The Mustard Tree Foundation (MTF) recognises that employees, volunteers, trustees and secondees gain information about individuals and organisations during the course of their work or activities. In most cases this will not be explicitly labelled as confidential, and the exercise of common sense and discretion will be vital in determining the confidentiality of the information. MTF is committed to maintaining high standards of confidentiality in all aspects of our work and this policy aims to give some guidance to ensure that confidential information and records are properly managed. If there is any doubt, seek advice from your Project Director, the Data Protection Lead or CEO.
The Data Protection Lead for the MTF is Alison Dent.
Please see Appendix 1 for full details of the MTF Confidentiality & Data Protection Team
- Most information held by MTF relates to service users, employees, trustees, and volunteers.
- Confidential Information acquired in the course of duty relating to MTF service users must be treated in the strictest confidence and must only be disclosed to the appropriate members of staff in the work setting or to other appropriate people where authorisation has been agreed from your project manager. In addition, the service user must have agreed through signing a Consent Form. e.g. with carers, relatives or health professionals
- Confidential information acquired in the course of duty relating to staff or volunteers must be treated in the strictest confidence and must only be disclosed to those with a demonstrable need to know. Where guidelines are not clear agreement should always be sought through your Line Manager. This includes, for example, releasing the name of a MTF employee or volunteer in response to an unknown caller. It is the individual responsibility of all members of staff who handle personal or sensitive information to ensure the validity of any “need to know” before making any disclosures. In this context, “Personal Information” is defined as being any information whatever relating to or affecting any living identifiable individual. Particular caution must be exercised with personal information relating to an identifiable individual’s religious belief, criminal or medical history. If in doubt, seek guidance from the person you report to.
- Employees who handle personal information must take particular care to ensure that it is stored securely, used only by authorised persons and for the specified approved purposes. It is not released to unauthorised persons (without authorisation from your Project Director or the CEO), kept for no longer than is necessary and, when finished with, is destroyed or otherwise suitably disposed of.
- When photocopying or working on confidential documents, employees, volunteers, trustees and secondees must ensure they are not seen by people in passing. This also applies to information on computer screens.
- Employees, volunteers, trustees and secondees should avoid exchanging personal information or comments (gossip) about individuals with whom they have a professional relationship.
- Employees, volunteers, trustees and secondees should avoid talking about individuals / organisations in a social setting. Employees, volunteers, trustees and secondees will not disclose to anyone, other than their Line Manager, any information which is sensitive, private, financial or personal without the knowledge and consent of the individual or organisation concerned.
Confidentiality may be breached only in the following circumstances and after consultation with your Line Manager or if they are unavailable the CEO of the Mustard Tree Foundation (unless someone is in imminent danger when confidentiality may be breached without prior consultation):
- In order to seek advice or if there is a duty to disclose information
- Where there is a risk of physical harm to anyone.
- Where a vulnerable adult, child or young person is at risk of abuse (please see the safeguarding policy for further information)
- Where there is a legal obligation on MTF to disclose information; in these circumstances MTF will take all possible steps to ensure that information regarding other people we support is not disclosed without their consent.
2.0 BREACHES OF CONFIDENTIALITY
- If an employee, volunteer, trustee or secondee has had to breach confidentiality, they will be asked to a meeting with their Line Manager (and/or Chair of Trustees) and Data Protection Lead and if they cannot satisfactorily explain that the breach was covered by any of the exceptions named above, it will be treated as a disciplinary matter
- Employees, volunteers, trustees and secondees who are concerned there has been a breach of confidentiality should raise this with the Data Protection Lead or the CEO or Chair of Trustees using the grievance procedure if necessary. They must not discuss this outside the organisation.
- Whistle blowing – Where an employee has concerns about the use of MTF funds, he or she may refer directly to the Chair of Trustees outside the usual grievance procedure.
- Any employee, volunteer, trustee or secondee has the right to inform either his or her manager or one of the trustees if they believe that MTF is being brought into disrepute by the actions of another colleague or trustee.
3.0 APPLICATIONS AND REFERRALS
- All potential employees, volunteers and Trustees will send their CV with a covering letter or complete an application form. Applicants will also be asked separately to disclose information about criminal investigations and convictions. All information from applicants will be disposed of after one year if they are not accepted as employees / volunteers.
- A DBS Check at the relevant level will be requested for new employees and volunteers whose posts involve contact with vulnerable children or adults. MTF follows the DBS Code of Practice regarding the correct handling, use, storage, retention and disposal of Disclosures and Disclosure information.
- All information relating to applicants, including application forms, CV’s, cover letters and completed Disclosure Applications are kept in a locked cabinet.
- All potential new service users or referrers will complete a Referral form and / or Care & Risk Assessment. All information from service users or referrers will be disposed of after one year if they do not proceed further.
- All information relating to referrals, including Referral forms and / or Care & Risk Assessment forms etc. are kept in a locked cabinet.
- All Data and documents relating to employees, volunteers, clients and trustees are kept securely and disposed of in accordance with our Data Retention & Disposal Policy.
The Data Protection Lead and / or CEO will occasionally conduct spot checks of MTF and Project records and data to ensure they are being held correctly.
In addition to its general application, this statement also relates specifically to compliance by MTF with the provisions of the Data Protection Act 2018:
These are that personal data must be:
- processed lawfully, fairly and in a transparent manner
- processed for specified, explicit and legitimate purposes and not in a manner that is incompatible with those purposes
- adequate, relevant and limited to what is necessary for the purposes for which it is being processed
- accurate and, where necessary, up to date
- not kept longer than necessary for the purposes for which it is being processed
- processed in a secure manner, by using appropriate technical and organisational means
- processed in keeping with the rights of data subjects regarding their personal data
Please refer to MTF’s Data Protection Policy and Data Privacy Notice for additional information.
Mustard Tree Confidentiality and Data Protection Team
Trustee with responsible for Safeguarding and security:
John Hawkins firstname.lastname@example.org
Data Protection Lead:
Alison Dent 0118 956 7000
(Mon, Tues & Thurs 9am to 4.30pm)
Katherine Shepherd 07557 649461 or 0118 956 7000
Christine Munday 07443 487191
DBS checks and safer recruitment:
Ali Dent 0118 956 7000
(Mon, Tues & Thurs 9am to 4.30pm)