VIRGINIA (POLLY) SMITH COUNSELLING in conjunction with OXFORD COUNSELLING CENTRE
RECORD KEEPING AND DATA SECURITY POLICY
Under Data Protection Regulations, Virginia (Polly) Smith is a Data controller and I am registered with the Information Commissioner’s Office. My legal bases for processing client data are Consent, Contract and Vital Interests. I need their information, e.g. contact information and sensitive personal information to be able to provide them with therapy. I may need it for client’s vital interests if there is a serious safety or safeguarding concern.
Client records will be stored confidentially. Personal identifiable information will be kept separate from counselling records and both sets of information will be stored in locked cabinets where access is restricted solely to myself. Client records will be kept for 7 years, upon which they will be destroyed securely.
When collecting information, I will tell my clients how and why it is stored. This is done both through the Privacy Notice and the Counselling Agreement as well as in the first session where the basics are explained.
Statutory obligations to disclose
The Terrorism Act 2000 makes it a criminal offence for a person to fail to disclose, without reasonable excuse, any information which they know or believe might help prevent another person carrying out an act of terrorism or might help in bringing a terrorist to justice in the UK.
Road Traffic Act 1991- if the police require information about the driver of a vehicle at the time of an offence, it must be disclosed; failure to do so is a criminal offence.
Money Laundering – I am legally obliged to report anything I hear that may involve money laundering to the appropriate bodies ie. the police
Child protection (Under 18)
Under the Children Act 1989 the family court can make a recovery order in relation to a child who is in care, under police protection or subject to an emergency protection order, who is abducted, has run away or is otherwise missing.
The Children Act 1989 and 2004, places a statutory duty on health, education and other services to co-operate with local authorities in child protection. There is a statutory duty to work together, including information sharing, in conducting initial investigations of children who may be in need or subject to abuse. It is of the utmost importance that we protect the welfare
of children, so if I have any concerns about a child’s welfare (whether the child is my client, or the child is connected to one of my clients) I will speak to my supervisor as early as possible.
When dealing with clients at risk of suicide or serious self-harm I may need to disclose information. I will consider these options; to disclose to a GP, or another health provider, to talk to your supervisor, or to respect confidentiality and take the course of action that feels in my clients best interest
Counselling Notes
The counselling records I keep are appropriate, accurate, relevant, lawful and secure. I will keep brief clinical notes about my clients after each session (in accordance with the BACP guidelines).
Notes are kept confidential, i.e. no personal, identifiable information will be noted. When discussing cases with my supervisor I use client reference numbers or non -identifiable names.
I will keep all client records and unidentifiable notes separately and securely and destroy them securely after 7 years.
I have made a therapeutic / professional will which is held by Beth Roberts, a counselling colleague.
Data Security
I will take reasonable steps to protect the security of the information I hold and to adhere to relevant Data Protection Regulations. I will not discuss my clients with anyone other than my confidential, contracted supervision. When discussing clients with my supervisor, I do not disclose personable identifiable information.
Devices I use to access information, e.g. laptops or mobile telephones are password protected and virus protection is installed.
If there is a security breach regarding client information I will inform the relevant clients within 72 hours to explain this data breach.
Should my clients have concerns about the management of their data they should contact me in the first instance. If I am unable to resolve their concerns then I will inform them of their right to complain to the Information Commissioners Office (ICO) at the following address