Confidentiality Policy
In order to fully cater for children’s individual needs and abide by the requirements of the Early Years Foundation Stage (EYFS) and the Childcare Register, I need to obtain personal information from parents/carers about their child. I respect parents/carers’ privacy and am committed to ensuring that parents/carers can be confident that information will only be used to enhance the welfare of their child and that any information collected will be stored to retain confidentiality according to the GDPR (General Data Protection Regulation) 2018 and UK’s Data Protection Bill 2018.
Procedure
Both written and verbal information gained about children and their families will be treated as confidential and not shared without parents/carers’ permission unless there are concerns regarding child abuse. Sensitive conversations with parents/carers will be conducted outside the hearing of other parents/carers – this may be through an arranged meeting or phone call if not possible when child is collected.
To comply with my legal responsibilities, written information will be shared with Ofsted if requested. This can happen as part of an inspection or at any other time there is a reason for Ofsted to inspect it. Any requests for personal information regarding minded children or families by other parents/carers, childminders or members of the public will be strictly denied.
The GDPR requires me to keep and use all information in a safe and secure way. Confidential records are stored in a locked filing cabinet.
In the event of a data breach, (ICO describe a data breach as ‘A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data’.) I will keep a record of the breach, and the actions taken to rectify the situation and to prevent it happening again. If it is a risk that is severe enough to risk to people’s rights and freedoms I must notify the ICO within 72 hours. To comply with GDPR parents would be informed of any breach of their data.
Written information will be kept after a child leaves for the amount of time stipulated by Ofsted and/or the setting’s insurance provider before being shredded. General records relating to individual children will be kept until the Ofsted inspection after the child has left the childminding setting. Any Accident/medication records or records of safeguarding concerns will be kept until the child reaches the age of 21 or 24 respectively as recommended in the Limitation Act 1980.
Parents have the right under the GDPR to see any record of information kept about their child. You can ask to see your child’s records at any time or requests can be made in writing and I must provide the relevant access within 1 month. The only exception to this will be for information that is exempt (for example, information such as some child protection records that would not be in the child’s best interests to provide). To comply with the GDPR there will be no charge for this.
Any information or photographs that are stored on my computer will be protected by a strong password, firewall and virus checker. I am registered with the Information Commissioner’s Office (ICO). If I keep children’s records on a commercially produced system, I have checked that the site is a ‘secure site’.
It is likely that you will also find out confidential information about my family through conversation and from spending time in my home. I request that you treat this information as confidential and not share with others without permission.