top of page

Hempsted Playgroup and Toddlers
Confidentiality Policy


Hempsted Playgroup and Toddlers believe that the well-being of any child is of paramount importance.

We respect the privacy of all children, parents and carers attending our setting.

We aim to ensure that all parents and carers can share their information in the confidence that it will only be used to enhance the welfare of their children.


The Children Act 2004 was created to establish clear safeguarding guidelines to protect the wellbeing of children and young people.


Record Keeping


Confidential information and records about children, staff, parents, volunteers and any other professionals must be held securely and only accessible and available to those who have a right or professional need to see them’ Statutory Framework for the Early Years Foundation stage 2021 section 3.69 - 3.72  (GDPR Policy) 



Developmental Records

  • These include observations of children in the setting, samples of their work, summary developmental records, learning journey’s and records of achievement.

  • They can be accessed, and contributed to by staff, the child and the child’s parents at any time. The development records are passed on to parents when the child leaves the playgroup.


Personal Records

  • These include registration forms, signed consents, and correspondence concerning the child or family, reports or minutes from meetings concerning the child from other agencies, an ongoing record of relevant contact with parents, and observations by staff on any confidential matter involving the child, such as developmental concerns or child protection matters.

  • These confidential records are kept in a lockable cupboard in the office. (GDRP Policy)

  • Parents have access to the files and records of their own children but do not have access to information about any other child.


We inform parents when we need to record confidential information beyond the personal records that we keep:-

Physical intervention, bullying and behaviour issues (Behaviour Management Policy), any concerns/changes in relation to the child or the family unit (SEND, Safeguarding Policies).


Information Sharing

The seven golden rules to sharing information

1. Remember that the Data Protection Act 1998 and human rights law are not barriers to justified information sharing, but provide a framework to ensure that personal information about living individuals is shared appropriately.

2. Be open and honest with the individual (and/or their family where appropriate) from the outset about why, what, how and with whom information will, or could be shared, and seek their agreement, unless it is unsafe or inappropriate to do so.

3. Seek advice from other practitioners if you are in any doubt about sharing the information concerned, without disclosing the identity of the individual where possible.

4. Share with informed consent where appropriate and, where possible, respect the wishes of those who do not consent to share confidential information. You may still share information without consent if, in your judgement, there is good reason to do so, such as where safety may be at risk. You will need to base your judgement on the facts of the case. When you are sharing or requesting personal information from someone, be certain of the basis upon which you are doing so. Where you have consent, be mindful that an individual might not expect information to be shared.

5. Consider safety and well-being: Base your information sharing decisions on considerations of the safety and well-being of the individual and others who may be affected by their actions.

6. Necessary, proportionate, relevant, adequate, accurate, timely and secure: Ensure that the information you share is necessary for the purpose for which you are sharing it, is shared only with those individuals who need to have it, is accurate and up-to-date, is shared in a timely fashion, and is shared securely (see principles).

7. Keep a record of your decision and the reasons for it – whether it is to share information or not. If you decide to share, then record what you have shared, with whom and for what purpose.  

Information is written, recorded and placed in the relevant folders :- Safeguarding, SEND, GDPR


The Principles

The principles set out below are intended to help practitioners working with children, young people, parents and carers share information between organisations. Practitioners should use their judgement when making decisions on what information to share and when and should follow organisation procedures or consult with their manager if in doubt. The most important consideration is whether sharing information is likely to safeguard and protect a child.


Necessary and proportionate

When taking decisions about what information to share, you should consider how much information you need to release. The Data Protection Act 1998 requires you to consider the impact of disclosing information on the information subject and any third parties. Any information shared must be proportionate to the need and level of risk.

Information will be shared on the level of risk and urgency that is needed. We will only release the required information.

Everyone should have regard to GDPR and ensure the laws are applied. 

Freedom of Information Act 
Under the Freedom of Information Act certain information may be shared. This is only the case if this does not contravene GDPR. 


Only information that is relevant to the purposes should be shared with those who need it. This allows others to do their job effectively and make sound decisions. 

Adequate Information should be adequate for its purpose. Information should be of the right quality to ensure that it can be understood and relied upon.

We will only share the necessary information that is required for the right individual/s.   



Information should be accurate and up to date and should clearly distinguish between fact and opinion. If the information is historical then this should be explained.

We will only use information that is up to date and if any information we have is historical then we will ensure that it is clear and concise.



Information should be shared in a timely fashion to reduce the risk of harm. Timeliness is key in emergency situations and it may not be appropriate to seek consent for information sharing if it could cause delays and therefore harm to a child. Practitioners should ensure that sufficient information is shared, as well as consider the urgency with which to share it. 

Information will be shared within a realistic and reasonable timescale, depending on the urgency of the situation.




Wherever possible, information should be shared in an appropriate, secure way. Practitioners must always follow their organisation’s policy on security for handling personal information.

When sending information online we only use secure data transfer.



Information sharing decisions should be recorded whether or not the decision is taken to share. If the decision is to share, reasons should be cited including what information has been shared and with whom, in line with organisational procedures. If the decision is not to share, it is good practice to record the reasons for this decision and discuss them with the requester. In line with each organisation’s own retention policy, the information should not be kept any longer than is necessary. In some circumstances this may be indefinitely, but if this is the case there should be a review process.

Whether we share or do not share information, it will be written, recorded and reasons will be given on the decisions that are made and kept in a secure place.



Sharing information with other settings

When children attend more than one setting, information will be shared to enable both settings to support and extend the child’s learning and development.


Staff will not discuss personal information given by parents with other members of staff, except where it affects planning for the child’s needs.


Parents, students, volunteers and committee will not discuss any specific behaviour or observations which they may have witnessed while on the premises with any other parents or other persons and they are advised of our confidentiality policy and required to respect it. (Child Protection Policy)


Issues to do with the employment of staff, whether paid or unpaid, remain confidential to the people directly involved with making personnel decisions. 


Social Networking

  • Social Networking Sites MUST NOT be used to exchange confidential information regarding children or our setting.

  • General communications, relating to normal everyday activities within the setting, that are not personal or confidential may be used with discretion.                                                                                                                                         

  • (Personal Websites, Weblogs and Social Networking sites policy)




  • Grievances against any staff members must be kept confidential and discussed with the play leader/manager on the playgroup site.(Escalation Policy)






Reviewed August 2022

bottom of page