Use of data

The General Data Protection Regulation (GDPR) requires consent for processing and storage of personal data.  (I am registered with the Information Commissioner's Office (ICO)).  Under GDPR, a child has rights over this personal data rather than parents or guardians, so they themselves will have the right of access to the information, even if they are too young to understand the implications.

In practice, if a child is young, these rights could potentially be exercised by parents or guardians but it is requested that therapeutic confidentiality is respected wherever possible.

​

I keep and retain ownership of the minimum of records necessary to support the work:

​

• Email – emails are used only to confirm or cancel appointments and are deleted from my email account a year after the end of the work.  Only a child's initials with no identifying details are used and none of the therapy is discussed via email.  Any attachments I send relating to the work are password protected.   I would ask that parents observe the same precautions in emails around their child's potentially sensitive data.

• Mobiles – texts are used only to confirm or cancel appointments and to make calls for parental feedback.  Mobile numbers are not stored and messages are deleted a year after the end of the work.     (I request that mobile contact is through parents only for those young people under 18.)

​

• Video calls - video sessions (if face-to-face sessions are not possible) are conducted on an encrypted platform, in a private space and not recorded.  Such online work takes place with an additional consent agreement.

• Records of sessions – a very short handwritten record in paper form is kept of each session, covering brief content, materials used and themes, along with a note of any contact outside sessions, e.g. a phone call from a parent.  This is to aid recall and to inform work for the future.  No notes are kept digitally.  Names and contact details are stored separately from these session records.

• Secure storage – all handwritten notes and records are kept securely under lock and key and only I have access to them (except in the case of my incapacity, when my Professional Executor would access them.)

• Length of storage – notes and records are retained for 7 years after completion of therapy, as recommended by my professional bodies and insurers, at which point they are securely destroyed.

• Artwork – any art or writing produced by the child is stored under lock and key and offered to them at the end of the work.  Those they do not want to take away are securely destroyed.

• Third parties - none of the data is passed on to third parties, unless I am legally obliged to do so, e.g. by a court, when this would usually be discussed with a parent and their child in advance, except when this would compromise their own, or another's, safety and security.

• Records review - Parents are free to contact me at any time if they want to arrange a meeting to discuss reviewing, accessing, correcting, limiting or erasing records.