Confidentiality and Privacy Policy

Updated 01/03/24

Introduction

Base One strives to adopt principles of openness and transparency in its business operations; however, we also ensure that we are aligned with confidentially and data protections laws.

This document outlines our approach to Confidentially and Privacy throughout the company, with regard to electronic data, written records, verbal communications, and other any other disclosure mechanisms. This policy should be read in conjunction with Base One’s  Data Protection and GDPR Policy.

Scope

This policy applies to all employees and stakeholders of Base One, including clients.

Definition of Confidentiality

We define confidentiality as the protection of information on individuals, specifically the clients that use our services. This protection also extends to other information in our possession such as business processes, staff information, business finances and any other relevant data or knowledge assets that are not intended to be shared outside of Base One Directors, staff or approved 3rd parties.

Information Sharing and Access to Data

Information is valuable and should be protected. Privacy and confidentially are key tenants of our service, with information only being shared:

  • With staff members who require the information to provide the actions described in their job description.
  • 3rd Parties that have the legal basis to have access to that information. For example:

o Local Authorities.

o Social Workers.

o Accountants (finance information only).

o Payroll services (staff and finance information only).

o HMRC (finance and staff information only).

o Other governmental branches (for example UK Border Agency).

Please refer to our Data Protection and GDPR Policy for more details on data sharing, storage, and retention.

Types of Sharing

Information can be transmitted between parties in many ways, some of which are:

  • Electronically, sending or storing electronic data.
  • Physically – storing information on paper or another format.
  • Verbally.
  • Nonverbally (for example, answering confidential questions from a non- authorised user by gesturing).

Consent to Provide Information

Depending on the information type and the pre-authorisation of the recipient, in all cases consent must be given by the individual whose information is being shared.

When getting consent to share confidential information, a record should always be kept of the agreement. These should contain the name and signature of the person giving consent as well as the date and time it was given for traceability.

When a young person moves into Base One, they will be asked to sign a Confidentiality Agreement, giving us permission to discuss their progress and any concerns etc. with everyone in their support network. This will be signed, dated and kept on their individual files. Base One will seek to notify young people prior to any discussions/meetings about them to inform them when this is happening.

In the case of company data, consent will be required by one or more company Directors. Protective Controls over Data Sharing Staff or 3rd parties that have access to Base One confidential information should protect individual’s privacy by:

  • Ensuring that they only communicate through secure means – to only authorised individuals’ or organisations and ensuring consent is in place if required.
  • Ensuring that they are communicating information to the correct end point. For example, checking email addresses/reply to chains or identification before relating confidential information.
  • Not writing confidential information down and leaving it in unsecure areas.
  • Not taking any confidential information off site without line manger authorisation and without being aware of the requirement to store in a secure place
  • Not sharing confidential Base One information with members of their close family or friends that are not employed by Base One or an authorised 3rd party.
  • Not actively seeking out confidential information that is not relevant to their job-related tasks.
  • Ensuring the security of information that comes into their possession whether physically (locking away), virtually (storing in secure databases/systems) or not communicating related knowledge it in any form.
  • Not answering confidentially questions by non-authorised persons whether verbally or non-verbally.
  • Bringing any privacy and confidentially concerns to a Base One Director before performing other actions.

Limits to Confidentiality

Situations where Base One is able to breach confidentially:

  • A criminal offence is or has taken place.
  • An individual’s Health and Safety is in immediate danger.
  • A safeguarding concern.
  • An individual is felt to lack the Mental Capacity (as defined in the Mental Capacity Act 2005).

In all these cases, one or more Directors of Base One should be notified and the cations and authorisation should be clearly recorded by the person taking the action (signed & dated).

Statistical Recording

In some cases, Base One may be asked to contribute to anonymous statistical recording from organisations that produce reports and guidance in related areas. The Directors of Base One will decide on a case-by-case basis if these third parties are given data and ensure that if so, confidentially is not broken by anonymising the information. It would be highly unlikely that the information requested would be complied with if the data was not anonymised and the individuals identity could not be protected.