Solus Scientific Solutions Ltd (‘Solus’) Confidentiality Policy
Confidentiality and Storage of and Access to Records
This policy covers all activities undertaken within Solus and applies to all contact with, or activity involving, Service Users (ie customers, suppliers and any other users of Solus). This policy is binding and failure to comply with its provisions may result in disciplinary action. For the purpose of this policy, ‘information’ includes both oral and written information as well as knowledge acquired through observation.
Solus staff are bound by a duty of confidentiality to those using our services and staff must aim rigorously to protect the confidentiality of Service Users. Practical steps will be taken, through staff training and the provision of administration arrangements, to prevent the inappropriate disclosure of any information relating to a Service User. Breaches of confidentiality may be viewed as a disciplinary matter.
The maintenance of adequate safeguards in record-keeping and adherence to the confidentiality procedures must be monitored by all line managers. Line managers must ensure that new staff are made aware of this policy and its provisions in their induction. Any breaches of confidentiality leading to a formal complaint by a Service User must be reported to the relevant line manager.
The Data Protection Act 1998 aims to protect individuals from the potential misuse of personal data held by organisations, regulating the use of information relating to individuals and the provision of services in respect of such information. The Act outlines what sort of information it deems to be ‘sensitive personal data’.
Both employees and employers are legally responsible for compliance with the Act and may face prosecution or fines for knowingly or recklessly disregarding its requirements.
Solus reserves the right to share personal information about Service Users with other staff members for purposes relating to maintaining administrative records, or the safety of an individual or maintaining the reputation of Solus.
Storage and archiving of information
Solus will identify the information needed for a specific purpose and ensure it is accurate and up to date. If there is a complaint regarding the accuracy of information held then Solus will investigate this and amend the records or at least note the complaint on file. Confidential records, files or any other information relating to Service Users should always be stored in a secure place and access to them controlled.
The Act requires that personal data must not be kept any longer than is necessary for the purpose(s) for which it was collected. When this time has expired, information is no longer current and must be archived. Once the period of required retention has expired, data must be disposed of. All archived data should be boxed up and the box should be marked with sufficient information to clearly identify the contents.
Disclosure of information
When Solus uses the information about a Service User it will ensure that the Service User is properly informed of what Solus intends to do with the information.
The Service User has a right to see information that Solus holds on them. A request for this information must be received in writing and evidence of identity will be required. An administrative fee may be requested. Solus has up to 40 days to comply with the request.
If the request is from a third party then permission should be sought from the Service User before information is provided to the third party. If permission is withheld then Solus will not provide the information unless Solus is under a legal obligation to do so.