Confidentiality is a fundamental principle of any services to the public and to companies. TechnoBytes must preserve and maintain the confidentiality of the information we hold. TechnoBytes and its employees have an obligation not to disclose client information, be it personal or otherwise, as a result of various Acts of Parliament. These are:
a. Data Protection Act 1998 – This Act was passed as a result of the EU Directive and it protects personal data held on all media.
b. Common Law Duty of Confidence – This is the duty placed on organisations as a result of case law regarding confidentiality.
c. Human Rights Act 1998 – This Act was passed as a result of the European Convention on Human Rights. This is intended to protect certain rights of individuals. In terms of confidentiality, the key part is Article 8 – “the right to respect for private and family life, home and correspondence”. This gives an individual the right to live their life with personal privacy in a way that does not infringe on the rights of anyone else. This could include information held about them in the form of diaries or personal records and the correspondence aspect is equally as broad.
d. Terms and conditions of employment – When any member of staff takes up a post with the TechnoBytes, their contract of employment includes certain terms and conditions. These include the requirement to maintain and protect the confidentiality of company and client information. All staff are contractually required to adhere to this policy.
e. Regulation of Investigatory Powers Act 2000 – This Act is intended to combat cybercrime. It ensures that any interceptions do not breach an individual’s human rights and requires that appropriate authorisations are obtained when required. The Act also supplements exiting legislation, for example any information collected under this Act still falls under the Data Protection Act and its principles.
f. Computer Misuse Act 1990 – This Act makes it a criminal offence to access or damage computer data without authority.
This policy applies to:
- All employees of TechnoBytes
- Work placements
- Agency/locum staff
- All contractors and sub-contractors, and TechnoBytes will ensure that all contracts will include a suitable confidentiality clause.
In addition to the above, all official visitors TechnoBytes premises must acknowledge the need to protect confidentiality.
The Collins Dictionary (1988) identifies something being confidential as:
- spoken or given in confidence, private
- entrusted with another’s secret affairs
- suggestive of intimacy
This brings a significant expectation from the individuals concerned. ‘Trust’ is central to the concept of confidentiality.
Guidelines for practice
Staff must not access any confidential information held in any form when they have no proper reason to do so in the course of their duties. When dealing with information of any nature, staff must be aware of their personal responsibility and undertake to abide by the policies and procedures of the company.
All computer access must be password controlled. Passwords must be constructed to minimise the possibility of either being memorised by an onlooker or a guessed by a hacker or colleague.
TechnoBytes Partners must determine what systems staff have access to and the level of that access. TechnoBytes Partners will ensure that their staff have the necessary training in the appropriate use of these systems.
Staff contracts contain a statement enforcing the duty to respect the confidentiality of information. Where contractors and employment agencies are used, the contracts between TechnoBytes and these third parties must contain clauses to ensure that contract staff are bound by the same obligations as TechnoBytes staff.
Managers must ensure that staff are made aware of their responsibilities.
Removal or change of access
When a member of staff leaves, TechnoBytes must ensure that:
- Rights of access to computer systems are rescinded
- Ownership of files and documents (held in any format) are transferred to another appropriate member of staff
- Identity badges are returned
- Any company property (e.g. keys) is returned
No document containing confidential information is to be left where it can be viewed by anyone without the authority or need to do so. This includes telephone messages, computer prints, faxes and other documents.
All company hardware containing confidential data must be located in a secure environment. This applies to the major systems, all file servers, personal computers, laptops and PDAs.
All records will be disposed of with confidentiality in mind. All formatting of hard disks will be to UK government standards, which with current technology are deemed irretrievable, along with a generated report. Any paper documentation will be shredded before disposal.
Training on confidentiality, Data Protection, Freedom of Information and IT Security will be included in TechnoBytes training and development plan. All new members of staff are required to undergo such training.
Breaches of confidentiality
Staff are contractually obliged to abide by this policy. Any breach of confidentiality must be reported to one of TechnoBytes Partners.
This policy will be reviewed in May 2012. Earlier review may be required in response to relevant changes in legislation.