Privacy Information

Data Protection


The Company must ensure that prospective clients, learners, learners and staffs' rights to dignity and privacy are respected. The company shall only record essential information on prospective clients, learners, learners and staff. The company Staff should be aware of their data protection responsibilities. Prospective learners and learners should be aware of their data protection rights. The company will ensure that records are stored in accordance with written procedures. The company staff, where applicable, will aid and enable learners to exercise their right to access their files. The company staff and learners' files are archived and disposed of in line with written procedures.


This Policy must be read in conjunction with other company policies, such as complaints, confidentiality and information sharing, accident, incidents and reportable diseases etc. These policies all place obligations on the company to keep records.

Legal and regulatory requirements

The Data Protection Act 1998 governs the processing and use of records both manual and computer relating to staff, prospective learners and learners. The Act also gives these people the right to access the records kept on their behalf.


The company must ensure the keeping of accurate and up-to-date records.

Information relating to staff and learners should not be left on desks, or computer screens left open and visible.

Learners' records should always be locked away.

Only factual information should be used in communications.

The nature and scope of records

The scope and extent of the information to be entered in records should be discussed with the learner both at application and induction stage. The learner must not be mislead as to the purpose the personal information given will be recorded. The learner should also be informed as to who has access to the records what they will be used for, and any other information that relates to the recording of information.

Information can only be recorded if the learner gives their consent; or if it is necessary for the performance of a contract or in the learner's interest. Staff should be aware that unnecessary information should not be recorded. Staff should endeavour to get the learners consent in writing.

With regard to learners' who have communication difficulties or are subject to the Mental Health Act please refer to appropriate policies. If information is collected over the telephone the learner or prospective learners should be advised of the reason the information will be recorded etc and verbal consent should be obtained and noted. The learner in person at the earliest opportunity should verify this consent.

Information regarding the learner's racial and ethnic origin, political opinions, religious beliefs, sex life, and trade union activity, physical or mental health should be treated as sensitive. This information should not be recorded unless the learner has given their explicit consent. If this consent is not forthcoming it can only be recorded if it is for a purpose of performing a legal right or in the necessary to protect the vital interests of the person concerned.

There may be instances where sensitive information can be recorded if it is necessary for legal proceedings medical purposes and for the monitoring of equal opportunities.

Staff should be inducted as to the records necessary for service delivery and what information should be disregarded as needless details.

Records and case notes should be accurate with a clear distinction between fact and opinion.

The company will define what information is kept on file; this may include, but is not restricted to;

Application / referral forms Interview notes Study assessment Learning contract agreement Support care plan Learners notes Medication Financial transactions External agency information, notes, etc


Recorded information, either on paper or in computer data will be held in secure and private storage, e.g. locked cabinets for paper records and password-protected software for computer data. The obligations of the Data Protection Act will be adhered to. Computer records should be backed up weekly and the discs kept off site in secure approved storage. All back ups of computer records should be password protected.

Movement of confidential information outside of physical areas where it is safeguarded will be kept to a minimum.

Learners can refuse to have the records kept locally and in this instance the records should be arranged to be transferred to the company's main office. The learner's refusal should be noted on the record and their signature must be obtained.

Staff access

All records are to be kept either in a locked file or a password protected computer system. Authorised persons, who are registered as key holders, should hold the keys for the files. The computer system should have a series of passwords enabling the access of sensitive data on a strictly need to know basis.

Archiving and disposal

Ex learners' records will be archived as soon as possible and archive records will be kept in a lockable file, access to which is limited to authorised key holders.

The company will keep records for the appropriate number of years after the last contact with the company by the learner. The records will then be deleted if on computer or incinerated / shredded if paper copies.

Information use for monitoring, planning, research and publicity

Information for monitoring purposes will be presented statistically ensuring individuals are not identifiable. Where information about specific staff or learners is used for publication their consent must be given and their anonymity preserved. Staff and learners will not be the subject of research or included in public information without their explicit consent. The staff at the company will support learners if the media approaches them. Learners will be informed that the company has no control over final material produced by the media or researchers.

Third party requests for records

The company staff should verify the identity of any person requesting information. Staff should ensure that any requests from third parties comply with the confidentiality and information sharing policy. Copies of records disclosed must be kept in the learners file.

Transporting records

The Office Manager should prescribe the instances where files can be removed from the locked filing cabinet or from the computer system. The member of staff taking the records must sign in the logbook recording what information has been taken, where, for what purpose and by whom. The member of staff must sign back in all records returned. Any records lost during transportation must be regarded as a confidentiality breach and the learner affected must be informed. All steps must be taken to retrieve the information and the learner advised of their right to complain. A designated member of staff or the office manager is responsible for transporting and storing the weekly back up computer discs.

Monitoring compliance

The Office manager will perform a quarterly inspection of all files to ensure content, archives are current and data protection has been complied with.


Publicly or commercially available information we define as information that an individual makes or permits to be made available to the public, or is legally available through an independent list broker or other third party, and/or is legally obtained and accessed from, amongst other sources: government records that are available to the public, journalistic reports, or information that is required by law to be available. We may collect publicly available information or purchase commercially available information about you from third parties.