All BRWR volunteers are bound by a legal duty of confidentiality to protect the personal information of refugees. This is a requirement under the Data Protection Act 1998 and the common law duty of confidentiality. Under the Act, all people have the right to access their records
This means that all volunteers are obliged to keep any personal identifiable information about refugees confidential. BRWR committee are responsible for ensuring that all personal identifiable information about refugees are stored securely in accordance with the provisions of the Data Protection Act 1998.
What is identifiable information?
Examples are the person’s name, address, postcode, date of birth, occupation, telephone numbers…. and pictures, photographs, videos, audio-tapes of the person
What to do as a volunteer with BRWR
Maintain the confidentiality and privacy of refugees.
Only disclose information about a refugee family on a need to know basis and with their permission
There is a legal power to share information without the explicit consent of the individuals in certain situations (please refer to page 2 of this document). Communication should then be by telephone or in person only.
Be mindful about talking about refugees with other BRWR volunteers in public places where you can be overheard
Care should be taken with photographs of refugees – please ask for advice if unsure
Protect any personal written information on the refugee families when you are travelling.
Be careful how much personal information you include in e-mails, and how you delete and share electronic information
If you have any written confidential information about refugees, keep it in a secure place and make sure it is only kept for as long as is necessary and is securely destroyed
Faxing or scanning personal information – please be careful not to leave written information unattended at the point it is being sent and at the point it is being received. Make sure you are phoned immediately it is received.
Data Protection principles:
Personal data shall be processed fairly and lawfully
Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
Personal data shall be accurate and, where necessary, kept up to date
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or purposes
Personal data shall be processed in accordance with the rights of data subjects under this Act
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data & against accidental loss or destruction of, or damage to, personal data
Legal Power to Share Information without the explicit consent of the individual:
Disclosure and the sharing of personal identifiable information is governed by the requirement of Acts of Parliament and the common law duty of confidentiality. Any disclosure of personal information has to be consistent with the Human Rights Act 1998 (Article 8 – right to privacy and family life). Reasonable grounds to share information are when it is sufficiently in the public protection or public interest to do so for the prevention and detection of crime (Section 115 of the Crime and Disorder Act 1998), and/or the protection of the health, freedoms and rights of others e.g. to prevent instances of harm or abuse.
An example might be in an instance of a person self-harming: it may be necessary to share information e.g. with the person’s GP in order to manage that risk. The best way to do this legally and ethically is with the person’s consent. If consent is withheld, under Schedule 3 of the Data Protection Act 1998 any disclosure about an individual’s health is defined as ‘sensitive information’ and if you believe it is necessary for the ‘vital interests’ of the individual i.e. in a life and death situation, then BRWR have a lawful duty to make that disclosure. Please seek advice with the BRWR Safeguarding Lead if you are unsure.
The Data Protection Act allows for sharing of personal and sensitive data for the purposes of child protection in appropriate circumstances.
Any disclosure has to be consistent with the principle of proportionality. This means that the degree of incursion into a person’s privacy has to be proportionate with the level of risk or the seriousness of the crime. And disclosing information without the individual’s consent carries with it a risk of challenge if the disclosure has a detrimental effect on that individual’s life e.g. if it affected their employment prospects or their public reputation
Data Protection Principles in relation to any disclosure:
That the minimum required for the purpose is disclosed, that information disclosed is accurate and relevant, that information held or received is stored in a secure place, that the information is held no longer than is necessary, that information given by an individual for one purpose is not used for another purpose