Learn, Do Not Copy!
ALL DSDWEB RESOURCES ARE FREE. Please do pay for anything purporting to be from DSDWEB.

  1. Home
  2. >
  4. >
  5. Handle Information in Care Settings
  6. >
  7. Identify the legislation that relates to the recording,...

Identify the legislation that relates to the recording, storage and sharing of information in care settings


This page is designed to answer the following questions:

NOTE: This page has been quality assured for 2023 as per our Quality Assurance policy.

As a care worker, you will have access to the personal data of others, so you need to be aware of the legislation and best practices for recording, storing and sharing information.


If an organisation does not comply with information handling legislation, then it may be subject to a heavy fine as well as damage to its reputation.



The Data Protection Act and General Data Protection Regulations


The main pieces of legislation relating to the recording, storage and sharing of information are the Data Protection Act (DPA) 2018 and The UK General Data Protection Regulations (UK-GDPR).

The DPA sets out the framework for data protection in the UK. It was originally introduced in 1984 and has been updated regularly as technology has advanced. The latest incarnation came into force in 2018 and was amended in January 2021 when the United Kingdom (UK) left the European Union (EU).


GDPR was initially introduced in 2018 to bring the UK in line with EU data protection laws. UK-GDPR came into effect in January 2021 when the UK left the EU. In essence, GDPR affects the whole of the EU (EU-GDPR), and UK-GDPR is the UK’s implementation of EU-GDPR.

The DPA balances an individual’s right to privacy and an organisation’s right to hold their data by ensuring that personal information is stored securely, can only be used for what it was originally intended for when collected, be accurate and up-to-date and should be removed when no longer needed.


The key principles of the DPA are:

  • Fair, lawful, and transparent processing – data may only be processed for the reason that it was originally collected; organisations must be transparent about what they want to use the information for and must obtain the individual’s consent.
  • Purpose limitation – supports the previous point that data must only be used for the reason intended.
  • Data minimisation – only the minimum amount of personal data should be acquired to be used for the reason intended.
  • Accuracy – data must be accurate and up-to-date, and systems must be in place to correct errors.
  • Data retention periods – data should be deleted if it is no longer needed for its intended purpose or the individual requests that it is erased (their right to be forgotten).
  • Data security – data should not be accessible or erasable by unauthorised persons.
  • Accountability – organisations must be able to prove that they are complying with data protection laws and regulations.

The Freedom of Information Act

The Freedom of Information Act 2000 allows individuals to request certain information held by public authorities, including the government, local authorities, the police force, hospitals and GP surgeries.


This does not cover private companies and organisations.

In addition, it gives individuals the right to look at anything written about them, so if you work for a public authority, you must be aware that anything you write about an individual may be viewed by them in the future. Therefore you must ensure that everything you record is accurate and professional.


Common Law Duty of Confidentiality

Common law (in contrast to statutory law, which is passed in acts of parliament), is developed through judicial cases, reports and precedents.


The Common Law Duty of Confidentiality means that when personal information is provided, it should be kept confidential and not be disclosed to others without good reason.

Other legislation


Other legislation that indirectly relates to the handling of information includes:

  • The Human Rights Act 1998 – sets out the rights and freedoms of all UK citizens
  • The Care Act 2014 – sets out the rights of individuals to access information from local authorities relating to their care and support
  • The Health and Social Care Act 2008  (Regulated Activities) Regulations 2014 – established duty of candour and the Care Quality Commission’s fundamental standards

Agreed ways of working

Your employer’s agreed ways of working include their policies and procedures but can also include emails and verbal instructions. These are the ways that your employer requires you to work and should always be followed because they are designed to ensure that your work is within the law and meets best practices.


Some agreed ways of working that your employer may have relating to handling information can include:

  • Information handling policy and procedure
  • ICT policy, including password policy
  • How you record information
  • How you store information
  • How information should be shared
  • Guidelines for ensuring confidentiality

Codes of practice

Although not enshrined in law, codes of practice provide guidance about working in ways that follow best practices.


Caldicott principles

The Caldicott Principles are seven fundamental principles for protecting the private information of NHS patients. They are:

  1. Justify the purpose(s) of using confidential information
  2. Only use it when absolutely necessary
  3. Use the minimum that is required
  4. Access should be on a strictly need-to-know basis
  5. Everyone must understand his or her responsibilities
  6. Understand and comply with the law
  7. The duty to share information can be as important as the duty to protect patient confidentiality

Code of Conduct


The Code of Conduct for Healthcare Support Workers and Adult Social Care Workers in England contains guidance for information handling relating to confidentiality, particularly in Standard 5: Respect people’s right to confidentiality.

Ensuring records and reports comply with legislation and regulation


For the Level 4 Diploma, you will be required to demonstrate that you can ensure that records and reports comply with legislation and regulation.

How you do this will depend on your particular job role, but some approaches might include:

  • Monitoring your team’s records/reports and highlighting any non-compliance issues
  • Auditing your organisation’s policies and procedures relating to the recording, storing and sharing of information
  • Reporting concerns about processes that may not be compliant with your manager
error: Sorry, content is protected to prevent plagiarism!!