Knowledge Base » Safeguarding » What is Confidentiality? Show
Confidentiality definitionConfidentiality is a set of rules that limits access or places restrictions on the use of certain types of information. It is usually executed through confidentiality agreements and policies. What is confidential information?Confidential information includes non-public information disclosed or made available to the receiving party, directly or indirectly, through any means of communication or observation. Examples of confidential information are:
Why is confidentiality important?Confidentiality is important because:
What is confidentiality in health and social care?In relation to the health and social care sector, confidentiality refers to personal information about patients and restricts who has access to it. The patient should be informed on what his or her information is being used for and who has access to it, and they should give consent for it to be used in this way. A health system with strong privacy mechanisms promotes public confidence in healthcare services. A valid example can be found on the National Health Service (NHS England) website with a dedicated page outlining how confidential patient information is used. The Health and Social Care Information Centre (now called National Health Service Digital) has created a professional guide to confidentiality in health and social care. The guide is focused on five main confidentiality rules: 1. Confidential information about service users or patients should be treated confidentially and respectfully. 2. Members of a care team should share confidential information when it is needed for the safe and effective care of an individual. 3. Information that is shared for the benefit of the community should be anonymised. 4. An individual’s right to object to the sharing of confidential information about them should be respected. 5. Organisations should put policies, procedures and systems in place to ensure confidentiality rules are followed. There is also legislation in place on confidentiality in the health and social care sector which sets out rules on how to treat patient information and identifies when information can be legally disclosed (for example in the case of a safeguarding concern). The main pieces of legislation related to confidentiality in health and social care are:
In the United Kingdom information about an individual’s Human Immunodeficiency Virus (HIV) status is kept confidential within the National Health Service. This is established by the law, the National Health Service Constitution and in key National Health Service rules and procedures. What is patient confidentiality?It is important to clarify that confidentiality in health and social care does not include only medical records and personal data. According to the principle of patient confidentiality, a doctor or medical practitioner cannot reveal anything said to them by their patients during a consultation or a treatment as long as it remains capable of identifying the individual it relates to. Patient confidentiality is necessary for building trust between patients and medical professionals. Patients disclose private and confidential information to their doctor or medical practitioner so that they can be treated and they are more likely to do so if they trust their doctor. With better information doctors can make better-informed decisions that lead to better health outcomes. On the other hand, if patients were not guaranteed patient confidentiality they would not be so keen on disclosing certain information for fear of judgement and their treatment being impacted. What is confidentiality in schools?Confidentiality of student information protects pupils and their families from personal information disclosure. Schools play a key role in creating a safe environment for children where they feel valued and that they belong. If disclosed, some information about children and families may lead to discrimination or compromise families’ or pupils’ safety in some cases. A system with strong confidentiality measures promotes positive emotional wellbeing, trust and respect and generates public confidence in the education system. This makes it possible for children to open up about their problems and for schools to support them in a safe and non-stigmatised way. This is not just best practice. In fact, schools need to adhere to the General Data Protection Regulation (GDPR) guidelines and protect personal information and “special category data” information efficiently. You can learn more about data protection in schools in our knowledge base. What is considered confidential information in the workplace?Workplace confidentiality refers to any confidential information related to the business or its employees which the company or its employees have access to during the course of their employment. Personal and sensitive dataWhen employing a member of staff the employer needs to comply with privacy and confidentiality laws in the UK. The Data Protection Act from 2018 outlines how personal data must be handled:
There are stricter rules for handling “sensitive data” like ethnicity, race, religious beliefs and data about biometrics. The law also gives people the right to know:
The Chartered Institute of Personnel and Development (CIPD) has outlined guidance on data protection law in the UK, covering employers’ obligations and individual rights to access the information. Confidential information about the company and trade secretsCompanies often ask their employees (or contractors and professionals hired for specific projects) to sign a non-disclosure agreement at the beginning of their employment to prevent them from sharing business secrets and sensitive information with the public or with competitors. This information often includes secret formulas, processes and methods used in production that gives the company an advantage over others that do not know the information. This is often not an option but a condition for employment (or to work) with that company. In fact, allowing even one employee (or contractor or professional) to refuse to sign the agreement and still get the job would undermine the validity of the same agreement signed by others. A non-disclosure agreement is a legal contract that restricts the use of ideas and information to a specific permitted purpose for a specific period of time, after which the information can be disclosed. It is common to limit the non-disclosure agreement to three to five years, but some information could be kept confidential without a time limit. Examples are non-patentable know-how, secret recipes (e.g. Coca-Cola), lists of customers or personal information about individuals involved in a project. Non-disclosure agreements are different from confidentiality agreements. Non-disclosure agreements are used when the obligation to keep information secret is unilateral, while confidentiality agreements are used when multiple parties have to keep each other’s “secrets” confidential. A strong system of reciprocal confidentiality between a company and its employees (or contractors and professionals) builds trustworthy working relationships underpinned by mutual respect. What is considered confidential and proprietary information?Confidential information refers to information that is meant to be kept secret within a certain circle of people and not intended to be made public. Proprietary information relates to property or ownership, as proprietary rights. All trade secrets (secret formulas, processes and methods used in production that gives the company owning them an advantage over others that do not know the information) and confidential information are proprietary information, but proprietary information may also include intellectual property rights such as copyrighted information and patents which are not necessarily kept secret. It is important for employers to develop and implement confidential and proprietary information policies. During the course of their employment, employees may inevitably have access to their employer’s confidential and proprietary information as well as confidential information (including personal data) about customers, clients, suppliers, partners or colleagues. A policy should establish some ground rules on how to handle this information as well as the consequences for unauthorised disclosure or use of confidential information. What is a confidentiality policy?Confidentiality policies are needed to:
Failure to protect and secure confidential information may not only lead to the loss of business or clients, but it also unlocks the danger of confidential information being used to commit illegal or immoral activities. A confidentiality policy should include:
A great example of a confidentiality policy is the one outlined by the National Health Service (NHS England) including all the principles that must be observed by all who work within the organisation and have access to person-identifiable information or confidential information. What is a breach of confidentiality?A breach of confidentiality is when private information is disclosed to a third party without the owner’s consent. A breach of confidentiality can result in:
Some examples of breach of confidentiality are:
It can happen accidentally to anyone. Protecting confidential information is essential for maintaining trust and ongoing business with clients. British Airways was fined £20m by the Information Commissioner’s Office for a data breach which affected more than 400,000 customers. The breach took place in 2018 and affected both personal and credit card data. The average compensation awarded for GDPR data breaches is between £1,000 and £42,900, however in some cases, if the breach has caused distress, the claimant can claim compensation for that. Breaching confidentiality in healthcare, in the legal profession or in matters of state security is particularly significant as it is considered a common law offence. There are exceptions as to when confidential information can be disclosed for legitimate reasons. It is very important that these exceptions are outlined in detail in confidentiality agreements, confidentiality policies and non-disclosure agreements, together with the procedure to follow on these occasions. Cyber data breachA cyber data breach occurs when someone maliciously (without authorisation) attacks an organisation’s computer networks (“cyber space”) and accesses data and confidential information. According to the latest report published by the International Business Machine Corporation (IBM) in July 2021, the cost of cyber data breach hit a record high during the pandemic. Cyber criminals very quickly used the pandemic to their advantage. The global study suggests that data breach incidents became more costly and harder to contain, with costs rising 10% compared to the previous year. The reasons for this cost increase were found on:
Compromised credentials were the most common cause for the breaches, according to the study, and customers’ personal data was the most common type of information exposed. The adoption of artificial intelligence, security analytics and encryption were the top three mitigating factors shown to reduce the cost of a breach. Other factors that helped to reduce and contain the cost were found on a “zero trust” approach and cloud migration. Data breaches in healthcare were the most expensive by industry, followed by the financial sector and pharmaceuticals. Retail, media, hospitality and the public sector experienced a large increase in costs compared to the previous year. According to a global survey carried out in 2020 by PricewaterhouseCoopers (PwC), 28% of the consumers interviewed said their trust in technology used by the companies has been falling and 60% expect a data breach. These reports clearly show that there is some way to go to offer better data protection; all the while, hackers are coming up with new ways to attack. Understanding GDPRJust £20Study online and gain a full CPD certificate posted out to you the very next working day. Take a look at this course About the authorEvie has worked at CPD Online College since August 2021. She is currently doing an apprenticeship in Level 3 Business Administration. Evie's main roles are to upload blog articles and courses to the website. Outside of work, Evie loves horse riding and spending time with her family. Similar postsWhat are the 3 groups of sensitive information that must be kept private and confidential?Here are the top 3 types of documents you should protect.. Documents with Employees' & Clients' Personal Information.. Office Plans, Office IDs and Internal Procedure Manuals.. Contracts and Commercial Documents.. What are the types of confidential?There are, broadly speaking, five main types of confidential information.. Employee Information. ... . Managerial Information. ... . Organisational Information. ... . Customer or Contact Information. ... . Professional Information.. What are examples of confidential information?Examples of confidential information are:
Names, dates of birth, addresses, contact details (of staff, clients, patients, pupils, etcetera). Personal bank details and credit card information. Images of staff, pupils or clients that confirm their identity and can be linked to additional personal information.
What types of information should be confidential?Personal data: Social Security Number, date of birth, marital status, and mailing address. Job application data: resume, background checks, and interview notes. Employment information: employment contract, pay rate, bonuses, and benefits.
|