top of page

Confidentiality Policy


The charity is committed to providing a confidential service to its users. No information given to the charity will be shared with any other organisation or individual without the users expressed permission.

For the purpose of this policy, confidentiality relates to the transmission (verbal, written or electronic) of personal, sensitive or identifiable information about individuals or organisations (confidential information), which come into the possession or to the knowledge of the charity through its work.

It also includes internal charity discussions where premature disclosure outside the organisation could be damaging or misleading before final decisions have been authorised.

The charity holds personal data about its staff, users and volunteers which will only be used for the purposes for which it was gathered and will not be disclosed to anyone outside the charity without prior permission.

All personal data will be dealt with sensitively and in the strictest confidence internally and externally.


The purpose of this Confidentiality Policy is to ensure that all staff, volunteers and users understand the charity’s requirements in relation to the disclosure of personal data and confidential information.

This policy runs in conjunction with the GDPR.  General Data Protection Regulation (‘GDPR’) The General Data Protection Regulation 2016 replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.  The GDPR has its own clear guidelines regarding any breaches of confidentiality or personal data which includes the requirement to notify the Independent Commissioners Office itself.


  • All personal paper based and electronic data must be stored in accordance with GDPR and must be secured against unauthorised access, accidental disclosure, loss or destruction;

  • All personal paper-based and electronic data must only be accessible to those individuals authorised to have access.

Breaches of Confidentiality

The charity recognises that occasions may arise where an individual, employee or volunteer feels they need to breach confidentiality. Confidential or sensitive information relating to an individual may be divulged where there is a risk of danger to the individual, a volunteer or employee, or the public at large, or where it is against the law to withhold it. In these circumstances, information may be divulged by the Hub Manager to external agencies e.g. police or social services on a need to know basis.

Where a worker feels confidentiality should be breached the following steps will be taken:

  • The worker should raise the matter immediately with the Hub Manager who will inform the Chair of Trustees.

  • The individual must discuss with the Hub Manager and the Chair of Trustees the issues involved in the case and explain why they feel confidentiality should be breached and what would be achieved by breaching confidentiality. The Hub Manager should take a written note of this discussion

  • The Hub Manager and the Chair of Trustees are responsible for discussing with the individual what options are available in each set of circumstances

  • The Chair of Trustees is responsible for making a decision on whether confidentiality should be breached. If the Chair decides that confidentiality is to be breached then they should take the following steps:

  • If the Chair / Deputy Chair agrees to breach confidentiality, a full written report on the case should be made and any action agreed undertaken and should be documented with full reasons and reported to the Full Board. The Chair is responsible for ensuring that all activities are actioned

  • If the Chair / Deputy Chair does not agree to breach confidentiality, then this is the final decision of the charity and should be documented with full reasons and reported to the Full Board


Ensuring the Effectiveness of this Policy

All Trustees have access to this Confidentiality Policy. Existing and new employees or volunteers will be introduced to this policy via induction and training. 



Breaches of this policy will be dealt with under the Grievance and/or Disciplinary procedures as appropriate.


This Policy was written:  June 2022

This Policy will be reviewed:  June 2024

bottom of page