Supporting someone with their mental health often involves handling sensitive and personal information. This document outlines the key principles of*confidentiality and data protection in line with UK law, to help you act responsibly and ethically in your role.

What is Confidentiality?

Confidentiality means keeping private information shared by an individual safe and secure, and only sharing it when absolutely necessary and appropriate.

Why it matters:

• Builds trust
• Encourages open conversation
• Respects individual rights
• Ensures ethical and legal standards are met

When to Keep Information Confidential

As a Mental Health First Aider or supporter, you should only share information if you have consent from the individual.

Situations where it is appropriate to maintain confidentiality:

• General conversations about wellbeing
• Disclosures that do not indicate risk
• When the individual is in control of their support decisions

Always:

• Keep notes secure (if needed, and only with consent)
• Avoid discussing details with colleagues or others unnecessarily
• Use anonymised information when discussing cases in supervision or training

When You May Need to Break Confidentiality

Confidentiality is not absolute. You must consider breaching confidentiality if:

• The individual is at immediate risk of serious harm to themselves or others
• A safeguarding concern is raised (especially involving children or vulnerable adults)
• There is knowledge of a serious crime being committed or likely to be committed

In these situations:

• Explain to the person why you may need to share the information
• Reassure them that it will be shared only with appropriate professionals
• Involve your line manager or safeguarding lead if applicable

Data Protection: Your Responsibilities

Under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, any personal data you handle must be:

1. Used lawfully, fairly and transparently
2. Collected for clear, specific purposes
3. Relevant and limited to what is necessary
4. Accurate and kept up to date
5. Stored securely and only for as long as needed
6. Handled with integrity and confidentiality

Personal data includes names, contact details, health information, and any notes from conversations.

Unless you are in a formal HR or clinical role, you should not store any written records of sensitive conversations unless:

• You have the individual’s permission
• You have a clear, secure place to store it
• Your organisation requires it as part of policy

Top Tips for Maintaining Confidentiality

• Always have conversations in a private, quiet space
• Don’t leave written notes lying around or in shared folders
• Don’t share information via unsecure email or messaging apps
• When in doubt, seek advice from a manager or safeguarding lead

Confidentiality is about respect and responsibility. Trust is built when people know they can share without fear of judgement or exposure. But there are times when safety must come first. When handled with care, honesty, and clear boundaries, confidentiality strengthens support and protects everyone involved.

This document is for guidance only and does not replace legal or organisational policy.