The Data Protection Act on Confidentiality and Security

Confidentiality is paramount when working with parents and children, and when dealing with sensitive issues. Confidentiality means not sharing information that is given to you without consent. Confidentiality is important because parents need to be able to trust us as practitioners to keep their information private. Confidentiality of any individuals who deal with the nursery is to be respected at all times, however if a child is believed to be at risk or has been harmed in any way then child protection procedures take precedence and confidentiality may have to broken.

Giving out information unless in the case of the above could have serious consequences. Not only would the trust between the individual and the setting is lost but also the individual responsible could face disciplinary action for breach of confidentiality. Confidentiality applies to both verbal and non-verbal forms of communication. Written information should be stored in a locked cupboard. If any information were on a computer then the computer would need to be password protected and locked in a room at night.

Get quality help now
Dr. Karlyna PhD
Verified writer

Proficient in: Data

4.7 (235)

“ Amazing writer! I am really satisfied with her work. An excellent price as well. ”

+84 relevant experts are online
Hire writer

Four pieces of information that would be classed as confidential are:

  • Induction forms, which hold the personal information of the child and their family’s.
  • Staff information
  • Medical reports on the children
  • Observations on individual children

All confidential information is held in a locked filing cabinet with every individual child or staff member having his or her own separate file.

Three areas that demand confidentiality are:

  • Disclosures – all information given during a disclosure needs to be noted down and passed to the relevant person or persons who would need the information e.

    Get to Know The Price Estimate For Your Paper
    Number of pages
    Email Invalid email

    By clicking “Check Writers’ Offers”, you agree to our terms of service and privacy policy. We’ll occasionally send you promo and account related email

    "You must agree to out terms of services and privacy policy"
    Write my paper

    You won’t be charged yet!

    g. social workers etc. The noted information should be kept within the childs file in a locked cabinet. This information shouldn’t be discussed with other staff members or adults unless absolutely necessary.

  • Discussions with parents at pick up/drop off time – if parents need to discuss a matter with you or vice versa, a private area needs to be found where others cannot overhear what is being said. It can also be particularly embarrassing for parents if they think that others can overhear what is being said.
  • Access of sensitive data/information – all records whether they be on staff or children are kept in a locked filing cabinet. Access to children’s files is only for nursery staff with staff files only being accessed by the leader or manager. All staff sign a confidentiality policy and are aware of the procedures when accessing children’s files.

Anyone processing personal information must register with the Data Protection Commission, as stated in the Data Protection Act 1998. Failure to do so is a criminal offence. The main purpose of this notification is to “promote openness in the use of personal information” (, notification self assessment guide). This is because the details given when registering are processed into a register, which is available to the public. However exemptions do apply dependent on each individual case and what they are doing with the information.

Personal data must comply with the eight principles of good practice as set out in the Data Protection Act 1998. The principles are:

  • Fair and lawful processing – this means that all data on people should be processed fairly. Information obtained has to be done so lawfully and without misleading anyone.
  • Processing for specified purposes – the information obtained should be for lawful purpose and shouldn’t be processed for any thing more than is specified.
  • Adequate, relevant and not excessive – the information should not be excessive of its intended [purpose.
  • Accurate and up to date – all information needs to be accurate and where it is necessary up to date.
  • Not kept for longer than is necessary – personal data must only be processed for the specified purpose and mustn’t be kept for any period longer that necessary. When the data is no longer needed to be retained, it should be destroyed.
  • Processed in line with subjects rights – this means that the subject who gives the information is entitled to have access to their personal data when necessary.
  • Security – the person processing the information must take security measures to make sure that unauthorized processing of data, or accidental destruction or damage doesn’t occur.
  • Not transferred to other countries without adequate protection – personal data must not be transferred to a country outside of European Economic Area unless adequate protection of rights of information is ensured.

Two things that I would ensure when dealing with confidential information are to comply with my settings Confidentiality and Data Protection policies. In addition to this I would ensure that I only share the information with the people who needed to know as well as not leaving any confidential information lying around. I would ensure it was either filed or shredded.

The Data Protection Act is the main piece of legislation that governs the protection of personal information in the UK. It gives strict guidelines on the processing of data. The Data Protection Act states that anybody who is responsible for data must follow the 8 protection principles.

Information must be:

  • Used fairly and lawfully
  • Used for limited, specifically stated purposes
  • Used in a way that is adequate, relevant and not excessive.
  • Accurate
  • Kept for no longer than is absolutely necessary
  • Handled according to people’s data protection rights
  • Kept safe and secure
  • Not transferred outside the UK without adequate protection

The Data Protection Act 1998 was established to stop confidential and personal information from being shared or passed on without the persons consent. This includes information stored on a computer as well as video, film and tape recordings. It also relates to any information recorded on paper. In a childcare setting the majority of the information used and collected is confidential. Parental consent needs to be given before information can be given to other agencies. Passing information on without prior consent is a breach of the Act.

The Act also allows the public the right to know what information is stored about them. It gives people the right to question what personal information a company holds on them, what the information is used for and to be provided with a copy of the information. In addition to this they can ask for incorrect date to be corrected.

As part of staff induction in my setting, new members of staff are provided with a copy of the Confidentiality and Data Protection policy. These policies outline for staff what procedure is regarding confidential information in line with the Data Protection Act. Staff sign a confidentiality of personal information agreement which states that information about the people we work with, and deal with as part of our job, is confidential and is not to be disclosed to others unless required to do so by law. It also states that information given to the setting must not be shared with any other organization without prior permission. Staff are made aware that individual children should not be discussed unless it is for the purposes of planning or group management. It should not be discussed with outside agencies unless consent from the parents has been sought.

When I undertake induction with a new parent I explain to them that information is kept confidential however in cases where a child may be in danger, information will be disclosed. In the induction pack there is a consent to share information form which parents are asked to sign to allow us to share information with health visitors, nursery and any other care agencies that may be involved.

All information records on children including observations, development checklists etc are kept in a lockable cabinet in line with principle 7 of the Data Protection Act. Parents are welcome to see this information if requested, however that are not to be allowed access to information relating to any other child. If a parent would like to see any information on their child our nursery procedure is that the parent has to make a request to the leader of the nursery. We state that we will provide access to the file within 14 days. This is to ensure that all third parties who may have provided information about that child are consulted to gain their consent in line with the requirements of the Data Protection Act.

In line with principle 5 of the Data Protection Act, any information we hold in the setting that is no longer relevant is destroyed.

As the leader of the setting I make sure that all staff are aware that if somebody telephones the setting to ask for information relating to a specific child, to either pass the phone to myself or to take a name, number and where they are calling from. The benefit of this is to allow time to determine who the individual is that called and also to determine whether or not there is permission from the parent to share information.

I think that our policies and procedures in the setting are effective in setting out guideline regarding confidentiality, date protection and information sharing. In our Confidentiality and Data Protection policies, (which staff are required to read and sign) the procedure that staff are required to follow is set out in points that are easy to understand. Staff are very aware of the procedure that they are to follow. I ensure that the staff are aware that I am available if they have any queries relating to procedure. Having parents sign consent to share information allows us to be confident when sharing information with other agencies as we know that we are complying with Data Protection Act as well as our in house policies and procedures.

In my opinion our policies and procedures are effective. The only recommendations I would make to make them more effective is to recap the procedures for staff because this will allow the procedures to always be clear and fresh in their minds. Although most of the procedures are always at the forefront of their mind I feel that if other procedures are not needed as much in their daily life as play workers they could become blurry.

Cite this page

The Data Protection Act on Confidentiality and Security. (2016, Apr 07). Retrieved from

The Data Protection Act on Confidentiality and Security

👋 Hi! I’m your smart assistant Amy!

Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.

get help with your assignment