Data protection laws exist for good reasons, and companies are legally required to adhere to them. When handling sensitive information, it is imperative that organisations practise a strict code of confidentiality.

In this blog, DBS Checks Online defines confidentiality, describes its importance, and focuses on the DBS code of confidentiality. Keep reading to find out everything you need to know about confidentiality when working with the sensitive information of employees or potential employees.

WHAT IS CONFIDENTIALITY?

Confidentiality is the principle of keeping sensitive information private. It involves a set of rules or a promise executed through confidentiality agreements that assure customers, clients and employees that their information will be kept private unless the owner or custodian of the data gives explicit consent that their data can be used. Confidentiality limits access and places restrictions on the use of certain types of information. 

WHY IS CONFIDENTIALITY IMPORTANT?

There are a number of reasons why confidentiality is important. Here are the main reasons why confidentiality must be upheld when working with the data of an employee:

1. Confidentiality builds trust, as employees will feel more confident in your company if all personal information is kept private and used appropriately. Sharing private employee information is not only a breach of privacy, but it will destroy employee trust, confidence and loyalty.
2. Confidentiality promotes confidence in your company. It also promotes confidence when upheld in certain industries, such as the healthcare system, and the school system.
3. It prevents the misuse of confidential information and ensures compliance with the law.
4. Confidentiality ensures that employee or client information is not used inappropriately, even going so far as fraud or other illegal activity.

WHAT IS THE GDPR?

The GDPR is the General Data Protection Regulation. It is a European Union regulation on data protection and privacy in the EU and the European Economic Area which legally upholds confidentiality. The GDPR has made confidentiality a fundamental human right.

The GDPR aims to give people control over how organisations use their personal data. This regulation has outlined six main data protection principles that clarify the main confidentiality responsibilities of organisations. These principles are:

• Lawfulness, fairness and transparency
• Accuracy
• Integrity and confidentiality
• Purpose limitations
• Data minimisation
• Storage limitations

WHAT IS THE DBS CODE OF CONFIDENTIALITY?

If an organisation is receiving information about a person’s criminal record history, there are also DBS rules that need to be adhered to, along with the GDPR.

The DBS code of practice states that all bodies registered with the DBS are required to have a written policy on handling DBS check information. Their clients will also need to have an accessible policy available, as they will be viewing all application results.

The DBS Code of Practice states that:

• DBS information must be securely stored
• The code of practice and the data protection laws must be complied with
• The information must be processed securely
• DBS data can only be given to individuals who are authorised to receive such information
• Organisations must ensure that data is accurate and kept up to date
• Information should not be kept for longer than necessary