Data Protection, Online Security & Confidentiality
Data Protection Officer: Henzy Tanrien-Sawyer
ICO Registration number: ZA773768
Data security
I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure in a locked filing cabinet and use of passwords. Please read below:
The Data Protection Act 1998 was developed to give protection and lay down rules about how data about people can be used. The 1998 Act covers information or data stored on a computer or an organised paper filing system about living people. The basic way it works is by: setting up rules that people have to follow. Source taken from www.gov.com
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). GDPR came into effect across the EU on 6 Mar 2018; May 25, 2018. The GDPR is Europe's new framework for data protection laws. It replaces the previous 1995 data protection directive. The new regulation started on 25 May 2018. It is enforced by the Information Commissioner's Office (ICO). The principle of integrity and confidentiality requires me to handle personal data “in a manner [ensuring] appropriate security”, which include “protection against unlawful processing or accidental loss, destruction or damage”. Source taken from gov.uk.
In summary, my understanding of GDPR is that it allows citizens the right to privacy and to access information held about them. It also allows them to update or delete information and the right to be forgotten. This helps me to inform clients during contracting that their personal data is kept confidential within my practice, but would request consent if information of their data is to be shared for referral purposes or as a result of limits to confidentiality.
In order to respect your privacy, I have included some information below for you to read carefully. It is important to me that you feel confident that your personal information and data is kept safe and secure and used appropriately for the purpose you have consented to expect for limits of confidentiality where you and others may be at risk. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended:
What type of information I collect from you
First name, surname, date of birth, full address, telephone numbers, ethnicity, marital status, religion or cultural beliefs, physical and mental health condition, gender, sexuality, GP surgery and other health professionals, numbers of siblings and children.
Other sensitive information: Medical history and any diagnosis, personal health information and family history relationships, reasons for seeking counselling and expectations.
How and where I collect your information
When clients contact me with an enquiry about my counselling service, I will collect their personal information and sensitive data from them to help me satisfy their enquiry. This may include communication done verbally, written, electronically or by telephone.
Why I need to hold your information
The GDPR also makes sure that I look after any sensitive personal information you may disclose to me, appropriately. The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below:
If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.
I require your consent to process your information and you also have the right to withdraw your consent.
What I use your personal information for
I use personal information clients provide with their consent to work with them during therapy in an agreed contract and to refer unto appropriate services with their informed consent or in the event of safe guarding issues.
I make client notes during sessions and keep records of sessions to assist me remember what the sessions was about so I can refer to it during sessions or when appropriate to do so.
How I store your information
Clients information are stored on electronic devices and secured with a password. Written or paper documents and records are stored in a locked filing cabinet in my practice office. For security reasons I do not retain text messages for more than 48 hours. If there is relevant information contained in a text message, a photocopy shall be taken, printed out and stored securely under client’s name.
At the end of therapy, client personal data will remain locked up in a filing cabinet in my practice office. Any contracts and consents to record sessions the clients have signed would be kept also and client’s agreement whether or not it can be released to a third party. Clients data are kept for 3 years before it is destroyed or safely disposed.
There would be instances when I get a sense that I need to break confidentiality in terms of safeguarding issues without client’s consent those records would be kept.
If you decide not to proceed, I will ensure all your personal data is deleted within 24 hours and everything you discussed will still remain confidential. However, if you disclosed harm to yourself or others or any other safeguarding issues, I will keep a record of your personal details to help the third party that may help prevent this.
Your data protection rights
Clients have the right to access notes I have about them. You would need to do this in writing by completing a request form and allowing 14 days notice.
I am happy to chat through any questions you might have about my data protection policy and you can contact me via email.
Third Party
It may sometimes be necessary to share personal data with third parties, for example, for referral purposes of to seek information on your behalf with your informed consent.
Only appropriate information would be shared with a third party and ensuring they only use client information with purpose stated.
Your Rights
You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information.
You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at www.ico.org.uk/your-data-matters.
You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.
If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by email. I would welcome any suggestions for improving my data protection procedures.
Complaints
If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to www.ico.org.uk/make-a-complaint
Visitors to my website
When someone visits my website, I use a third-party service, Webhealer to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Webhealer to make, any attempt to find out the identities of those visiting my website. I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website. I use Webhealer so that I can continually improving my service to you. Like most websites we use cookies to help the site work more efficiently - find out about our use of cookies by scrolling to the bottom of the home page. No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me and deleted.
ONLINE SECURITY &CONFIDENTIALITY
"Good Practice safeguards against electronic intrusion by online communication providers..." BACP Good Practice 047
Threats arise everyday to how we use security online. Here are a few steps I am taking to ensure your data is secured and protected from any intrusion:
Ensuring that I am using appropriate hardware and software
Using an up-to-date antivirus, firewall and Internet security software in order to prevent unauthorised intrusions by third parties
Use provider electronic platforms that meet the privacy and quality standards
Ensuring the terms and conditions of online providers are suitable for the service I provide
Offering a suitable secure alternative to clients where this is practicable
Ensuring counselling is been held in a secure private space without any physical intrusion from a third party
Being vigilant that I am not overheard, overseen on equipment and software used
Providing clients with suitable information on how they can best ensure their confidentiality in the room and protect their online security during sessions
Ensuring I use a secured method of communication and Wi-Fi network with a password
Keeping up-to-date with new developments to enhance privacy, security and reliability of my chosen method of communication
As working online relies on rapid changing technology, I shall ensure I periodically conduct searches online to see if there have been any reported breaches or privacy or security incidences involving potential providers.
