How I manage information about clients
Introduction
This document sets out my client privacy policy, which applies to all counselling and coaching clients to whom I offer services. It sets out how I manage information about clients and how I comply with my obligations under the General Data Protection Regulation (GDPR) 2018 and as a registered, accredited member of the British Association for Counselling and Psychotherapy (BACP).
This document can be downloaded as a pdf document: To be added
I have a separate policies for those using my web-site: web-privacy
and for those I supervise: supervision-privacy
Information I collect
When we first meet I ask you to complete a ‘Client Information Form’. This provides me with your contact details, the name of your GP and how you heard about the services I offer.
Beyond that, the information I hold on you will be a brief summary of my recollections and reflections following each of our sessions. Depending on what you tell me, this may include personal sensitive information, for example about your physical and mental health, sexual life, racial or ethnic origin, religious or other beliefs, offences and alleged offences perpetrated by you or upon you.
Storage of this information
I keep the ‘Client Information Form’ in its paper form in a locked filing cabinet, to which no-one else has access other than in exceptional circumstances (see “Therapeutic Will” below).
I also transfer the information on that form into the cloud data-base system I use for recording my client notes. The system I use is called ‘Bac-Pac’ and is managed by a company called Mayden. If you want more information about how their security systems work you are welcome to ask me, or to contact Mayden directly at: support@mayden.co.uk
If you email me I read the email, deal with it and then delete it. I may copy the content of the email into Bac-Pac if I feel it is relevant to our work to keep it.
If you give me any paper-based documents or pictures at any time I will either store those in a locked cabinet or scan them and store them on my client data-base.
Sharing of your information
There are only four circumstances when I may share some of your information with someone else:
Therapeutic Will
In the case of my death, or my becoming incapacitated for an extended period, your name and contact details will be shared with my Therapeutic Executor. This is so that you can be contacted to explain what has happened, if you are seeing me at the time. Once it becomes clear that I will not be returning to practice all the paper-based client records and the contents of my client record system would be destroyed/erased.
Erasing your information
On the advice of my professional body, I keep my client notes for seven years after we have completed our work together, at which point they are destroyed/erased.
Your rights under GDPR
Under this legislation you currently have the following rights:
To be informed about what information I hold (this document).
To see the information I hold on you (free of charge for the initial request).
To rectify/correct any inaccurate or incomplete personal information.
To request that your personal information is erased/deleted/shredded. I can decline this request if the information is needed for me to practice lawfully or competently, or if there is another reason (for example a complaint or legal reason).
My devices
I do not store client information on either my computer or mobile phone. I do access my emails through both and texts through my mobile phone.
Registration with the Office of the Information Commissioner
I am registered with the Office of the Information Commissioner (OIC), registration reference number ZA080937. I will notify the OIC should a data breach occur in my systems.
If you are unhappy with how I have dealt with your information you may make a complaint to the OIC: www.ico.org.uk, phone: 0303 123 1113
If you are unsure about any aspect of this policy document, please Contact me
Steve Page/How I manage information about clients/version 1: 28th May 2018