Confidentiality Policy

This policy promotes best practices in information security and confidentiality to ensure sensitive data remains protected at all times.

Created by: Nina Chesworth July 2025)

Approved by: Nik Noone (August 2025)

Next Review Date: August 2026

1. Policy Statement

Walthew House is committed to safeguarding all forms of confidential information. All individuals covered by this policy—including staff, volunteers, and contractors—must handle such data with discretion and prevent unauthorized disclosure, duplication, or misuse. This policy promotes best practices in information security and confidentiality to ensure sensitive data remains protected at all times.

2. Scope

This policy applies to all employees, contractors, consultants, volunteers, and any other individuals who may access or handle confidential information on behalf of Walthew House.

3. Introduction & Relationship to Data Protection Policy

Walthew House also maintains a Data Protection Policy, which outlines how personal data is collected, processed, and used for service users, volunteers, and staff. It includes procedures for responding to data breaches, which typically involve breaches of confidentiality.
This Confidentiality Policy complements the Data Protection Policy by detailing how confidential information is managed on a day-to-day basis and clarifying areas where discretion is required.

4. Definitions

  • Confidential Information: Any non-public data or knowledge, including client records, employee files, financial data, strategic plans, internal communications, and other sensitive information.
  • Unauthorized Disclosure: The release, sharing, or transfer of confidential information without proper consent, legal authority, or organizational approval.

5. Responsibilities

  • Staff and volunteers must securely store confidential materials and restrict access to authorized personnel only.
  • Any actual or suspected breach of confidentiality must be reported immediately to the duty officer.
  • The Business Manager is responsible for ensuring all team members understand and comply with confidentiality obligations.

6. Procedure When Confidentiality Is Broken

Any breach or suspected breach of confidentiality must be reported immediately to the duty officer.
Inappropriate disclosures by staff or volunteers will be treated as disciplinary matters and addressed in accordance with Walthew House’s disciplinary procedures.

7. Permitted or Required Disclosure

Confidential information may be disclosed under the following circumstances:

  • To protect children or adults at risk, as outlined in the Child Protection and Adult Protection Policies.
  • With the explicit consent of the individual concerned (e.g., sharing with health professionals or for publicity purposes).
  • In response to a lawful police enquiry.
  • When staff or volunteers discuss personal issues affecting their work with a line manager or duty officer, with mutual agreement and confidentiality maintained.

8. Information and Training

All staff and volunteers receive training on confidentiality and are provided with this policy. Service users, members, and carers are also informed of the policy.

Confidential files are stored securely—physical files in locked cabinets and digital files on password-protected systems.

9. Confidential Post and Emails

Mail marked ‘Private’ or ‘Confidential’ must only be opened by the intended recipient. Specific protocols include:

  • DBS Scheme records may only be accessed by the Project Coordinator or Administrator.
  • Self-certification notes for sickness leave must be submitted in sealed envelopes or password-protected email attachments and marked confidential.
  • Online forms are stored securely on password-protected local drives.

10. Review & Updates

This policy will be reviewed annually and updated as necessary to reflect changes in legislation, best practices, or organisational procedures.