Confidentiality & Disclosure Procedure

  1. Client information
    1. Clients must be made aware of Money Advice Plus’s (MAP’s) Confidentiality Policy during the first contact or appointment with the service. The client brochure, which should be given to, and the contents shown, to each client contains a summary of the Confidentiality Policy. Clients must be made aware that in some circumstances, for example under our duties to Safeguarding Adults, confidentiality must or may be breached.
    2. Discussion about issues in relation to a client or clients must take place within the MAP office or in properly constituted meetings focussing on the welfare of the client and conducted in a professional manner.
    3. Workers should not discuss clients or their cases in a public place even when the clients’ names are not mentioned.
    4. Casework and client information will generally be shared within the staff and volunteer team so that workers can assist each other’s clients and to allow supervision.
    5. Where a client is referred by another statutory/voluntary agency MAP must be assured the client has given permission before making contact. It may be necessary to contact the referrer to verify this.
    6. Try to avoid working through a 3rd party such as a relative or social worker, if possible. On a practical note, information can be missed or get confused. As important is the need to be sure you are acting in the best interest of the client and that clients are involved in decisions. If this is not practical, ensure you have the client’s permission to do so, preferably in writing or if not, permission must be noted on the case.
    7. Although MAP is sympathetic to peoples’ concerns about the security of stored data we are unable to provide advice and case work to a person who does not wish us to keep a record of at least their name, for the following reasons:
      • Our duties to break confidentiality under certain specific circumstances.
      • The need to know particular information to give accurate advice and the potential need to check accuracy later on.
      • The need to avoid any conflict of interest.
    8. Where appropriate, clients must be asked for permission to make their files available for inspection by a third party at the outset of the case. For example that required for advice quality audit purposes. This may not be appropriate in all cases and workers should use their discretion and obtain written authorities, as they consider appropriate. Where consent has not been explicitly requested and granted, then these cases will not be made available for external inspection.
    9. All requests for information from a third party must be with the consent of the client. A copy of the client’s written consent will normally be required to confirm this. The exception is a client for whom we act as Deputy in the Court of Protection, in which case a decision would be made by the Deputy on a case by case basis.
    10. Information specifically relating to confidentiality and disclosure when money-handling is written in the Handling Clients Money Procedure.
    11. It is possible to work with individuals who are closely related or who know each other, but particular care must be taken to work within the Conflict of Interest policy and procedure to maintain confidentiality.
  2. Confidential places
    1. Main offices are confidential areas. Staff must be made aware if a visitor or contractor is entering the office and to ensure that conversation cannot be overheard, confidential data on computer screens and paper cannot be seen.
    2. Locking up: The main responsibility is with the person who is last in the office to make sure no confidential information is left visible, cupboards and drawers containing confidential information are locked and if there is an intruder alarm, that this is set. If you do not feel confident with locking up duties, you must either seek guidance from a manager or make sure you are not the last to leave.
    3. All interview rooms must be confidential in both transmission of sound as well as view, and if required we will ensure blinds, radios and other mechanisms are used to ensure no breach of confidentiality can occur inadvertently.
    4. All outreach desks must comply with the confidentiality procedures. When we are asked to provide an advice desk in a non-confidential location, (such as attending a social club & staffing a desk in a corner of the main area), then we may attend to give out information but may not offer advice at the desk. Clients desiring advice can give their details and can be offered confidential advice appointments at a different location, if this is available.
    5. When meeting with a client in their home, it may be necessary to check with the client if there is a possibility of being overheard if there are others on the premises. Where possible, doors should be closed. However, it is important not to override Lone Working procedures.
      Confidential places Non-confidential places
      Internally, offices with solid close-able doors Anywhere where there are other clients
      Externally, anywhere where there is no possibility of being overhead Offices with unclosed doors
      Lockable cupboards Anywhere where there is a possibility of being overheard
      Lockable filing cabinets to which there is restricted access Hove Town Hall reception
      Interview rooms
      Outreach desks
      Archive store room
  3. Third Parties Requesting Information
    1. When third parties contact MAP, we will satisfy ourselves that the client has given authority for information sharing before doing so.
      3.1.1 The third party may be asked to provide a written authority from the client.
      3.1.2 The third party may be asked to make a verbal confirmation that they have explicit consent, if we are satisfied that the third party is bound by professional standards to not misrepresent this (eg social worker, lawyer etc).
      3.1.3 We may contact the client and ask for verbal authority
      3.1.4 We may already have the client’s authority recorded on file.
    2. We have no duty of confidentiality to anyone who is not a client. However, a practice of routinely confirming individuals are not known to MAP enables implicit confirmation when clients are known to us. This creates risks of confidentiality breaches, and in particular risks to people escaping domestic abuse.
      Hence any correspondence or enquiry about individuals is dealt with on a case by case basis:

      • Normally we can confirm to professionals when individuals are not known to us, or we have not received a referral.
      • Correspondence received about individuals who are not clients may be returned to sender.

      In other cases, the standard response to enquiries will be the same whether or not the individual being enquired about is known to MAP.

    3. How to deal with enquiries from third parties:
      Telephone enquiries:

      • “I’m sorry I cannot give out information about any client. If you would like to leave a number, or email us with your query, we can check and get back to you if we’re able.”
      • This should be without confirming whether or not the person is a client.
      • You may take a message.
      • You may put the caller on hold while you check if the caseworker or duty supervisor is able to take the call.
      • Messages about clients should be passed to their caseworker, and for non-clients to the data-protection lead worker.

      Email enquiries and letters:

      • These can be forwarded to a client’s caseworker or for non/closed clients to the data protection lead.
      • NB that it is not essential to acknowledge receipt of letters or respond to requests from third parties unless the client has given explicit consent to do so. However, any enquiries may be responded to confirming that we are unable to give out information to third parties without explicit consent and inviting the third party to provide written consent.
  4. Staff and volunteers and the confidentiality policy
    1. Members of staff & volunteers must observe the policy and procedures at all times. The confidentiality policy of the service will be discussed at the interviewing stage of recruiting new staff & volunteers, and studied during the period of induction.
    2. Personal details of any member of MAP staff & volunteers must not be disclosed to a third party without express permission.
    3. Any personal information volunteered by staff & volunteers in the course of training must remain confidential to those sessions. It is the responsibility of the individual to take responsibility for what they chose to disclose at such sessions and up to the trainer to manage the appropriateness of the disclosure.
    4. Any personal information discussed at supervision meetings, please refer to supervision procedure.
  5. External contractors
    1. When external contractors are employed for example to assist with data processing or consultants to assist with business development or organisational improvements they may need to have access to client information that would normally be confidential to the organisation.
    2. In these circumstances the confidentiality agreement at Appendix 1 or Appendix 2 must be signed and returned before access is allowed.
  6. Breaching confidentiality
    1. The views and wishes of clients should always be respected when sharing data.
    2. In common with many agencies however, MAP cannot guarantee a fully confidential service. There will always be exceptional circumstances when the wider public interest outweighs responsibility to the individual and clients must be made aware that some circumstances may merit a breach of confidentiality.
    3. Circumstances when confidentiality may not be maintainable:
    4. Procedure when considering a breach of confidentiality
      There may be some circumstances where an informed decision to break confidentiality may be made. The nature of our business makes it impossible to anticipate every eventuality that may occur.
      In order to reach an informed decision, the following steps must be followed:

      • The worker should raise the matter immediately with a Manager (or the Chief Executive or a Trustee according to availability). The Manager will be responsible for keeping a record of the decision making process. It is important to be prepared for any decision to be questioned at a later date.
      • The worker must discuss with the Manager the issues involved in the case and explain why they feel confidentiality should be breached and what would be achieved by breaching confidentiality.
      • The Manager is responsible for discussing with the worker what options are available in each set of circumstances.
      • If the Manager decides there is a case for a breach of confidentiality then they should take the steps either in the following box A (Safeguarding/abuse of a vulnerable adult) or box B (Non-safeguarding: breach of confidentiality for any other reason).

      All breaches of confidentiality, i.e. where we have informed a third party without the client’s permission, must be reported to Trustees.

    5. Guidance for those making an informed decision whether or not to breach confidentiality:
      • Each decision must be made on a case by case basis.
      • Data Protection: consider the persons’ rights under the GDPR. In some cases, if you unlawfully disclose certain information, you could be held liable. GDPR allows for processing without consent (including sharing data with a third party) if there is a legitimate interest in doing so.
      • You should consider why the third party wants the information, whether they actually need it, and what they will do with it. You need to demonstrate that the disclosure is justified by balancing the need against the individual’s rights and freedoms, but it will be the third party’s responsibility to determine their lawful basis for their own processing.
      • Health and Safety: consider if a breach or non-breach could have a detrimental effect on the health and safety of staff and/or clients and the possible seriousness of the effect.
      • Although MAP is not bound by the Law Society regulations, it is good practice to consider solicitor’s duty of confidentiality as a benchmark, as the loss of confidence among clients could have a serious detrimental effect on MAP’s reputation.
      • Extract: ‘You and your firm must keep the affairs of clients and former clients confidential except where disclosure is required or permitted by law or by your client (or former client)’.
      • If the police have issued a warrant for arrest for a client and MAP has been made aware of this, the nature of the alleged offence should be considered. A breach of confidentiality may be considered appropriate if the alleged offence causes a serious concern for public safety.
      • Risk of harm: Where a worker is alerted to the possibility that a client may harm themselves or others, this should be discussed with the Manager and options such as a referral to other more appropriate agencies considered. If a client who falls under the category of Vulnerable Adult tells you of their serious intention to harm themselves or others, they must be advised that MAP is duty bound to liaise with the relevant Social Work team and possibly raise a Safeguarding Adults alert.

      In any case, MAP staff cannot be expected to keep serious threats of harm to themselves and clients must be informed that we may need to liaise with other relevant bodies such as social workers or doctors.
      In the case of an emergency, when it is not possible to either inform the client or obtain their consent, before contacting an appropriate agency the steps set out in 6.4 must be followed.

  7. Rehabilitation of Offenders Act 1974
    1. This Act provides ex-offenders with the right not to reveal convictions in most situations when the offence has become “spent” after a rehabilitation period without a further offence.
    2. All cautions and convictions may eventually become spent, with the exception of prison sentences, or sentences of detention for young offenders, of over four years and all public protection sentences regardless of the length of sentence.
    3. Once a caution or conviction has become spent under the 1974 Act, a person does not have to reveal it or admit its existence in most circumstances. Unless an exception applies (see below), then spent cautions and convictions need not be disclosed when filling in a form, or at a job interview. An employer cannot refuse to employ someone (or dismiss someone) because he or she has a spent caution or conviction unless an exception applies.
    4. The exceptions where you may have to declare spent cautions and convictions are listed in the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (see Section 3 of this guidance). An employer should be able to say if an exception applies and, if so, where it can be found on the Exceptions Order.
  8. Conflicts of Interest

    This must be dealt with promptly and with minimum details disclosed. Confidentiality should not be breached when the MAP identifies a conflict of interest which necessitates informing one party that MAP can no longer act on their behalf.

  9. Further matters relating to confidentiality
    1. The Chief Executive or delegate should deal with all media inquiries and a record kept of any statement made.
    2. Any case histories used in publicity, Annual Report or funding application should be “composite” and should make identification of an individual client impossible.
  10. Reporting to Funders, and other project requirements
    1. Our advice service will provide the following information to social landlords and other funders:
      • Generic information about number of cases referred, activity types and engagement rates plus anonymised information about outcomes and impact for clients as a whole or by agency or project.
      • Equalities monitoring information by project where this cannot be used to identify individuals.
      • Information about changes in rent arrears for specific clients are provided to housing associations, but this is information the housing association already has access to.
      • Information about referral failures/non-engagement, as the person would not be considered to be a client.
    2. We will not provide personal or financial information without a client’s express permission.
    3. The Financial Support Line for Victims of Domestic Abuse (previously DEAP) is managed by our Eastbourne office with specific requirements. Because of the extreme vulnerability of many of the clients referred to this project, extra procedural steps are in place to protect their confidentiality as follows:
      • Referring agencies are asked to assess in advance the safety issues relating to individual clients and make a note of these on the referral form. This includes information about whether it is necessary to withhold our number.
      • Extreme care is taken when calling clients: messages are not left unless it has been confirmed that it is safe to do so, and arrangements for a password to be used are discussed.
      • Extra care is also taken with regard to revealing the address of a client, especially where this may lead to the discovery of details of a refuge.
      • Calls into the project are answered by nominated advisers only, who have received training in Domestic Abuse issues.
Disclosure of Crime

There may be instances when clients confide that they have committed/are about to commit a crime.

In English Law there is no duty to disclose a criminal offence so being aware of the crime is not assisting in that crime.

Exceptions to this are as follows and confidentiality must be breached in the following situations:

  • Terrorism Act 2006 It is an offence to fail to give information, which may help prevent acts of terrorism, or help arrest a terrorist.
  • Drug Trafficking Act 1994 This act makes it a criminal offence to fail to report to the police suspicion or knowledge of drug money laundering gained during the course of contact with a client.
  • Where a Court of Law declares that MAP has to give evidence from client records.
  • Where the police have powers under the Police and Criminal Evidence Act 1984 (PACE) to seize anything they reasonably believe is evidence in relation to an offence under investigation, which might otherwise be concealed, lost, altered or destroyed.
  • The Proceeds of Crime Act 2002 requires you to submit a Suspicious Activity Report to the National Crime Agency if you know or suspect that a person is engaged in, or attempting, money laundering.
  • The Money Laundering Regulations 2017. Please refer to MAPs’ Anti Money Laundering and Anti Terrorism Financing Policy

It is also, an offence to aid, abet, counsel or procure the commission of an offence. It is therefore important that workers make sure that they do not give, or in any way can be seen to be giving, encouragement or assistance in any way.

The Social Security Administration (Fraud) Act 1997
Under the Fraud Act advisers must not knowingly assist in any way with a fraudulent claim. However MAP is not under an obligation to pass details to the Benefit Agency – and should not as this would breach confidentiality.

You should follow this procedure:

  • Explain the legal implications and possible consequences.
  • Record that you have given this information to the client.
  • Make it clear that the client has a duty to disclose their change of circumstances.
  • If the person wishes to continue to use MAP services but is unwilling to give notification of their change in circumstance, you should consult the supervisor to consider ceasing to advise or assist the client with the claim. This will not stop you advising the client on benefits they are able to claim.

Example:

A client in receipt of benefits discloses to us that they have relevant income which is undeclared to the DWP, and we have advised them of their legal obligation to tell the DWP. In the case that the client says they do not intend to notify the DWP we will:

  • Confirm our advice in writing to the client including the consequences of not telling the DWP (fraud, overpayment etc).
  • Cease any advice to the client about benefits until we are reassured that the DWP have been notified; this will usually mean closing the case.

Do not destroy the relationship you are developing with the client by alarming them but ensure that if you have concerns about the information the client is disclosing, you tell them:

  • that what they are saying/about to say could break the law;
  • that you can assure them of confidentiality but need to warn them not to give any further details and they should seek advice from a solicitor;
  • You may be later summonsed as a witness.
Police attending Money Advice Plus

The police may approach MAP to gather information about a client. If there is advance warning of the visit, adopt the following procedure:

  • Inform the police that MAP operates a confidentiality policy and offer to go through its contents
  • Ensure all workers are aware that the police will be attending MAP
  • Ensure all clients who are due to attend MAP at the same time are made aware and given the option to come at another time
  • Ensure the procedure around clients’ information and documents is observed

PACE (Police and Criminal Evidence Act 1984) applies to searches of premises undertaken by the police for investigating an alleged offense. Here’s what to consider in a scenario where the police want to search an advice centre:

  • Authorisation for Search: Generally, the police require a warrant to search a premise like an advice centre. This warrant needs to be approved by a judge and specify the areas and items they are authorized to search for.
  • Exceptions: There are limited exceptions where a warrant might not be mandatory. These include situations where the police have reasonable suspicion that:
    • There’s evidence of a serious crime on the premises.
    • They need to search to arrest someone or prevent violence.
    • They need to seize items that could be used to harm someone.
  • Advice Centre’s Response:
    • The staff at the advice centre have the right to ask for the warrant and verify its details.
    • You can politely inquire about the purpose of the search and the items they are looking for.
    • It’s advisable to have a solicitor present during the search to ensure everything is conducted legally.
    • While you can’t prevent the search with a warrant, you can request not to be obstructed in your work and ensure client confidentiality is maintained.
Providing information to the police

If you fall under pressure to reveal information to the police without the client’s agreement or knowledge e.g. you are threatened with arrest, the following is the legal position:

  • The police have powers under the Police and Criminal Evidence Act 1984 (PACE). This provides general powers to police officers, lawfully in any premises, to seize anything they reasonably believe is evidence in relation to an offence under investigation, which might otherwise be concealed, lost, altered or destroyed. Preventing access to a room where records are kept forestalls the use of these powers. It is important to note that PACE only allows access to materials which would have been available to the police before 1986 and personal, confidential case records were not included.
  • The police can summons a worker as a witness. Failure to attend may result in the Court issuing a warrant to arrest and bring the witness before the Court. Failure to do so could result in a fine or committal to prison.

MAP can negotiate with the police or when attending the magistrates court and explain case records are confidential. MAP should also inform the client that the summons has been received and the penalties which may be levied. Workers should not discuss the evidence to be given with the client.

Crimes committed on the premises

If police are called following a break-in, care should be taken to ensure that cases are in locked cabinets, though you will not be able to disturb evidence.

If case records have been stolen the police should be told that they are confidential and should be returned unread if possible. If you need to call the Police because of a crime committed at MAP e.g. theft from the interview room, follow the steps outlined in the previous section on “Police attending Money Advice Plus”.

Child Abuse

You may receive an enquiry from a person who tells you they are the abuser or your client may be the victim of abuse (the Children Act 1989 and 2004 ensures that children can make enquiries independent of their parents so long as they have enough understanding and intelligence to make up their minds).

The legal position is that whilst some agencies, notably the police, have a statutory duty to report suspicions or evidence of child abuse to social services departments, this duty does not ordinarily apply to voluntary services offering confidential services.

However, because many MAP clients have been referred and are funded by Social Services there are contractual requirements on reporting.

MAP has a separate Safeguarding Children Policy and Procedure . All workers are required to bring any concerns that a child is being abused to their line manager who will discuss these with the Safeguarding Officer at the earliest opportunity.

Abuse of a vulnerable adult

The Care Act 2014 says that Safeguarding is everyone’s responsibility, and MAP is required to follow safeguarding procedures by some of its contracts with statutory authorities.

MAP has a separate Safeguarding Adults policy and procedure. All workers are required to bring any concerns about abuse to a supervisor or a Manager at the earliest opportunity.

Box A (Safeguarding/abuse of a vulnerable adult)

To report cases relating to abuse of children or vulnerable adults, follow the guidance contained in:
Pan Sussex Child Protection & Safeguarding Procedures and MAP’s policies and procedures

If there appears to be significant risk to the adult, and no one else, consideration needs to be given to whether their wishes should be overridden. The adult’s wishes should not stop professionals from fulfilling their responsibilities in relation to duty of care regarding appropriate sharing of information.

In these situations the adult should be:

  1. Advised about what information will be shared, with whom and the reasons for this.
  2. Advised that their views and wishes will be respected as far as possible by the local authority or other agencies in relation to any response they may have a duty to make.
  3. Provided with information regarding what happens when a local authority is advised of a safeguarding concern.
  4. Assured by the professional passing this information to the local authority, that their lack of consent to the information being shared, and their views and wishes regarding actions they do or do not want taken in relation to the situation as far as it affects them directly will also be explained to the local authority.

There are some circumstances where it is not possible to follow steps 1-4 above, for example if a first time caller to adviceline tells us they are going to harm themselves or others and we are unable to call them back, or we feel it will cause the situation to become more dangerous. The decision as to which of the steps may be omitted should also be taken after full consultation as outlined in 6.4

Box B (Non-safeguarding: breach of confidentiality for any other reason)
  1. Discuss with the Chief Executive (or a Trustee if the Chief Executive is not available). The Trustees are ultimately responsible to authorise breaches of confidentiality. Trustees will delegate this responsibility to the Chief Executive for practical purposes. However, the Chief Executive may also seek guidance from the Chair or Vice Chair of Trustees without breaching confidentiality in doing so.
  2. Brief the Chief Executive or Trustee on the full facts of the case. If it is agreed to breach confidentiality, the Line Manager should make a full written report on the case and any action agreed undertaken. The Chief Executive is responsible for ensuring all actions are carried out.
  3. If judged appropriate and wherever possible, the situation will be discussed with the client, the situation explained to them and their agreement obtained. If not appropriate, the reasons for this decision must be recorded so that the client can be informed, as requested, why confidentiality was breached in the public interest.
  4. If the Chief Executive or Trustee does not agree to breach confidentiality then this is the final decision of the organisation.

There may be a tension between the need to make a quick decision and the need to make an informed decision involving the relevant people. Difficulty in making contact should not be a reason for taking action without the relevant person giving the go-ahead. agreement. If the relevant people are not in the office and it is not a work day, discuss with another manager or Duty Supervisor. Personal phone numbers are kept in restricted parts of TEAMS or BrightHR.

Find out all you need to know when you use our services or contact us

See all policies