Confidentiality, Data Protection and Safety

How do you ensure confidentiality and safety?

Therapy could not happen without a high degree of confidentiality as it relies on being able to trust a therapist with your deepest feelings. In this respect being open and honest about the boundaries of that confidentiality is key to developing a good working relationship and prevalent in both the British Association for Counselling and Psychotherapy (BACP) and British Psychological Society (BPS) ethical guidelines.

So, what does it all mean? There are several things to consider when talking about confidentiality: the law, professional guidelines and a therapists personal beliefs on confidentiality. Of course life is a bit risky and it would be foolish to say confidentiality is always a 100% assured, but by following the guidelines and being vigilant we aim to act as ethically as possible.


The Law

The law around confidentiality is complex and not necessarily very clear but in certain circumstances a therapist is required to lawfully pass on information. The BACP currently suggest the following;

  • Information about an act of terrorism (Terrorism Act 2000, section 38B).
  • Information that the client was a driver involved in a road traffic collision – if approached by the police (Road Traffic Act 1991, section 21).
  • Information about the whereabouts of a missing child who is in care, under police protection or subject to an emergency protection order – could be obliged by the family court to pass on that information (Children’s Act 1989, section 50).
  • Courts can also order disclosure of information for other purposes.

Professional guidance

Whilst I would look to abide by the policies of all of the professional bodies I belong to summarised here are the BPS Counselling Psychology guidelines on confidentiality and record keeping;

  • A therapist needs to be open and honest about the limits of confidentiality.
  • Explain in advance the possible requirement to break confidentiality if the therapist considers there is a risk of harm to self (the client) or to another person.
  • Make sure a client is able to make informed consent decisions on all aspects of their therapy.

Therapists face many dilemmas in their work and have a back up network to help make a decision. In the first instance they can seek advice from their supervisor and can also approach their professional body to help. The sensible acid test is that the therapist needs to be prepared to explain and justify any decision.

The purpose of Record Keeping should be –

  • to improve continuity.
  • to facilitate assessment, planning and evaluation of therapy.
  • for statistics to measure outcomes.
  • to make sure records are clear, complete and up to date.
  • sensitive information kept is only what is necessary to facilitate the work undertaken.
  • The BPS recommend records are securely kept for 7 years after therapy and 3 years after a person turns 18 (if working with young people).

Personal confidentiality policy

Here are some realistic ways I work on maintaining ethical confidentiality.

  • I do not talk about clients outside of the therapy room except in very specific circumstances.
  • I keep client personal information separate from any notes made about the therapy.
  • Any paper notes made will be looked after carefully and stored at a secure location in a secure cabinet.
  • I use a first name or pseudonym when talking to my supervisor about a client.
  • If I bump into a client outside of the therapy room I do not acknowledge them to ensure their anonymity. If a client chooses to speak to me i would encourage saying hello but discourage any further conversation which can safely wait for the therapy room.
  • If I were in a position to consider breaking confidentiality through worrying a client might harm themselves I would always seek to discuss it with them first if possible. I would be working in the clients best interests and look to contact their GP or other health professional in order to support them.
  • If in a position to consider breaking confidentiality through worrying a client might be a risk to others I will follow professional guidelines and seek advice from my supervisor and/or professional body.

Talking about suicide

My experience has shown me that often people show their distress in talking about feeling suicidal and I feel it is important to have an outlet to talk about suicide and suicidal feelings in this way. However, I have a duty of care to my clients and if I consider that there is a real plan and the means to commit suicide I would look to seek support for the individual. This may mean breaking confidentiality but be assured this would be done for the best intentions, and if possible I would discuss this with the person prior to doing so.


Data Protection

I abide by the principles of the data protection act 1998 and in accordance with the General Data Protection Regulation 2016 (from 25th May 2018). As I hold sensitive information I have further registered as a data controller. This is what the Information Commissioner’s Office has to say about holding and processing personal information –

  • only collect information that you need for a specific purpose;
  • keep it secure;
  • ensure it is relevant and up to date;
  • only hold as much as you need, and only for as long as you need it; and
  • allow the subject of the information to see it on request.

We have always had the right to ask to see what information is kept about us and this is facilitated if possible, and subject to advice from professional bodies. Recent changes in data protection law advise practitioners are more explicit in explaining public rights to information kept about them in relation to accessing personal information and compensation. Please follow the Information Commissions Officer link to find out more about the right –

  • to be informed
  • of access to data
  • to rectification
  • to erasure
  • to restrict processing
  • to data portability
  • to object
  • and not to be subjected to automated decision-making.

Please be assured I do not keep mailing lists for advertising purposes.


Using a computer

Like most people I use a computer and look to secure the sensitive information I hold by the following means.

  • All business computers utilised are password protected.
  • information is stored securely on either an encrypted cloud storage system or a dual authentification enabled computer.
  • Any information that might be considered therapeutically sensitive and/or identifiable sent via email will be password protected. Clients are discouraged from using the usual email channels for anything other than appointment making and these emails are deleted as soon as practicable.
  • For extra security I use various online communication providers that have encryption for; email, Instant messenger, webcam or telephone.
  • I use several cloud based software programs to utilise my work (e.g. clinical notes, accounting) and all of them comply with the highest data protection and confidentiality protocols. I can supply links to their policies as required.