• General principles

1. UK Chinese Women Connect Association (UKCWC) recognises that colleagues (employees, volunteers, trustees, secondees, students, etc.) gain information about individuals and organisations during the course of their work or activities. In most cases such information will not be stated as confidential and colleagues must exercise common sense and discretion in identifying whether this information should be communicated to others. Information given in confidence must not be disclosed without consent unless there is a justifiable reason e.g. a requirement of law or there is an overriding public interest to do so.
2. Confidential information includes anything that contains the means to identify a person, e.g. name, address, postcode, date of birth, National Insurance Number, passport and bank details. It includes information about sexual life, beliefs, commission or alleged commission of offences and other sensitive personal information as defined by the Data Protection Act. It also includes information about organisations such as confidential business plans, financial information, contracts, trade secrets and procurement information.
3. Colleagues should seek advice from the committee about confidentiality and sharing information as necessary.
4. Colleagues will avoid exchanging personal information or comments about individuals with whom they have a professional relationship.
5. Talking about the private life of a colleague is to be avoided at all times, unless the colleague in question has instigated the conversation.
6. Colleagues will avoid discussing confidential information about organisations or individuals in social settings.
7. Colleagues will not disclose to anyone, other than their line manager, any information considered sensitive, personal, financial or private without the knowledge or consent of the individual, or an officer, in the case of an organisation.
8. Where there is a statutory duty on UKCWC to disclose information, the person or people involved will usually be informed that disclosure has or will be made unless this would put at risk the safety of any individual or jeopardise a potential criminal investigation. Details about disclosure of information and who has been informed will always be kept on record and stored securely with restricted access.
9. Confidential information will be stored securely. It will not be left on desks but locked away. On the computer it will be stored in password protected folders.

• Why information is held

1. Most information held by UKCWC relates to individuals, voluntary and community organisations, self-help groups, volunteers, students, employees, trustees or services which support or fund them.
2. Information is kept to enable UKCWC colleagues to understand the history and activities of individuals or organisations in order to deliver the most appropriate services.
3. UKCWC has a role in putting people in touch with voluntary and community organisations and keeps contact details which are passed on to any enquirer, except where the group or organisation expressly requests that the details remain confidential.
4. Information about students is given to the training organisation and the college, but to no one else.  
5. Information about protected equality characteristics of users is kept for the purposes of monitoring our equal opportunities policy and also for reporting back to funders.

• Access to information

1. Information is confidential to UKCWC as an organisation and may be passed to colleagues, line managers or trustees on a need to know basis to ensure the best quality service for users.
2. Where information is sensitive, i.e. it involves disputes or legal issues, it will be confidential to the colleague dealing with the case and the Committee. Such information should be clearly labelled ‘Confidential’ and should state the names of the colleagues entitled to access the information and the name of any individual or group who may request access to the information.
3. Colleagues will not withhold information from their line manager unless it is purely personal.
4. Users may have sight of UKCWC records held in their name or that of their organisation. The request must be in writing to the Chair giving 14 days’ notice and be signed by the individual, or in the case of an organisation’s records, by the Chair or Trustee. Sensitive information as outlined in para 3.2 will only be made available to the person or organisation named on the file.
5. Colleagues may have sight of their personnel records by giving 14 days’ notice in writing to the Chair.
6. When photocopying or working on confidential documents, colleagues should ensure people passing do not see them. This also applies to information on computer screens.

• Storing information

1. General non-confidential information about organisations is kept in unlocked filing cabinets and in computer files with open access to all UKCWC colleagues.
2. Personnel information on employees, volunteers, students and other individuals working within UKCWC will be kept in lockable filing cabinets by line managers and will be accessible to the Chair.
3. Files or filing cabinet drawers bearing confidential information should be labelled ‘confidential’.
4. In an emergency situation, the Chair may authorise access to files by other people.

• Duty to disclose information

1. There is a legal duty to disclose some information including:
2. Child and vulnerable adult abuse will be reported to the relevant statutory services
3. Drug trafficking, money laundering or acts of terrorism will be disclosed to the police.
4. In addition, colleagues believing an illegal act has taken place, or that a user is at risk of harming themselves or others, must report this to the Chief Officer who will report it to the appropriate authorities.  
5. Users should be informed of this disclosure unless this would put at risk the safety of any individual or jeopardise a potential criminal investigation. Details about disclosure of information and who has been informed will always be kept on record and stored securely with restricted access.

• Disclosures

1. UKCWC complies fully with the DBS Code of practice regarding the correct handling, use, storage, retention and disposal of Disclosures and Disclosure information.
2. Disclosure information is always kept separately from an applicant’s personnel file in secure storage with access limited to those who are entitled to see it as part of their duties. It is a criminal offence to pass this information to anyone who is not entitled to receive it.
3. Documents will be kept for a year and then destroyed by secure means.  Photocopies will not be kept. However, UKCWC will keep a record of the date of issue of a Disclosure, the name of the subject, the type of Disclosure requested, the position for which the Disclosure was requested, the unique reference number of the Disclosure and the details of the recruitment decision taken.

• Data Protection Act

           Information about individuals, whether on computer or on paper, falls within the scope of the Data Protection Act and must comply with the data protection principles. These are that personal data must be:

• Obtained and processed fairly and lawfully.
• Held only for specified lawful purposes.
• Adequate, relevant and not excessive.
• Accurate and where necessary kept up to date.
• Not kept longer than necessary, for the purpose(s) it is used
• Processed in accordance with the rights of the data subject under the Act.
• Appropriate technical and organisational measures are to be taken to guard against loss or destruction of, or damage to, personal data
• Not transferred to countries outside the European Economic Area without an adequate level of protection in place.

• Breach of confidentiality

          Misuse of personal data and security incidents must be reported to the committee so that steps can be taken to rectify the problem and ensure that the same problem does not occur again. This includes unauthorised access to person-identifiable information where a member of the committee, or third party, does not have a need to know. It also includes incidents of information lying around in a public area, theft and loss of information