Privacy and confidentiality

A privacy policy is a general statement about how personal information flows through an organisation. It should cover:

  • Collecting information – the sort of personal information you gather and why
  • Using and disclosing information – when and how personal information is accessed
  • Who can access personal information
  • Record keeping processes and security.

Your organisation might find it makes sense to have a separate records management policy or a confidentially agreement that volunteers must sign before they have access to information. Depending on their role, you might need to consider having a copyright or intellectual property policy as well.

Records management

Your organisation will also need to ensure that any personal information is collected, kept and used in a way that meets the requirements of privacy legislation. This means that only information that is necessary should be collected and that it needs to be kept securely.

To ensure that you are keeping your records properly, you will need to establish:

  • What information is required
  • Who is responsible for collecting the information
  • What procedure will be used collect the information
  • Where it is kept
  • How long it is kept for
  • How you dispose of records.

This links to National Standards for Involving Volunteers No.2 – Management responsibilities.

Confidentiality agreement

A volunteer confidentially agreement is a document that a volunteer signs to declare that they will follow the privacy policy and related procedures in an appropriate manner. This relates to the collection, storage, access and disposal of records.

It is useful to have a confidentially agreement if your organisation has volunteers accessing personal information or confidential documents, or if they handle client information.

This links to National Standards for Involving Volunteers No.3 – Recruitment.

Tools and resources