- 1. Policy Statement
- 2. Data Protection Act
- 3. Requests by Data Subjects for Access to Data Held
- 4. Breaking Confidentiality
- 5. Publication of this Policy
- 6. Confidentiality and the helpline
1. Policy Statement
1.1 Ecomdev is bound by the Dutch Data Protection Act (Dutch DPA) which implements the EU Data Protection Directive. This protects personal data and places restrictions on Ecomdev’s ability to disclose personal data within The Netherlands and overseas. Personal data is information relating to an individual from which they can be identified, e.g. name, address, tax details or national insurance number.
1.2 Ecomdev staff will often be entrusted with personal information given to them in confidence by an individual using Ecomdev services. Anyone working for Ecomdev has a duty to treat that information with respect. They also have a duty under the Data Protection Act 2000 to protect the confidentiality of personal information and to process that information fairly.
1.3 This confidentiality policy also applies to helpline employees.
2. Data Protection Act
2.1 The Data Protection Act regulates when and how an individual’s ‘personal data’ may be obtained, held, used, disclosed and generally processed. It applies to computerised processing of personal data and certain paper based files and records.
2.2 To comply with the law, information must be collected and used fairly, stored securely and not disclosed to any other person unlawfully. To do this, Ecomdev staff must comply with the Data Protection Principles, which are set out in the Data Protection Act. In summary, these state that personal data shall be:
- Processed fairly and lawfully and shall not be processed unless certain conditions are met
- Obtained for specified and lawful purposes and not further processed in a manner which is incompatible with that purpose
- Adequate, relevant and not excessive
- Accurate and, where necessary, kept up to date
- Kept for no longer than is necessary
- Processed in accordance with the data subject’s rights
- Protected by appropriate security
- Not transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.
3. Requests by Data Subjects for Access to Data Held
3.1 If an individual wishes to see any personal information about them held by Ecomdev, this can be shown to him or her and a copy made if one is requested. If a third party is acting on behalf of the individual, proof of the third party’s identity and the individual’s authority to disclose their information to their representative, must be obtained in writing. All requests must be responded to within 20 working days.
4. Breaking Confidentiality
4.1 Confidentiality may be broken in the following circumstances:
- Where the person from whom the information was obtained, and (if different) the person to whom it relates, consents
- Where the information is already available to the public from other sources
- Where the information is in the form of a summary or collection of information so framed that it is not possible to ascertain from it information relating to any particular person
- When there is a serious risk of harm to the individual, as in a threatened suicide
- To protect others. For example, information about possible child abuse should be disclosed to the appropriate agency.
- To prevent a serious criminal act, especially where others may be endangered, for example an act of terrorism.
4.2 There is no obligation in general to pass on knowledge of a crime. However, it is a criminal offence to:
- Deliberately mislead the police
- Receive a reward of any kind in return for not notifying the police about a criminal act
- Fail to notify the police about an act that could be construed as an act of terrorism
- Fail to notify the police about an act that could be construed as drug trafficking
- Knowingly take monies from a benefits agency fraudulently.
4.3 If a member of Ecomdev staff has to break confidentiality then the person whose personal information it is must be told that this is going to happen verbally if possible, or in writing if suitable. The member of staff should only do so after all attempts to persuade the individual to disclose the information voluntarily have failed. The Ecomdev Director should be consulted before disclosure. They will be responsible for making the final decision about breaching confidentiality and ensuring that the correct action is taken.
5. Publication of this Policy
5.1 This policy will be published on the Ecomdev website,
5.2 The fact that Ecomdev services, e.g. the helpline and website, are confidential and secure will be stated in all publicity and information materials.
6. Confidentiality and the helpline
6.1 The Ecomdev helpline is bound by this confidentiality policy.
6.2 The following general statement about confidentiality will be stated by the adviser during the course of each telephone call:
The information you give me will be dealt with confidentially. However if you want assistance to make grant applications, we will need your agreement to pass some of your personal details to charities that may be able to help you.
6.3 Many of the calls that Ecomdev helpline advisers handle will involve discussion of callers’ personal information and circumstances, in particular benefits checks and grants searches. When undertaking these services on behalf of callers, helpline advisers should remind callers of the confidential nature of the service and that their agreement to the sharing of this information may be needed in order to apply for grants on their behalf. It should be made clear to the caller which charities the information will be sent to. Callers should also be sent a copy of any letters, forms, emails or other communications containing their personal information that have been sent to charities.
6.4 There are certain other circumstances in which confidentiality may need to be broken. These are outlined in this policy under ‘breaking confidentiality’ together with the procedures that helpline advisers should follow.
6.5 A line will be included on all emails sent by the helpline to say:
Ecomdev helpline services are confidential and secure. However if you want assistance to make grant applications, we will need your agreement to pass some of your personal details to charities that may be able to help you.