WENAC - Confidentiality Policy  

(AQS Manual Appendix 22)


Title:   Confidentiality Policy and Procedure.                                                  Written:  July 2018

Contents :     

1.      Confidentiality Statement

2.     Definition of confidentiality

3.     Coverage

4.     Statistical recording

5.     Case recording

6.     Expressed consent

7.     Breach of confidentiality




Related Quality Manual Items

1.     Confidentiality policy applies to all organisational procedures and policies.


1.     Confidentiality Statement

The organisation is committed to providing a confidential advice service to its users. The organisation believes that the principles of confidentiality must be integrated across all aspects of services and management. The organisation believes users deserve the right to confidentiality to protect their interests, to enable them to disclose all aspects relevant to their situation and safeguard the organisation’s services.


2.     Definition of Confidentiality

The organisation understands confidentiality to mean that no information regarding a service user shall be given directly or indirectly to any third party who is external to the staff and manager, without that, service user’s prior expressed consent to disclose such information. The organisation recognises that all users should be able to access the organisations services in confidence, discuss and disclose any subject matter and that no other person should ever know that they have used the organisation's services.


The organisation recognises that information may be indirectly given out through staff informally discussing cases. All staff should ensure that no discussions relating to an individual user of the organisation can take place outside of the organisation’s premises.


The organisation recognises that users need to feel secure in using the organization service in a confidential manner. The organisation will ensure all users are afforded confidential interview space and will ensure blinds, radios and other mechanisms are used to ensure no breach of confidentiality can occur inadvertently


3.     Coverage

All the organisation staff are covered by the confidentiality policy and should receive training in its implementation. The manager should decide if any members of other agencies working with the organisation are to have access to records (eg. specialist agencies visiting the centre to deliver services) and should ensure that they undertake to follow the confidentiality policy.


Management committee members are not covered by the policy and may not have access to client records or details or individual cases.


4.     Statistical Recording

The organisation is committed to effective statistical recording of service users to enable, the organisation to monitor take up of service and to identify any policy issues arising from advice services.


It is the manager’s responsibility to ensure all statistical records given to third parties, such as to support funding applications, monitoring reports for the local authority shall be produced in anonymous form, so individuals cannot be recognised.


5.     Case Records

It is the manager’s responsibility to ensure all case records are kept in locked filing cabinets. All case records must be locked away at the end of each working day. All information relating to service users will be left in locked drawers. This includes notebooks, copies of correspondence, calculation sheets and any other sources of information.


When using the computer to store data this should be secured by the use of a password.


6.     Expressed Consent To Give Information

It is the responsibility of advice workers to ensure that where any action is agreed to be taken by the organisation on behalf of a client, that client must firstly sign an authorization form. This should be placed on the clients file as detailed in the case recording procedure.


The organisation’s workers are responsible for checking with clients if it is acceptable to call them at home or work in relation to their case on the initial contact with clients. All staff must ensure they make no reference to the organisation when making telephone contact with clients.


No referral should be made without the express consent of the client.

7.     Breaches of Confidentiality

WENAC recognises that occasions may arise where individual workers feel they need to breach confidentiality.  Confidential or sensitive information relating to an individual may be divulged where there is risk of danger to the individual, a volunteer or employee, or the public at large, or where it is against the law to withhold it. In these circumstances, information may be divulged to external agencies e.g., police or social services on a need to know basis.


Where worker feels confidentiality should be breached the following steps will be taken:


·      The worker should raise the matter immediately with their Line Manager. 


·      The worker must discuss with the Line Manager the issues involved in the case and explain why they feel confidentiality should be breached and what would be achieved by breaching confidentiality.  The Line Manager should take a written note of this discussion.


·      The Line Manager is responsible for discussing with the worker what options are available in each set of circumstances.


·      The Line Manager is responsible for deciding on whether confidentiality should be breached. If the Line Manager decides that confidentiality is to be breached, then they should take the following steps:


·      The Line Manager should contact the Chair in the first instance, or Vice Chair of the Executive Committee.  The Manager should brief the Chair/Vice Chair on the full facts of the case, ensuring they do not breach confidentiality in doing so. The Line Manager should seek authorisation to breach confidentiality from the Chair/Vice Chair. 


·      If the Chair/Vice Chair agrees to breach confidentiality, a full written report on the case should be made and any action agreed undertaken.  The Line Manager is responsible for ensuring all activities are actioned.


·      If the Chair/Vice Chair does not agree to breach confidentiality, then this is the final decision of Worlds End Neighbourhood Advice Centre.

8.     Legislative Framework


The Organisation will monitor this policy to ensure it meets statutory and legal requirements including the Data Protection Act, Children's Act, Rehabilitation of Offenders Act and Prevention of Terrorism Act.  Training on the policy will include these aspects.



9.     Ensuring the Effectiveness of the Policy


All Executive Committee members will receive a copy of the confidentiality policy.  Existing and new workers will be introduced to the confidentiality policy via induction and training.  The policy will be reviewed annually, and amendments will be proposed and agreed by the Executive Committee.


10.  Non-adherence


Breaches of this policy will be dealt with under the Grievance and/or Disciplinary procedures as appropriate.


WENAC is committed to providing a confidential advice service and believes that the principles of confidentiality must be instigated across all aspects of service and its management. Confidentiality means establishing a relationship of trust between the organisation and the client/service user so that all personal details are kept private and not passed on to a third party without the express consent of the client.  Confidentiality ensures that the client’s privacy is protected especially when handling sensitive, often highly personal information.  It involves having secure systems that limit access to client records to certain persons in the organisation. The data covered by the confidentiality policy includes:



All staff, Trustees/Management Committee, volunteers and others who work at WENAC must respect the need for confidentiality of information held about anyone who comes into contact with the organisation. This is expected to continue even when contact has ceased with this person, and when the Trustee/Management Committee member, volunteer or staff member no longer works for WENAC or a client is no longer in receipt of services.


Breaching Client Confidentiality

In certain circumstances WENAC is may become necessary to breach confidentiality should this be deemed necessary. These circumstances include:


The decision on whether to break confidentiality will be decided on a case by case basis and always in conjunction with a line manager.


Client Consent

In many situations where a client is simply being given general information about their problem, offered leaflets or is signposted to another organisation there is no need to obtain the client’s authorisation to act.


Information will only be passed to another agency or to other individuals outside of the WENAC with the consent of the client, where possible this will be with written consent. If a member of staff or volunteer intends to get information from another agency to help the client or to refer them to another agency then this must be explained to the client and their permission given.


Client Consent is also required in order for AQS assessors to access a sample of files and complete a file audit during the on-site assessment.


Access to Data

All clients and service users have the right to request access to all information stored about them and have a right to see a copy of this confidentiality policy on request.  For further information on access to data please see a copy of our Privacy Policy on the WENAC website.

Where clients, service users or staff have a sensory or physical impairment, efforts should be made to ensure that all aspects of this policy and exchanges between parties are understood.


Information discussions off the premises

In no circumstances should details of a client be discussed by anyone outside of the organisation or in an open plan area in such a manner that it is possible to identify the client.

Staff and volunteers should take due care and attention when speaking to clients and using the telephone.  No client should be able to hear a conversation or personal details of another service user.


All customers and clients are entitled to privacy and will be made aware that they can specifically request to be seen in private.


Confidentiality and other People

If a client asks someone to act on their behalf, e.g., bringing in or collecting documents, it is the adviser’s responsibility to ensure that permission has been given.  It is best to get permission in writing.






You should not disclose that the client has visited your organisation unless the client has given consent to do so.  This includes to a:


The same applies if the police or social services ask about the client.


Contact with Clients



Always check with the client that there are no problems with sending letter to the client’s home address. 


You should decide whether all mail will be opened, including that marked ‘confidential’ and must ensure that any information contained within is not disclosed to anyone else.  Staff responsible for opening mail must be made aware of the issues around confidentiality.


Confidentiality in the Advice Service

The client’s right to confidentiality applies to prevent details of their case being released outside WENAC.  Within WENAC only members of staff and volunteers involved in providing information, giving advice or supervisors: Conf


However, the Trustees/Management Committee are not part of the staff team therefore, unless they are acting as supervisors, legitimate file reviewers or advisors they should:


They should however:


If Trustees/ Management Committee members are involved in supervision or direct advice-giving, your organisation should ensure that the Trustee/Management Committee member is clear about their different roles.  Issues around individual clients should not be discussed by the whole Board of Trustees/Management Committee unless it is to deal with a complaint, breach of confidentiality issue or another issue which fits into the Trustee/Management Committee’s strategic role.



Particular attention should be paid to the following:

Waiting area


Interview rooms

Interview rooms should be confidential in terms of:


If this is not possible, screens should be used as insulation and for a modicum of privacy.  If there is no private interview space, advisers should check with the client whether they are happy with that situation.


Working Space

Ensure that advice staff making telephone calls, discussing cases, etc, cannot be overheard either in the interview room or the waiting area.


Outreach Sessions

If advisers need to take client records to an outreach session or make notes, etc, it is best to try and bring them back to the organisation to store them.  Where there is not possible, files/notes should be stored in a lockable cabinet which has limited access to other members of staff.


If files/notes have to be taken home, you should make sure they are not left where family members or children will be able to read them.


Client Information for Publicity, Reporting or Training Purposes

From time-to-time WENAC does need to be able to give information where appropriate about the impact of our services. If one of our services has an outcome which would provide useful material for publicity, reporting or training purposes, then wherever possible the permission of the client will be sought in writing. If permission cannot be obtained, then any details that would enable identification of the client to be made will be changed.


Storage of Records

Client records should be stored in lockable filing cabinets.  Computer records should be password protected.  All client files should be locked away at the end of the day and not left on desks.  Any client files should be kept for a minimum of 6 years.



Statistics that are presented to the Trustees/Management Committee and funders should be in an anonymous form so that individuals cannot be identified.  Where WENAC use case studies as part of an annual or other report, individuals cannot be identified unless they have expressly agreed.


Breaching Confidentiality

N.B. There are a number of key pieces of legislation that directly or indirectly relate to how WENAC implement confidentiality.  Legislation changes rapidly; it is WENAC’s responsibility to keep up to date with relevant legislation.



The legislation regarding terrorist activities is constantly changing and being updated by Government.  The Terrorism Act 2000, The Anti-Terrorism Crime and Security Act 2001 (ATCSA), Terrorism Act 2006, Counter Terrorism Act 2008, Terrorism Prevention and Investigation Measures Act 2011 and Counter Terrorism Act 2015 and other more recent legislation have made it a criminal offence not to inform on others where you suspect them of being involved in an act of terrorism.


Drug trafficking

The Drug Trafficking Act 1994 makes it a criminal offence not to report to the policy suspicion or knowledge of drug money laundering gained during the course of contact with a client.


The Social Security Administration (Fraud) Act 1997

WENAC much not knowingly assist with a fraudulent claim for benefits in any way, for example helping someone claim for Job Seekers Allowance when they are in paid employment. 


Child Protection Legislation

The Children Act 1989 (updated 2004), Protection of Children Act 1999 and Safeguarding Vulnerable Groups Act 2006 are just some of the relevant pieces of legislation regarding the protection of children.


Advisers may come across these issues in a number of ways:


Advisers should discuss any information about child abuse with their supervisor/manager before informing Social Services or other outside bodies.


General Data Protection Regulations (GDPR) 2018


The General Data Protection Regulation (GDPR) is a new EU legislation relating to data protection, which applies from 25th May 2018. It replaces the Data Protection Act 1998 (DPA) and introduce greater protections for how personal data is used and stored. Although it is a European law, GDPR will be transferred to the UK statute books upon the UK's exit from the European Union and thus will remain in force.


Compliance is crucial due to the impacts personal data processing can have upon people's lives. GDPR revises and enhances the requirements on organisations to consider data protection and accountability, providing individuals new rights over how their data is used.


WENAC ensures its systems and processes are compliant with the new regulations and meet the essential privacy by design and accountability principle concepts. 


Police and Criminal Evidence Act 1984 (PACE)

This Act gives the police powers, lawfully in any premises to seize anything they reasonably believe is evidence in relation to an offence under investigation which otherwise might be concealed, lost, altered, or destroyed.


The police can summons a member of staff as a witness.  WENAC should inform the client that the summons has been received but you should not discuss the evidence to be given with the user.


Crimes committed in the Organisation

If the police are called following a burglary, ensure that case files are in locked cabinets.  If client records are stolen, inform the police they are confidential and should be returned unread.


Risk of Harm

If there is a possibility that a client may harm themselves or others, advisers should discuss this with Supervisors/Line Managers and consider the appropriate action.








N.B. It is the duty of all staff/volunteer members to avoid breaches of confidentiality and therefore, except where the disclosure is in the proper performance of their duties, staff members are normally forbidden from disclosing, or making use of, confidential information.  


Employees raising a concern should be aware of the need to follow the whistleblowing procedure and in particular to maintain confidentiality.  Allegations of Breaches in confidentiality will be dealt with in accordance with our Disciplinary Procedure.