Wikimedia UK believes strongly in being an open and transparent organisation. There are however areas where confidentiality needs to be protected.
This policy applies to all staff, trustees and volunteers of Wikimedia UK. The data covered by the confidentiality policy is targeted at:
- Information about the organisation where there are special sensitivities, e.g. legal issues. As a rule Wikimedia UK expects to conduct its business in an open and transparent manner.
- Information about other organisations
- Information about individuals, for example, clients, volunteers, donors and staff whether recorded electronically or in paper form
All staff, volunteers and others who work at Wikimedia UK must respect the need for confidentiality of information held about anyone who comes into contact with the charity, and about any charity business. This is expected to continue even when contact has ceased with this person, and when the volunteer or staff member no longer works for Wikimedia UK.
This policy should be read in conjunction with Wikimedia UK’s Data Protection Policy.
Information about individuals
Wikimedia UK is committed to ensuring appropriate confidentiality for all individuals. The confidentiality is between the individual and the organisation, not the members of staff or volunteer delivering a service or event for example.
Confidential information will not be sought from a client unless expressly in the interests of that client, i.e. to enable a better service delivery.
Information will only be passed to another agency or to other individuals outside of the charity with the consent of the client, where possible this will be with written consent. If a member of staff or volunteer intends to get information from another agency to help the client or to refer them to another agency then this must be explained to the client and their permission given.
No personal information about staff, volunteers or clients will be given to any third party including a member of their family, without the consent of the client. Information will only be divulged on a “need to know” basis.
Individual's information will be treated in confidence and will not be divulged to anyone outside the organisation except where extenuating circumstances exist (see below). However, in order that we can provide the best possible services it may be necessary to share information with the CE or colleagues within Wikimedia UK.
In no circumstances should details of a volunteer, trustee or member of staff be discussed with anyone outside of the organisation or in an open plan area in such a manner that it is possible to identify the client.
Staff and volunteers should take due care and attention when speaking to clients and using the telephone or fax. No client should be able to hear a conversation or personal details of volunteer, trustee or member of staff.
Use of client information for publicity, reporting or training purposes
Wikimedia UK does need to be able to give information where appropriate about the impact of our services.
If one of our services has an outcome which would provide useful material for publicity, reporting or training purposes, then wherever possible the permission of the client will be sought in writing before the story is told to anyone else. If permission cannot be obtained then any details that would enable identification of the client to be made will be changed.
Limits to client confidentiality
In certain circumstances Wikimedia UK reserves the right to break confidentiality should this be deemed necessary. These circumstances include:
- If a member of staff believes that someone could cause danger to themselves or to others.
- If a member of staff suspects abuse or has knowledge of abuse
- If the client gives information which indicates that a crime has been committed
- If disclosure is required by law, for example, by the police
- If a person is felt to lack the mental capacity to make a decision. In such cases staff or volunteers will discuss with the CE or Chair and they will only act in the client’s best interest.
- If the client gives information which indicates a possible terrorist threat.
The decision on whether to break confidentiality will be decided on a case by case basis and always in conjunction with the CE or Chair.
Access to personal data
This Policy operates on a “need to know” basis and apart from staff and volunteers in the office of Wikimedia UK, no-one will have access to client or organisational information unless it is relevant to the service or their work.
All donors and members have the right to request access to all information stored about them, and have a right to see a copy of this confidentiality policy on request.
If any party concerned has a sensory or physical impairment, efforts should be made to ensure that all aspects of this policy and exchanges between parties are understood.
Significant breaches of this policy will be handled under Wikimedia UK’s disciplinary procedures.
Evaluation and Monitoring
All staff and volunteers will be directed to this policy when they join Wikimedia UK and will sign the confidentiality statement that they will abide by this policy. Wikimedia UK will ensure that all staff and volunteers are trained in the application of this policy.
The policy will be reviewed in January 2015 by the Chief Executive and approved by the Board of Trustees. It will also be reviewed in response to changes in relevant legislation, contractual arrangements, good practice or in response to an identified failing in its effectiveness.
Confidentiality statement for staff and volunteers
All staff and volunteers will be asked to sign the following confidentiality statement:
When working for Wikimedia UK, you will often need to have access to confidential information which may include, for example:
- Personal information about individuals who are clients or otherwise involved in the activities organised by Wikimedia UK.
- Information about the internal business of Wikimedia UK.
- Personal information about staff or volunteers working for Wikimedia UK.
Wikimedia UK is committed to full transparency but some information needs to be kept confidential in order to protect people and Wikimedia UK itself. ‘Confidential’ means that all access to information must be on a "need to know" basis and properly authorised basis. You must use only the information you have been authorised to use, and for purposes that have been authorised. You should also be aware that under the Data Protection Act, unauthorised access to data about individuals is a criminal offence.
You must assume that information is confidential unless you know that it is intended by Wikimedia UK to be made public. Passing information between Wikimedia UK staff and trusted volunteers, or between Wikimedia UK and a mailing house does not count as making it public, but passing information to another organisation does count.
You must also be particularly careful not to disclose confidential information to unauthorised people or cause a breach of security. In particular you must:
- not compromise or seek to evade security measures (including computer passwords);
- be particularly careful when sending information to other agencies and organisations;
- not gossip about confidential information, either with colleagues or people outside Wikimedia UK;
- not disclose information — especially over the telephone — unless you are sure that you know who you are disclosing it to, and that they are authorised to have it.
If you are in doubt about whether to disclose information or not, do not guess. Withhold the information while you check with an appropriate person whether the disclosure is appropriate.
Your confidentiality obligations continue to apply indefinitely after you have stopped working or volunteering for Wikimedia UK.
I have read and understand the above statement and the Confidentiality Policy. I accept my responsibilities regarding confidentiality.