Date compile 10/05/11
Guidance on writing a Confidentiality policy
Within the guidance below are headings which you need to be aware of when
developing/reviewing your Confidentiality Policy. Please be aware that each setting is
unique and that policies and procedures need to reflect this, and headings need to be
specific to your organisation. Please note headings may need to change in relation
to legislation and therefore be reviewed on a regular basis. It is good practice that all
the settings policies and procedures link with each other.
(Wording is for guidance only, wording in italics are ideas on what to include within
the headings, underlined statements are for information only and should be removed
from final confidentiality policy)
This confidentiality policy forms part of a contract with parents and [ Name of setting ]
Statement of intent:
To protect privacy/confidentiality of children, parents/carer and staff
Aim:
To promote an environment of respect with reference to confidential information
relating to children, families, staff, and the business of[ name of setting] business
Parents - To ensure that parents/carers can share their information in confidence and
it will only be used to enhance the welfare of their children.
Definition of confidential information
“Confidential information is information of some sensitivity, which is not already
lawfully in the public domain or readily available from another public source, and
which has been shared in a relationship where the person giving the information
understood it would not be shared with other” (Source - Information sharing
Practitioners’ Guide)
How everyone is made aware of Confidentiality Policy?




Parents – prospectus, policy
Staff – induction procedure, (Note - Staff agreement to confidentiality policy to
say they are aware of confidentiality policy, understand and agree to the
policy. Responsibility if staff do not adhere to confidentiality policy –
implementation of disciplinary procedure)
Committee members – first committee meeting (Note – all committee
members sign up to confidentiality policy see separate policy)
Students and volunteers – copy of policy (Note - sign at induction to say
they are aware of confidentiality policy, understand and agree to the policy)
EVERY EFFORT HAS BEEN MADE TO ENSURE THAT THIS INFORMATION IS ACCURATE, BUT NO RESPONSIBILITY
CAN BE ACCEPTED FOR ANY ERRORS OR OMISSIONS
Date compile 10/05/11
Sharing information

Who is information shared with?
 Parents - (manager, staff and key person)
 Staff – (Line manager, committee outside agencies if applicable i.e.
insurance companies, County Council (support staff, EYSO, BCSO,
LSCB re safeguarding etc. Parents relating to their child re information)
 Students and Volunteers (relevant information i.e. setting’s policies,
children’s records if applicable i.e. child’s allergies)
 Committee (awareness that the committee must not discuss any
information about setting with parents or any other individual not
connected to organisation)
 Other settings (include procedure for, parental permission to share
information verbal and written)
 Outside agencies (link to safeguarding policy, Inclusion policy, statement
re setting’s legal responsibility on sharing information and who would they
share with i.e. Somerset Direct, transfer forms (setting to school) etc)

How can information be shared with:

Parents/Carers to:
 Staff (verbally with key person, staff, manager and committee. In
writing re complaints)
 Committee (verbally or in writing i.e. complaints, fee invoices etc)
 Parents - Responsibility of parents sharing information with other
parents (Setting cannot be held responsible if information is shared
beyond those parents whom the person has ‘confided’ in)

Staff to:
 Parents – (verbally children’s progress and development. Written
information i.e. personal pathways. Documentation i.e. accident,
incident, existing injury form, safeguarding records. Newsletters,
parents evenings, notice board, website etc)
 Staff – Personal information received from parents (is this applicable
for all staff?) , line management meetings, staff meetings etc
 Committee – (committee meetings, line management, employment
issues etc.)

Committee to:
 Parents (newsletter, minutes of meeting, policies)
 Staff (operational plan, policies and procedures, minutes of meetings,
induction procedure etc)
 Committee – (committee meetings, agenda, minutes of, e-mails etc)
 Outside agencies (reports to meetings in reference to specific child/ren,
forms i.e. transfer forms to school, communication book re other
settings etc)
EVERY EFFORT HAS BEEN MADE TO ENSURE THAT THIS INFORMATION IS ACCURATE, BUT NO RESPONSIBILITY
CAN BE ACCEPTED FOR ANY ERRORS OR OMISSIONS
Date compile 10/05/11
Social Networking sites (Staff, parents and committee)



Statement re use of – (No information about the setting this includes working
of the organisation, confidential business matters or discussion around
children, families, staff and committee. No children’s or staff photographs are
to be put onto a social networking site )
Online friends – (staff do not make or accept invitation to become online
friends with parents or other family carers on any social networking sites)
Monitoring – (History of websites will be monitored on a regular basis by
manager and chair of committee, unauthorised access to non work related
websites will be investigated and setting will follow disciplinary procedure if
applicable)
Confidential Records
 Children’s records
 Types of records kept on children (Developmental records – observations,
developmental reports, samples of work, records of achievement i.e.
personal pathways. Personal records – registration, admission, consent,
safeguarding forms, minutes of meetings with family, other agencies etc)
 Safeguarding information (where it is stored, who has access and who is
it shared with)
 Where are records stored (secure, locked cabinet)
 Who has access (staff to complete, parents have access to records on
the settings premises of their own children not to any other child, see
settings procedure on access to children’s records).

Staff records
 Types of records for staff, students and volunteers
 Recruitment (application forms, references – successful applicants in
personnel file, unsuccessful kept for max 6 months and shredded)
 Personnel file (application form, references, crb number recorded,
health forms, line management, appraisals, disciplinary records,
qualifications, continual professional development record, sickness
records including return to work interviews and sick notes, and
holiday record sheet etc)
 Where are they stored? (secure, locked cabinet)
 Who has access (Line manager, chairperson – committee etc)
 Time span (applies to during and after staff’s employment)
 Off site – (Procedure relating to staff taking children’s records off site to
complete (if applicable), where will they be stored when off site and who
will have access to).
Note – children’s records should not be removed from safe secure
location within the setting to protect both staff and children.

Committee (if applicable)
 Types of records committee have access to (children, family, staff, groups
financial business)
EVERY EFFORT HAS BEEN MADE TO ENSURE THAT THIS INFORMATION IS ACCURATE, BUT NO RESPONSIBILITY
CAN BE ACCEPTED FOR ANY ERRORS OR OMISSIONS




Date compile 10/05/11
Where are they stored (staff records, children records on premises in a
secure locked cabinet, financial records – treasurer, admin safe, secure
and not accessible by non committee members)
Who has access (Within [ name of setting ], trustees and committee
members will have designated roles which will allow them access to
confidential records. Within the trustees/ committee members specific
responsibilities will be:  Staffing – Line management, allowing access to staff files, including
sick, holiday and pay records.
 Financial - allowing access to all the setting financial records,
including fees which will include monitoring the debts within the
nursery
Time span (applies to during and after their term of office)
Off site – (Procedure relating to staff records being kept off site or taken
off site. Where will they be stored off site, is this secure? and who will
have access to).
Note - Only committee directly involved with the relevant information i.e.
chairperson and line management notes, treasure and chair re bank
statements etc)

Photographs
 Permission (consent forms from all parents and included in settings
records)
 Who is responsible for taking (staff, keyworkers)
 What is used to take photographs (setting camera only)
 Where are the photographs stored (settings’ own computer, how are they
stored? who has access?)
 Length of time re storage (photo’s not stored on computer, printed out and
deleted. No photographs of children are stored on computer after child
has left the setting)
 Use of photographs (used only within the setting and printed out for
children’s records)
 Parents use of cameras at events (nativity, sport day etc)
Mobile phones
 Personal mobile phones (staff – where are they stored, when they can be
used, emergency contact number. Explanation re parents usage)
Data Protection (DPA) Act 1998



What DPA applies to (personal data, staffing, children, volunteers, parents etc
computerised or manual)
Breach of Data Protection Act (Owners, managers, staff, committee members
must ensure that they do not breach the Data Protection Act 1998, which
provides strict rules in this area).
Statement defining Data Protection - In essence, data protection means that
organisations that process personal data, must comply with certain data
protection principles and the rights of the person about whom data is
EVERY EFFORT HAS BEEN MADE TO ENSURE THAT THIS INFORMATION IS ACCURATE, BUT NO RESPONSIBILITY
CAN BE ACCEPTED FOR ANY ERRORS OR OMISSIONS
Date compile 10/05/11
processed (e.g. children, staff and volunteers). There are eight principles put
in place by the Data Protection Act (DPA) which specify that data must be:








fairly and lawfully processed;
processed for limited purposes;
adequate, relevant and not excessive;
accurate;
not kept for longer than is necessary;
processed in line with your rights;
secure;
not transferred to countries outside the EU without adequate protection:
It is against the law if any organisation does not keep to these principles.
Informing parents of changes to policy
(How do you inform parents of any changes made to policy? Notice period for
change i.e. 1 month. How do you record parents are made aware and agree to the
changes? I.e. returns slip on information letter/invoice detailing the changes).
Note
 If changes are made to any policies which impact on parents, then notice
needs to be given, for example a month.

All parents need to sign to agree the changes (Parents could be made aware
of the changes with a returns slip on the bottom of an invoice, or a separate
letter with returns slip)

By keeping the returns slip and original amended/updated documentation, this
safeguards the setting.
Links to other policies and legislation
 Legislation – Children Act 2004, Childcare Act 2006, Data Protection Act 1998
etc.

Nurseries/pre-school prospectus, safeguarding policy parent’s contract or
parent partnership, Staffing policy, staff handbook, committee confidentiality
policy, records off site procedure, mobile phone (if applicable), keyperson
information, staffing guidance on use of computer and internet sites etc

Documentation – Information sharing Guidance for Practitioners and
Managers, Somerset Local Safeguarding Children Board Booklet

Every Child Matters Outcome: Keeping Safe, Economic Wellbeing

General Welfare Requirement:

Safeguarding, Documentation
EVERY EFFORT HAS BEEN MADE TO ENSURE THAT THIS INFORMATION IS ACCURATE, BUT NO RESPONSIBILITY
CAN BE ACCEPTED FOR ANY ERRORS OR OMISSIONS
A unique Child Positive
Relationships
1.3 Keeping
2.2 Parents as
safe
Partners
2.4 Key person
Enabling
environments
3.4 The Wider
Context
Date compile 10/05/11
Learning and
development
Note – Information below only needs to be included on the main confidentiality policy
which has been adopted and not on parents copy,
This policy was adopted at a meeting of (name of setting)
Held on ________________________
Signed on behalf of management committee ________________________
Name of signatory____________
Role of signatory __________________________
Date to be reviewed _________________________________________________
EVERY EFFORT HAS BEEN MADE TO ENSURE THAT THIS INFORMATION IS ACCURATE, BUT NO RESPONSIBILITY
CAN BE ACCEPTED FOR ANY ERRORS OR OMISSIONS