Everyone has a duty of confidentiality

It has been reported that the Chair of an independent safeguarding board has been forced to step down after breaching data protection and confidentiality rules, twice.

After the ICO upheld a survivor’s complaint, it transpires that the person adopted the same actions again, in a different situation. The issues relate to the forwarding on of correspondence without the data subject’s permission, and is compounded by the sensitive nature of the situations.

Everyone has a duty of confidentiality and this is confirmed in the UK GDPR article 5.1(f) which says that personal data shall be ‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).’

So how can you make sure that this never happens in your organisation? If you have attended one of our data protection workshops, you may remember a slide that shows:

  • Policies – have clear policies and make sure that everyone is aware of them
  • Procedures – make sure everyone knows what to do, to follow the policies
  • Training – undertake induction and regular training to rehearse scenarios and appropriate actions
  • Systems – configure your systems (usually IT based) to help support your policies
  • Review – keep this all under review, annually or as circumstances change

If you are not sure that you have everything in place, then enquire about our popular Data Protection Review which highlights any areas that need addressing, and offers a prioritised action plan. You can contact us in the normal ways, use the contact form at https://zorva.info/about-us/contact-us/ or book a free 20-minute insight call at https://zorva.info/free-insight-call/