This resource provides for the Confidentiality Policy for all staff members. It outlines the standards of staff practice in relation to handling confidential information and personal data.
Purpose and Scope
This policy supports employees in pursuing good practice and provides a set of guidelines to define acceptable standards in relation to handling confidential information and personal data to which employees will have access in the course of their work.
Examples of confidential information include complaint casework information, contractual terms between ESC and a supplier or employee and information about applicants, complainers, witnesses or respondents.
This policy applies to all employees regardless of working pattern or nature of employment contract. It also applies to anyone working within the premises of and / or for the Commissioner (for example sub-contractors, consultants, secondees from another organisation or agency staff). The word employee(s) in the context of this policy should be taken to mean all such individuals, unless specifically referred to as being directly employed by ESC.
ESC recognises that, given the nature of their work, employees will be party to personal and confidential information about individuals and organisations. Employees must always err on the side of caution in considering whether information is sensitive or confidential.
Specific statutory provisions apply to certain activities (such as the requirement to conduct investigations confidentially) and these must be strictly applied. This policy and the Data Protection Policy set out the main requirements. Anyone who is in any doubt about application of the policies and the handling of data should discuss the issue with their line manager.
Implementation, monitoring and review of the policy
Overall responsibility for policy implementation, monitoring and review lies with ESC. Everyone covered by the scope of the policy is obliged to adhere to, and facilitate implementation of the policy. Appropriate action will be taken to inform all new and existing employees and others covered by the scope of the existence of the policy and their role in adhering to it. The policy will be reviewed at such times as legislation or a change to the ESC policy position requires it. The policy will be made available to the general public.
Disclosure of Information
ESC is committed to making the organisation as open, accountable and transparent as practicable, subject to statutory provisions covering the investigation of complaints and the handling of personal data. ESC’s publication scheme and Guide to Information provides a list of all available information about ESC and how it can be obtained. Employees are therefore expected to make available official information which is not held in confidence by ESC or otherwise protected from publication in accordance with these policies.
Employees must not, without proper authorisation, disclose confidential information which they acquire in the course of their work or which has been received in confidence from others.
It is important that all employees:
- only access information related to work they have been required to carry out
- remember, that even if confidential or personal information appears trivial or widely known, it should not be disclosed to anyone outside the office except in the terms of this policy or with specific authorisation,
- ensure that all papers and electronic files associated with the work of the organisation are kept securely.
Employees must not disclose knowledge gained in the course of their work in social settings or on social media and should avoid discussions of a confidential nature in any setting where they may be overheard. For more details about the acceptable use of social media please see the Information Security Policy and Procedures.
When photocopying or working on confidential documents, employees must ensure that these are not seen by people in passing. This also applies to information on computer screens. Employees should ensure when they are working with confidential information, be that in hard copy or electronically, that others who are not party to the information do not inadvertently see it. Laptops, computers and other digital devices used to view ESC information should all have password protected log in screens and/or screensavers so that their contents cannot be viewed without the proper authorisation if they are left unattended for any time. The duty of confidentiality continues to apply after an individual leaves ESC employment
Data Protection Act
ESC recognises that information about individuals, whether held electronically or on paper, falls within the scope of the Data Protection Act and must be handled in such a way as to comply with the data protection principles. ESC will ensure that personal data is:
- obtained and processed fairly and lawfully
- processed for limited, specified purposes
- adequate, relevant and not excessive
- accurate and up to date
- not kept longer than necessary
- processed in accordance with the individual’s rights, as set out in the Data Protection Act
- kept secure and protected
- not transferred out of Europe (unless to a country which has adequate protection for the individual).
Grievances or Concerns
Employees who are concerned about the conduct or actions of others working for ESC in any capacity should raise this with their line manager or the Commissioner and not discuss their concerns outside of the office. The Whistle-blowing and Public Interest Disclosure Policy gives further guidance.
Breaches of the Policy
Anyone who does not comply with this policy, and is directly employed by ESC, may be subject to disciplinary action as set out in the disciplinary procedures.
Any other person covered by this policy, and found not to comply, will be reported to the relevant office/employer. This may also result in ESC terminating any contract.
|1.0||First Draft||01/06/21||Public Appointments Officer|
|1.1||Update to Phone number||16/05/2023||Corporate Support Officer|
|1.2||Website conversion||22/05/2023||Corporate Support Officer|