Learn, Do Not Copy!

Use agreed ways of working for checking the identity of anyone requesting access to the premises or information

This page is designed to answer the following questions:

NOTE: This page has been quality assured for 2021 as per our Quality Assurance policy.

Your employer will have agreed ways of working for checking the identity of anyone requesting access to the workplace or to information. It is important that you are familiar with these so that you know how to handle such situations correctly.

Security in the workplace is everyone’s responsibility and helps to keep yourself and your colleagues safe. It also protects any vulnerable individuals that may reside in the setting, who may be particularly susceptible to bogus visitors.

Accessing premises

Some policies and procedures that your organisation may use include:

  • Checking official ID of visitors
  • Visitors must sign a visitors book
  • Confidentiality policy
  • Checking with your manager when an unexpected visitor arrives
  • Challenging any unknown persons in the workplace – check who they are, whom they are visiting and the reason for their visit. Escort them to where they should be.
  • Check the visitor’s ID badge against their photograph and the name they provide you. If necessary, contact their employer to check their identity.
  • Use security technology such as door chains, door spy-holes, keycards and keycodes
  • Be aware that some individuals may not be able to have visitors (for example, if they are shielding due to a pandemic) and this should be politely explained to the visitor
  • Similarly, some individuals may not want visitors and their choice should be respected. This should be conveyed to the visitor politely.

If you are unsure about a visitor, you should politely deny them access until you are able to confirm their identity and business. In some cases (for example, they refuse to leave or become aggressive) you may need to request assistance from the police.

Accessing information

The Data Protection Act 2018 and the Human Rights Act 1998 protect an individual’s right to privacy and so their personal information should not be shared unless absolutely necessary.

Consent from the individual must be obtained before sharing their personal information, unless it is related to their care and support or there are extenuating circumstances (such as they are unconscious). As well as complying with the law, this also respects their right to privacy (a person-centred value) and helps to build trust. If you have to share information without an individual’s consent (e.g. if they have disclosed to you that they have been abused) it is courteous to explain to them that you have had to share this information with others.

If somebody requests information about an individual you should check if this is something they need to know and request consent from the individual. If you are unsure, you should speak to your manager.