Bury AFC recognises that board members staff, volunteers and others who work within our Club may receive information about individuals (or organisations) whilst carrying out their duties. In many cases, such information will not be stated as confidential and we may have to exercise common sense and discretion in identifying whether information is expected to be confidential. This policy will help readers to understand Bury AFC’s expectations and the legal framework around confidentiality. It will guide staff and volunteers to know about their legal duty to break confidentiality under specific circumstances and help with information sharing in practice.
Bury AFC is committed to ensuring that any personal information that is provided to us will be processed and stored in accordance with the General Data Protection Regulations (GDPR) and Data Protection Act(DPA) 2018. GDPR and the DPA 2018 do not prevent or limit the sharing of information for the purpose of keeping children or adults at risk, safe. See separate policy covering Data Protection.
Confidentiality refers to all forms of information including personal information about staff, volunteers, fans, and the Club itself, whether the information is recorded or not. It centres on the concept of whether one individual is able to share information about another person or organisation, with another person(s) or organisation(s). Confidentiality covers the issue of seeking an individual’s consent to share information that is not available in the public domain too and this policy should help dispel any myths or misunderstandings about consent by incorporating the relevant law and guidance.
Data Protection concerns only personal information that is recorded, either manual or electronic.
Everyone needs to be aware of their responsibilities for safeguarding confidentiality and preserving information security. Working Together to Safeguard Children (2018) states that, ‘Fears about sharing information must not be allowed to stand in the way of the need to promote the welfare, and protect the safety of children, which must always be the paramount concern. To ensure effective safeguarding arrangements:
- all organisations and agencies should have arrangements in place that set out clearly the processes and the principles for sharing information. The arrangement should cover how information will be shared within their own organisation/agency; and with others who may be involved in a child’s life;
- all practitioners should not assume that someone else will pass on information that they think may be critical to keeping a child safe. If a practitioner has concerns about a child’s welfare and considers that they may be a child in need or that the child has suffered or is likely to suffer significant harm, then they should share the information with local authority children’s social care and/or the police. All practitioners should be particularly alert to the importance of sharing information when a child moves from one local authority into another, due to the risk that knowledge pertinent to keeping a child safe could be lost;
- all practitioners should aim to gain consent to share information, but should be mindful of situations where to do so would place a child at increased risk of harm. Information may be shared without consent if a practitioner has reason to believe that there is good reason to do so, and that the sharing of information will enhance the safeguarding of a child in a timely manner. When decisions are made to share or withhold information, practitioners should record who has been given the information and why. (p.17)
Principles of Confidentiality
Confidential information is information entrusted by an individual in confidence where there is a general obligation not to disclose that information without consent.
Confidential information may include personal information such as name, age, address and personal circumstances, as well as sensitive personal information regarding race, religious beliefs, health, sexuality, etc.
It is important that confidentiality obligations are fully understood with regard to our duty to follow the procedures for safeguarding children and vulnerable adults who are, or may potentially be, at risk of abusive practices. See policies covering “Safeguarding Children and Young Persons” and “Safeguarding Adults.”
Where child abuse is suspected people have a right to expect that those privy to their personal circumstances will not disclose any personal information learnt during the course of their duties, unless permission is given. Exceptions to this rule apply in certain circumstances including:
- An adult at risk is judged not to have the mental capacity to be able to make a decision, and a risk assessment indicates that a referral to services would be in their best interests in order that appropriate support can be sought
- Other people may be at risk
- Instances of drug trafficking, money laundering, acts of terrorism or other criminal activities where any people may be at risk of harm or criminality
Confidential information must only be shared on a ‘need to know’ basis. This will vary depending upon specific circumstances but it may be necessary to share information with, for example:
• Social Services
• A Club Welfare Officer
• A Board Member
• The Football Association
Remember that the term confidentiality does not mean secrecy. Do not promise to keep secrets. For example, if a young person alleges abuse, tell them that you must share what they have told you with someone who can help and that they have done the right thing in telling you.
Any written record of a sensitive nature must be stored securely, separate from general records, and accessible only to designated persons. Information which is relevant to safeguarding will often be data that is considered ‘special category personal data’, meaning that it is personal, sensitive and unlikely to be in the public domain. A principle exists whereby those entrusted with this information make sure that only those people who need to know about it, will have the information shared with them, such as those in positions listed previously, in order to keep the child or adult at risk safe. Where there is a need to share ‘special category personal data’, The Data Protection Act 2018 includes ‘safeguarding of children and individuals at risk’ as one of the conditions that allows practitioners to share information with others without consent:
- Information can be shared legally without consent, if a practitioner is unable to/cannot be reasonably expected to gain consent from the individual, or if to gain consent could place a child at risk;
- Relevant personal information can also be shared lawfully if it is to keep a child or individual at risk, safe from neglect, or physical, emotional or mental harm, or if it is protecting their physical, mental or emotional well-being’
For more detailed guidance on dealing with disclosures or suspected abuse, please refer to the Bury AFC policies covering “Safeguarding Children and Young Persons” and “Safeguarding Adults.” Both policies provide information on how to respond to allegations and suspicions appropriately. They also provide contact details for the specific people/organisations that you may need to approach.
- Sensitive information must only be shared on a need to know basis.
- Avoid gossip
- Consider the public interest. Base decisions to share information on the safety and well-being of that person or others who may be affected.
- If in doubt, seek advice from a Board Member or Club Welfare Officer.
- If you are dissatisfied with the conduct of a board member, staff member or volunteer at the Club and have sensitive information you wish to share, it should be shared in confidence with the Chair of Bury AFC, or the Secretary if the allegation refers to the Chair (see Bury AFC Whistleblowing Policy). Concerns will be investigated and any action taken as appropriate. It should be noted however that any allegation found to be malicious or ill-founded would become a disciplinary matter.
- General Data Protection Regulations (GDPR) and Data Protection Act 2018
- Human Rights Act (1998)
- Children Act (1989 2004)
- The Care Act 2014
- Mental Capacity Act 2005
- Bury AFC Safeguarding Children and Young Persons Policy
- Bury AFC Safeguarding Adults Policy
- Bury AFC Code of Conduct
- Bury AFC Whistleblowing Policy
The General Data Protection Regulations, Data Protection Act and Human Rights laws, are no barriers to justified information sharing, but provide a framework to ensure that personal information about living individuals is shared appropriately. Under these laws, staff and volunteers may share information without consent if, in their judgement, there is a lawful reason to do so, such as where safety may be compromised and an individual may be at risk of harm.