Objectives of our Policy and Procedures
- MY Trust holds large amounts of confidential information and places special emphasis on information quality, security and management. It is our policy to make sure that people have no surprises about how information about them is collected, held, used and destroyed. It is also our policy that the information and intellectual property belonging to our organisation is treated with the respect it deserves.
- It is the responsibility of all our staff, volunteers and Trustees to protect confidential information from inappropriate disclosure and to take every measure to ensure that person identifiable information is not made available to unauthorised persons. This applies to manual and computer records and also conversations about support or interventions with young people and/or staff. We expect this policy and accompanying procedures to become part of the DNA of all our staff, volunteers and Trustees. As such individuals, our partners and our organisation itself should be reassured by our commitment and actions.
- Our policy and accompanying procedures have two core objectives:
Objective 1: To ensure the information about service users, our staff and volunteers, and the intellectual property of our organisation is treated respectfully and within the law, regulation and stated expectations.
Objective 2: To provide clear, transparent guidance and procedures for our staff and volunteers to manage their work practically in accordance with this policy.
- Confidentiality is a cornerstone of practice within MY Trust and the relationship between a member of our staff and a young person depends on it. Young people and families need to be able to tell the truth about deeply personal matters, knowing that this information will not be improperly managed or disclosed. Similarly the relationship between MY Trust as an employer and our staff and volunteers also is one based on trust and confidentiality.
- People using our services as well as our staff and volunteers deserve a lot more than just information security. Individuals need to know that those responsible for working with them and our organisation more generally collects, manages and shares information reliably and effectively. Confidential information about an individual must not leak but it may well need to be shared in order to provide a seamless integrated service to a young person/family or effective management and support for an employee.
- The General Data Protection Regulation (GDPR), 2018 protects individuals against the misuse of personal data and may cover both manual and electronic records. All records held on computer or in manual files fall within the GDPR, unless the data in anonymised.