Confidentiality & Disclosure Policy

For the purposes of this policy, “Money Advice Plus” (MAP) and “Money Advice Plus (MAP) staff” has its usual meaning and in addition includes anyone performing work on behalf of MAP i.e. subcontractors. (But see paragraph below concerning external contractors)

Scope and purpose

The aim of this policy is to ensure that everyone engaged with MAP understands their responsibilities in respect of confidentiality and disclosure of personal data.

This policy is written with reference to the requirements of the Data Protection Act 2018 and the Public Interest Disclosure Act 1998

Confidentiality Statement

MAP recognises that the principle of confidentiality should apply to any information about its service users and the internal affairs of the organisation and should be adhered to by all Board of Trustees members, members of staff and volunteers.

MAP is committed to providing a confidential advice service to its clients. MAP believes that principles of confidentiality must be integrated across all aspects of services and management. MAP believes its clients deserve the right to confidentiality to protect their interests and to safeguard MAP services. Each client has access to his or her own records on request. Each client is entitled to have MAP position on confidentiality explained to them.

Definition of Confidentiality

Personal Information & Sensitive Personal Information is covered by the Data Protection Act 2018, and MAP has a legal duty to keep this secure.

MAP understands confidentiality to mean that no information about a client and which can identify a client shall be given directly or indirectly to any third party which is external to the Staff, without that client’s prior consent to disclose such information.

MAP recognises that all clients should be able to access our services in confidence and that no other person should ever know that they have used these services.

MAP recognises that clients need to feel secure in using our services in a confidential manner. MAP will ensure that all clients are afforded confidential interview space (when meetings are required).

Because of the sensitive nature of telephone calls being made offices are not accessible to the general public: visitors have to wait to be admitted at both sites.

There are, however, certain circumstances where confidentiality must be breached. Some of these are outlined later on in this policy and described more fully in the Confidentiality & Disclosure Procedure.

There may be some occasions when it may be necessary to consider a breach of confidentiality even if not required by law. Disclosure of personal information without consent may be justified where failure to do so may expose the client to risk of serious harm. Every effort will be made to gain consent but the health and safety of the individual has priority over the right to confidentiality

There may be occasions when MAP is required by law to disclose information, for example if the Police require us to do so, in which case a written request will be sought stating under what authority the request for information is made.

It is important to understand that the decision to disclose involves complex issues and considerations and that such decisions are not always easy. The Confidentiality & Disclosure Procedure may assist by setting out a step by step process which addresses the principles which must be considered when weighing up our duty of confidentiality and the need to disclose personal information.

Who is covered by the policy?

All paid staff, trustees and volunteers are required to abide by this policy. The client should be able to assume that anything they disclose to a MAP worker or representative will remain within MAP unless this is overridden by specific circumstances described in the procedure.

Confidentiality rests with MAP, not individual workers, so it is perfectly acceptable for all workers to have access to case records and take part in discussions relating to the client’s enquiry.

Trustees are not directly involved with client work and should not have access to client records or be aware that an individual has consulted MAP. The exception to this is when a complaint reaches stage 2 and 3 of the Complaints Procedure. Trustees should be aware of this policy and have an involvement in dealing with any potential breach of confidentiality. The ultimate responsibility for implementing policies rests with Trustees and staff are accountable to them.

There will be some instances where other people may act on the client’s behalf – collecting and bringing in information, for example. MAP has a responsibility to the client to ensure that the client has given this person their permission, in writing is best but if not this must be clearly noted on the case notes. It is important that it is not disclosed that the client has consulted MAP unless they have given permission to reveal the information.

Partners, children, relatives and friends enquiring about the progress of a case on the client’s behalf should be made aware of this confidentiality policy. The same approach will apply to other agencies such as social services, probation officers, and the police.

External Contractors

Occasionally MAP will need to contract the services of outside agencies/organisations to assist with data processing. For the purposes of the Data Protection Act 2018 these organisations are “data processors” and MAP remains the “data controller”.
This will be on the understanding that:

• The organisation understands the nature of MAP’s work & that they will be handling sensitive personal information
• The organisation has suitable levels of security in place comparable with those used by MAP
• Information is processed as agreed with MAP
• Information is not used for any other purpose
• Information is not retained but is securely destroyed after the agreed work is completed
• External contractors/organisations which handle data will be asked to sign a confidentiality agreement

Recording Information

Casework necessitates recording information which may contain sensitive personal data. To comply with the Data Protection Act 2018, the client must give their consent for MAP to do this and be advised of the Data Controller.

Sensitive personal information is defined as information relating to any of the following: racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sexuality or sex life, offences and/or convictions.

Storing and Disposing of Information

It is the Chief Executive’s responsibility to ensure

• all case records and information relating to clients are locked out of sight at the end of each working day. This includes notebooks, copies of correspondence, calculation sheets, file labels and any other sources of information which can identify a client by name
• that all electronically held data is stored and backed up securely
• all data is disposed of securely

Sharing Information

MAP workers are responsible for checking with clients if it is acceptable to call them at home in relation to their case, and if it is acceptable to leave an answerphone message.

MAP workers are responsible for checking with clients that it is acceptable to write to them at home in relation to their case.

All details of expressed consent must be recorded on the case file.

To provide good casework & support it is often necessary to share information & request the sharing of information from other agencies. It is the responsibility of MAP workers to check that a client understands what needs to be shared, & consents to this, and to ask the client to sign written consent forms when required.

When MAP fails to establish contact with a referred person then this information can be given to the referrer, as this person has not become a MAP client e.g. if a potential client is offered an appointment and does not attend.

Clients will be advised of MAPs’ Confidentiality & Disclosure Policy at the start of a case.

Statistical Information

MAP is committed to effective statistical recording of clients to enable MAP to monitor take-up of service and to identify any policy issues arising from advice services. Private information collected to produce statistics is confidential and we use it for statistical purposes only.

It is the Chief Executive’s responsibility to ensure all statistical records given to third parties; such as to support funding applications, monitoring reports for the local authority shall be produced in anonymous form, so individuals cannot be recognised.
Any other reporting which can identify the client will only be with the client’s consent.

Evaluation and Audits

MAP may be required to have case files examined by contractors, funders and independent auditors for quality assurance purposes. This should only be carried out if the examiner has agreed that they will only use information to check MAP’s quality of work.

The only exception to this would be if a matter came to light which fell under ‘Breaches in Confidentiality’ (below).

Case files will only be made available if the client has given their consent.

Breaches of confidentiality

MAP recognises that occasions may arise where individual workers feel they need to breach confidentiality. MAP recognises, however, that any breach of confidentiality may damage the reputation of MAP’s services and therefore has to be treated with the most serious of approaches.

Confidentiality must be breached in the following situations only:

• Terrorism Act 2006 It is an offence to fail to give information, which may help prevent acts of terrorism, or help arrest a terrorist.
• Drug Trafficking Act 1994 This act makes it a criminal offence to fail to report to the police suspicion or knowledge of drug money laundering gained during the course of contact with a client.
• Money Laundering Act 2017 and Regulations 2019 We are licenced by the Financial Conduct Authority to hold client money and we are obliged to report suspicious transactions to the National Crime Agency.
• Where a court of law declares that MAP has to give evidence from client records.
• Where the police have powers under the Police and Criminal Evidence Act 1984 (PACE) to seize anything they reasonably believe is evidence in relation to an offence under investigation, which might otherwise be concealed, lost, altered or destroyed.

Confidentiality may be breached in the following situations:

1. Child abuse Where a worker is suspicious of or has evidence of child abuse. MAP follows guidance from Sussex Child Protection & Safeguarding Procedures
2. Abuse of a vulnerable adult MAP follows guidance from http://sussexsafeguardingadults.procedures.org.uk/ Note that whilst many of the vulnerable clients that we support reside in Brighton & Hove, and/or Sussex, we may also have concerns about clients advised by our
   national telephone service living in other Local Authority Areas. In which case the above procedures provide useful guidance for best practice.
3. Risk of harm Where a worker believes there to be a real and significant risk of harm to the client or to others they should consult with the duty supervisor, Client Service Manager or Chief Executive without delay.
4. Conflicts of interest Where a worker becomes aware of a conflict of interest which necessitates informing one party that MAP can no longer act on their behalf. In such circumstances the Conflict of Interests Procedure will be followed.
5. Missing Persons Clients or volunteers who are judged as missing by MAP following the Missing Persons Procedure

For further details on situations where confidentiality may or must be breached please see MAP Confidentiality and Disclosure Procedures.
Breaches of confidentiality must be reported to the Trustees.

Legislative Framework

MAP will monitor this policy and accompanying procedure to ensure it meets statutory and legal requirements including the Data Protection Act, Children’s Act, Rehabilitation of Offenders Act, Fraud Act, Police and Criminal Evidence Act, Money Laundering Act and Prevention of Terrorism Act.

Ensuring the Effectiveness of the Policy

All Trustees and new workers will receive a copy of the confidentiality policy via the induction procedure. The policy will be reviewed every year and amendments should be proposed and agreed by the Trustees.