HASTINGS VOLUNTARY ACTION CONFIDENTIALITY AND DATA PROTECTION POLICY
MARCH 2008
Policy Statement
HVA recognises that staff and volunteers gain information about individuals and organisations
during the course of their work and activities. These individuals and organisations have a right to
expect that their confidence will be respected, that information about them will be kept securely and
that information provided by them will not be used for any purpose other than that for which it was
given. Any information passed on outside of HVA will only be given with the express permission of
the individual or organisation which supplied it except in exceptional cases where the interests of
vulnerable individuals or the wider public are at risk of serious harm.
Policy Guidelines
1. Information about individuals and organisations is confidential to the agency as a whole and not
to individual staff members.
2. Information about individuals and organisations will only be discussed with other HVA staff as
necessary to provide a good service (e.g. planning, supervision) and information considered
particularly sensitive, personal, financial or private should only be disclosed to the linemanager.
3. Staff and volunteers should avoid talking about individuals or organisations in social settings
and exchanging personal information or comments (gossip) about individuals with whom they
have a professional relationship.
4. Staff and volunteers who are dissatisfied with the conduct or actions of colleagues should follow
the internal procedures and line-management arrangements and not discuss their
dissatisfaction outside the organisation.
5. Individuals and organisations giving information about themselves should be made to feel
confident that information given will be treated in the strictest confidence but where necessary
should also be made aware of the limits to confidentiality (as detailed below).
6. Personal information about individuals or groups may be solicited in the course of advising
individuals or groups about options that may or may not be appropriate or accessible because
of their particular circumstances. This information may be passed on (with the informed consent
of the individual or organisation) where HVA sees its job as advocate or helping to overcome
anticipated problems or prejudices associated with third party recipients of the information.
7. Any confidential records and case notes must be stored securely by the member of staff directly
responsible and labelled confidential. Records held about individuals fall within the scope of the
Data Protection Act and must comply with the data protection principles giving people the right
to see information that is held about them.
8. General non-confidential information about organisations and groups is accessible to all HVA
staff and volunteers and contact details are passed on to any enquirer except where the
organisation or group expressly requests that the details remain confidential.
9. Any statistical information or research carried out must be presented so that no individual can
be identified unless clear prior permission has been given.
10. Members of staff or volunteers accessing unauthorised files without permission or breaching
confidentiality outside of the procedure laid out below may face disciplinary action. Exemployees may face legal action.
Procedure for Breaching Confidentiality
Confidentiality will have to be breached if vulnerable people or the wider community are at risk from
serious harm e.g. child/vulnerable adult abuse, serious injury, death. Where a member of staff or
volunteer feels that a matter is sufficiently serious it must be reported to the Director where a
decision will be made in consultation with the Chair or Vice Chair, on whether to disclose the
information. Where possible the situation should be discussed with the person giving the
information encouraging them to take responsibility for contacting the relevant authorities. Should
they decide to disclose the required information, then no breach of confidentiality will have taken
place. Where the individual is unwilling to take action the final decision to breach confidentiality will
rest with the organisation and the individual will be formally notified of the reason for its decision.
Data Protection
The Data Protection Act 1998 compels Hastings Voluntary Action to take specific measures to
ensure that all personal information about living (identified or identifiable) individuals in any file or
record is processed according to the following principles:
1.
2.
3.
4.
5.
6.
It should be held fairly and lawfully
Information should be obtained only for specific lawful purposes and not used in any way
which is incompatible with those purposes
Information should be adequate, relevant and not excessive
Information should be accurate and up to date
Information should be held no longer than necessary
Information should be protected by appropriate procedures regarding security,
confidentiality retrieval and review
In compliance with this policy HVA will:

Review annually the organisations status with the Information Commissioner to establish if
either through changing activity or legal changes the organisation needs to formally register as
a holder of personal information.

Review annually and on a “needs” arise basis the security of any information systems utilised to
hold personal information and ensure that these have appropriate protection from thirds party
access through “hacking” or other unauthorised.

Dispose of any confidential information in a manner appropriate to its status and by shredding
sensitive data as soon as it becomes redundant.

Checking annually that the physical storage facilities in which data is stored are effective and
secure taking into account recommendations and good practice.