Download | Confidentiality Statement
The “common law duty of confidentiality”
There is no single piece of legislation that creates a duty of confidentiality. The concept has been established in common law over time. The principles are these:
A duty of confidentiality can be established because of a contract or agreement, or because of the nature of a relationship between the owner of the information and the person in whom they confide
Duties of confidence can exist in personal relationships, business, relationships between employees and employers, and in professional relationships, like that between a lawyer and client, or doctor and patient.
When establishing that certain information be kept confidential, the agreement can be verbal or written.
Duties of confidence can apply equally to information recorded in a permanent form, or information communicated verbally.
In what circumstances can a duty of confidentiality be set aside?
There are several possibilities:
- The information is not, or is no longer, confidential (e.g. it is in the public domain or is known to a far wider group of people than the source and recipient).
- The owner has consented to the information being disclosed.
- The information is about “iniquity” i.e. some form or wrongdoing. Courts have established that a person cannot be put under a duty of confidence when dealing with information about criminal behaviour or serious misconduct.
- disclosure is in the public interest.
This last consideration throws the whole issue into doubt when moving back to Freedom of Information. Disclosure can be resisted if action for breach of confidence might be the result. But action for breach of confidence can fall if disclosure is in the public interest.
How do I know whether I am under a duty of confidentiality?
In one way, it might be said that you should not have to ask. Many sources seem to imply that there is a certain sort of information that is by its nature, “confidential”, and that people will know it when they see it. For example, Liberty’s guide to Human Rights states that “for information to enjoy the protection of the law of confidence it must be secret or confidential”, without really explaining how to spot it in the field.
Some clear criteria are nevertheless identifiable:
1. Some relationships automatically have a confidential element to them, where a person in a ‘client’ role needs to be able to confide in the professional without fear that the information will be further disclosed – lawyers, health professionals, psychologists and counsellors are among those whose roles have an inherently confidential element
2. Information needed for a specific statutory or legal purpose, which cannot be obtained in any other way is likely to attract expectations of confidence especially where damage would be caused if the information was known more widely
3. Information which is given with an explicit assertion that it must be kept confidential is likely to attract a duty of confidence – although staff should only accept information in confidence where it is necessary and where they have no alternative. Where it is clear that information cannot be kept confidential because, for example, it concerns criminal activity, or where there is no genuine risk of harm (i.e. no genuine need for confidentiality), staff should be prepared to explain at the outset that the information cannot be kept confidential.
4. Personal relationships (i.e. between friends, spouses or partners) automatically carry an expectation of confidentiality, unless one or both of the parties have already put details of the relationship into the public domain.
Where does Confidentiality not apply?
One obvious area where confidentiality is potentially irrelevant is in the use of confidential marks and labels on documents and emails. If information is confidential because it relates to a confidential relationship or situation, it is sensible to mark it as confidential. However, to apply a label retrospectively to information which is embarrassing, inconvenient, or otherwise uncomfortable, or simply to allow someone to work in a generally secret manner will not attract any protection under confidentiality. Moreover, the FOI exemption will certainly not apply.
Although partner organisations may place a greater emphasis on confidentiality as a way of escaping the full effect of Freedom of Information, this must be resisted. Even though the Section 41 exemption is absolute, observing the duty of confidentiality inherently requires an assessment of the public interest. The former Lord Chancellor Lord Irvine said all public authorities should be careful when working with the concept of confidentiality. They should not accept information in confidence where it was not necessary to do so, and should not allow confidentiality clauses to be inserted into contracts unless there was a specific, justifiable need for one.
What to do (and what not to do) now
Avoid the arbitrary use of confidential labels and markers. This applies especially to automatic labels applied to documents, or to the “confidential” option for emails. Such markers have no inherent legal force, and should be reserved for information which must be kept confidential.
Clarify with outside organisations whether the information they have given you is confidential. Do not do this in situations where there is no obvious need for confidentiality. Furthermore, do not create expectations of confidentiality that might put the council in a difficult position. The FOI Act creates a general right of access to all information, and no effort should be made to restrict access purely because of convenience or current practice.
Do not accept confidentiality clauses in contracts or agreements unless a clear case can be made for them. Confidentiality clauses should be the exception, not the rule.