Sonya de la Loi, the respected academic lawyer from Trondleheim University 
in the Artic Circle, runs an "data pretection agony aunt column". She 
printed the following response to a letter (relevant to the above topic) in 
Data Protection and Privacy Practice (No. 1).

Chris

<something> are control instrcutions to the document layout system we use





<heading>Counselling with care

<box>Dear Sonya

<box>Our Counselling Service (in a higher educational establishment) will 
sometimes complete and hold the following client data: (a) an assessment 
which describes the problems and makes recommendations for the future care 
of the client and (b) a process record which may include client information 
but is more about the way the service is trying to work with the client or 
may reflect how the counsellor has been affected by the work with the 
client.

<box>What advice would you give?

<box>Yours sincerely,

<box>Ms. S



<body>Dear Ms. S

<body>I suggest you install model procedures based on the practices used by 
the NHS and Social Work Departments. The basic rules are:

<bull>    fully informed consent of the student to the processing (e.g. no 
disclosure without consent). There is a very good booklet in the "Duties of 
a doctor" series entitled "Confidentiality". It can be obtained from the 
General Medical Council (in London) and deals with advice on how GPs are to 
cope with subjects such as disclosure within teams, to employers, to 
insurance companies, to parents and use of data for research and 
administrative purposes. If you get this booklet, you will be able to start 
using procedures which will always have the in-built defence "we only do 
what the doctors do, and follow their best practice". Note that consent, if 
fully informed, will legitimise the processing as required by the First 
Principle and Schedules 2 and 3 of the 1998 Act. If information needs to be 
transferred to other professionals, this should be with consent; however in 
some cases there might be a rare case for disclosure without consent (e.g. 
if it was in the vital interests of the student or another individual to 
make the disclosure)

<bull>    proper recording practices of counselling sessions (e.g. when 
session held, who was there, key decisions reached (if any); reasons for 
decision, summary of advice given; actions agreed at the session; date of 
next session; any other important detail such as "what to do if this does 
not work")

<bull>    open access by the student to all records which relate to their 
care, including all comments made by carers (but the exemptions in S.30 of 
the Act might be applied if your councillors are health professionals or 
qualified social workers)

<bull>    a deletion policy with respect to care records (e.g. you will need 
to justify why you retain care records which relate to ex-students). If such 
records are important to the care of the student after that person has left 
the institution, these records can be forwarded to the proper authorities 
with consent of the student

<bull>     security considerations with respect to the protection of 
personal data, and their disposal.

<body>Yours sincerely

<body>Sonya

 ----------
> From: [log in to unmask]
> To: [log in to unmask]
> Subject: CoP - Employee and student counselling
> Date: 05 June 2000 19:51
>
> <<File Attachment: ENVELOPE.TXT>>
> Request for comments
>
> *Key* <T> = title <ST> = Subtitle <R> = Recommendation
>
>   <T>CounsellingServices
>
> Most HE and FE institutions provide Counselling Services for employees
> and students.  Such Counselling Services will, in the course of their
> ordinary operations, be legitimately collecting and processing personal
> data, including sensitive personal data (See The Data Protection
> (Processing of Sensitive Personal Data) Order 2000, s.4).
>
> <R> HE and FE Employee and Student Counselling Services should:
>
>  - provide clients with:
>
>  -- guidance to the service_s personal data policies on data collection
> and retention
>
>  -- guidance on access to counsellors_ notes and other records that refer
> to them
>
>  -- a timescale for destruction of the client_s personal data.
>
>  - make acceptance by the client, of the service_s record-keeping
> practices, part of the contract with the service.
>
> -   permit counsellors to discuss a client_s records with that
> client, whilst ensuring that, in such discussions, references to
> third parties are withheld.
>     -   ensure total confidentiality of client personal data, subject
> only     to the following exceptions:
>
>  -- where the counsellor has the express consent of the client to
> disclose the data.
>
>  -- where the counsellor believes that serious harm may befall a third
> party if the data were not disclosed.
>
>  -- where the counsellor would be liable to civil or criminal court
> procedure if the data were not disclosed.
>
>  - ensure all records are kept securely and remain confidential within
> the service.
>
>  - provide for the secure disposal of personal data that is no longer
> required
>
> <R> HE and FE Employee and Student Counselling Services may keep "risk
> registers" (e.g. lists of individuals who may be violent so that
> counsellors can check before they arrange one-to-one meetings).   Access
> by counsellors to such "risk registers" should be available only on a
> _need to know_ basis.  Inclusion on a "risk register" may not be
> disclosable to a data subject under subject access on the grounds that
> the health & safety of counsellors may be at stake  (s31(2)(e)).
>
> <R> HE and FE Employee and Student Counselling Services should ensure
> that where counsellors discuss casework with supervisors:
>
> -   such discussion should be in general rather than specific     terms,
> so that personal circumstances may be revealed, but     not the identity
> of the client; or
>      - the client should be informed in advance that the that counsellor
> may discuss their case with a supervisor should they feel it necessary.
>
> <R>HE and FE Employee and Student Counselling Services should ensure
> counselling members of staff are bound by a Code of Ethics and Practice
> (e.g. the British Association for Counselling (BAC) Code of Ethics).
>
>
>
> Andrew Charlesworth
> Senior Lecturer in IT law
> Director, Information Law and Technology Unit
> University of Hull Law School
> Hull, UK, HU6 7RX
> Voice: 01482 466387   Fax:   01482 466388
> E-mail: [log in to unmask]
>
> 

******************** E-mail confidentiality notice ********************

This message is intended for the addressee only.  It is private,
confidential and may be covered by legal professional privilege or
other legal or attorney/client privilege. If you have received this
message in error, please notify us and remove it from your system.

If you require assistance, please contact our London PC Support
department (telephone +44 (0) 20 7490 6949).

Masons is an international law firm with offices in London, Bristol,
Glasgow, Leeds, Manchester, Brussels, Dublin, Hong Kong, Guangzhou
and Singapore.

Further information about the firm and a list of partners is
available for inspection at 30 Aylesbury Street, London EC1R OER
or from our Web site at www.masons.com

***********************************************************************




%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%