Confidentiality Policy

Print PDF

The  following is a Sample Policy intended as a guide and training tool.

Confidentiality Policy


Introduction and Purpose
The purpose of the Confidentiality Policy is to provide staff, volunteers and clients with the organisation’s understanding of confidentiality, clear guidelines regarding handling of confidential information, to prescribe limits of behaviour and assign responsibilities.

Name of Organisation reserve the right to change the policy and to expect adherence to the changed policy. Areas not specifically covered by these policies shall be determined by the Management Committee of Name of Organisation.

Confidentiality is central and integral part of the organisation, it offers safety and privacy. Information given is held in strict confidence and in line with Data Protection Acts. .

This policy should be read in conjunction with our Data Protection Policy and Access Request Policy.

Specific Responsibilities
Name of Organisation is responsible for ensuring that all staff and volunteers involved in dealing with confidential information and data receive appropriate training, supervision and support regarding the policy and their legal responsibilities. All staff must sign a Confidentiality Agreement.

Manager’s Responsibility
The manager is responsible for ensuring that a copy of this document is available to all staff and volunteers and is available to users of the service. It is the responsibility of the manager to ensure the staff sign the Agreement and received training as necessary.

Individual’s Responsibility
Individual staff and volunteers are required to act in accordance with the policy, failure to do so will be considered as an act of gross misconduct and will result in disciplinary action.
Collecting information

Name of Organisation collects and uses information for the following purposes:
• to undertake advertising, marketing, direct recruitment and public relations exercises.
• to meet insurance policy requirements.
• to provide personnel, payroll and pension administration services.
• to update databases within Name of Organisation.
• to enhance or improve service users experience of services.
• to provide online resources and services.
• to recruit and select staff and volunteers for available positions.
• to provide screening services, including Garda Vetting.
• to provide training and support services.

Definition and principles of confidentiality
All information that:-
a. is or has been obtained during, or in the course involvement, or has otherwise been acquired in trust due to involvement with the organisation,

b. relates particularly to the organisation’s business, clients or that of other persons or bodies with whom we have dealings of any sort, and

c. has not been made public by, or with our authority,

is confidential, and (save in the course of our business or as required by law)  a employee/volunteer/service user shall not at any time, whether before or after the end of their involvement, disclose such information in any form to any person without our written consent.

Employees/volunteers are expected to exercise care to keep safe all documentary or other material containing confidential information, and at the time of end of a individual’s involvement with the organisation, or at any other time upon demand, return to the organisation any such material in their possession.

Information held by the organisation and not independently available to a third party cannot be disclosed without the individual’s written consent and permission from Management.

Limits to Confidentiality
In exceptional circumstances the organisation may need to break confidentiality if they believe there is a real intent of serious harm or danger to either their client or another individual. Such circumstances may pertain to issues relating to sexual abuse, rape, self-harm, suicidal ideation or criminal activity.  In as far as is possible, in such cases, a full explanation will be given regarding the necessary procedures that may need to be taken. 

Data Protection Responsibilities
In addition to the duty of care regarding Confidentiality outlined above, the Data Protection Acts imposes legal obligations on Name of Organisation, its staff and volunteers.

Name of Organisation takes seriously its responsibilities under the Data Protection Acts. The organisation is aware of and acts in accordance with the following eight Data Protection principles regarding information:
1. Obtain and process information fairly
2. Keep it only for one or more specified, explicit and lawful purposes
3. Use and disclose information only in ways compatible with these purposes
4. Keep it safe and secure
5. Keep it accurate, complete and up-to-date
6. Ensure it is adequate, relevant and not excessive
7. Retain for no longer than is necessary
8. Allow individual’s access to their  personal data, on request

Name of Organisation Data Protection Policy outlines our Data protection practices and procedures as is available on request from the Manager.

Wrongful disclosure
Wrongful disclosure can occur in at least two ways. It can be by either act or omission. The first would be where confidential information is deliberately passed on to a third party. The second would be where confidential information is disclosed to a third party through negligence. Wrongful disclosure will be considered as an act of gross misconduct and will result in disciplinary action


Policy Feedback and Review
Constructive feedback on this Policy is always welcome. It must be given to
Name of Organisation Manager who will ensure that the Management Committee considers it.

The Confidentiality Policy was adopted at Management Committee Meeting dated: ________________________________________ 

Signed by Chairperson on behalf of Management Committee: _________________________________

SAMPLE Confidentiality Agreement

I have read and understand the content of Name of Organisation Confidentiality Policy.

I agree to act in accordance with the Confidentiality Policy.

I am aware that information that:-
a. is or has been obtained during, or in the course involvement, or has otherwise been acquired in trust due to involvement with the organisation,

b. relates particularly to the organisation’s business, clients or that of other persons or bodies with whom we have dealings of any sort, and

c. has not been made public by, or with our authority,

is confidential, and (save in the course of our business or as required by law)  a employee/volunteer/service user shall not at any time, whether before or after the end of their involvement, disclose such information in any form to any person without our written consent.

I agree to exercise care to keep safe all documentary or other material containing confidential information, and at the time of end of my involvement with Name of Organisation, or at any other time upon demand, return to the organisation any such material in my possession.

I agree not to disclose any information held by the organisation and not independently available to a third party without the individual’s written consent and permission from Management.

I realise that a breach of confidentiality is considered an act of Gross Misconduct and is subject to disciplinary action.


Signed: ________________________


Dated:__________________________