation, referral of the breach to the Information Commissioner’s Office and/or the General Social Care Council.
End