Confidentiality Policy

The Privacy Act 2020 applies to all agencies in NZ, which means it applies to The Navigators of New Zealand staff and volunteers. The Act is based on a set of principles about the collection, use and disclosure of personal information that is designed to protect individual's privacy. To find out more see the Privacy Principles on the Privacy Commissioner's website.

This Confidentiality Policy is part of helping The Navigators of NZ comply with its obligations under the Privacy Act. Complying with the Privacy Act is one way of protecting the significant trust placed in Navigator staff. Compliance reduces the risk of a privacy breach with the resulting negative impacts on any affected individuals and The Navigators of NZ. A privacy breach can cause significant harm to affected individuals. A privacy breach could result insignificant financial and reputational costs to The Navigators of NZ. In the event of a complaint the policies and processes of The Navigators of NZ would be scrutinised to determine whether its management of personal information complied with the principles in the Privacy Act.

This policy contains guidelines for how Navigator staff and volunteers (for simplicity both will be referred to as Navigators) use, retain, disclose and dispose of personal information about the people they meet with. Navigators may collect personal information when they meet with people for mentoring, bible study discussion etc. The policy does not apply to information gathered when Navigators staff are meeting with people in their personal capacity and not representing The Navigators of New Zealand.

Personal information is any information which tells us something about a specific individual. The information does not need to name the individual if they are identifiable in other ways e.g., their home address or specific facts about the person.

Principle 5 states that organisations must ensure there are safeguards in place that are reasonable in the circumstances to prevent loss, misuse, or disclosure of personal information.

Sharing Personal Information

Love is patient, love is kind. It does not envy, it does not boast, it is not proud. It does not dishonour others, it is not self-seeking, it is not easily angered, it keeps no record of wrongs. Love does not delight in evil but rejoices with the truth. It always protects, always trusts, always hopes, always perseveres.

1 Corinthians 13:4-7 NIV

Navigators can share personal information with other Navigators if it is necessary to discuss the needs of individuals. Where possible, names should not be used to identify individual people. Navigators should apply the principles in 1 Corinthians 13:4-7, sharing only what is loving and honouring to protect others.

The following steps should be taken, in order of best to worst:

  • Provide a written statement about how The Navigators of NZ handles personal information. This step would be appropriate when committing to a mentoring relationship. A simple template statement can be found at the end of this policy
  • Obtain verbal consent to share personal information with fellow Navigators when necessary for the individual’s personal and spiritual growth and development. Explain that no more personal information will be shared than is necessary. In the context of a small groups where personal information is likely to be shared, the small group leader should get the same written or verbal agreement from the participants.
  • Information can be shared that does not identify the person. Be aware however, that information that may not identify someone in one context, may allow them to be identified in another context. For example, Bob meets with Fred and has not obtained any of the permissions noted above. Fred shares that he is struggling with loneliness. Bob wants to tell others about this so that they can pray for Fred. However, Bob has to share this in a way that will not identify Fred. If Bob is meeting with lots of people, then he could say that a person that he is meeting with is struggling with loneliness. Or if the person Bob is telling does not know Fred then he can tell him about a person struggling with loneliness. The information should not allow the person to be identified.

Exceptions

Consent to disclose personal information is not required in the following situations:

  • there is serious danger in the immediate or foreseeable future to the person or others
  • the person’s competence to make a decision is impaired
  • legal requirements demand that confidential material be revealed

Use of Information Collected

It is important not to use information collected for one purpose for an unrelated purpose. An example that would be unacceptable would be sending fundraising requests to an individual using information collected during registration for attending a camp. A good rule of thumb is to think about whether it would be “creepy” to the recipient to be contacted about something using information provided for something else.

Newsletters and Prayer Letters

Navigators can share information about people they are helping if they do this in a way that does not disclose a person’s identity, or if they have received permission to share personal information. For names, pseudonyms or fake initials can be used instead of a person’s actual name. For example, “when I met with ‘L’ he agreed to pray together after sharing about his struggles with anxiety.”

Images

If people are not identifiable in the image e.g. the image is of the back of a persons’ head or from far away, then you do not need permission to use an image. If the person is identifiable in the image, then you need permission to use the image. If you are unsure whether you need to ask for permission, ask for permission.

For example:

Image

Permission not required

Image

Permission required

Here are some practical suggestions on how to obtain permission:

  • Tell people what you intend to use the image for when taking the photo and ask if people agree to this
  • Ask people prior to an event if they agree to images being used for Navigators publications

When in doubt ask for permission to use images.

Newsletters and Prayer Letters

Having good security over personal information you hold is essential to meeting Principle 5 of the Privacy Act. Therefore, all Navigators need to have strong passwords on any device storing personal information. Particular care needs to be taken with portable devices such as laptops or cell phones. Your work Microsoft account and any other website you use to store personal information should have a strong password.

Passwords on laptops should be passphrases, these are sentences you can easily remember, rather than a cryptic set of random characters. These are easier to remember and harder to crack. Your passphrase should not use separators like spaces or dashes between the words, because that gives a clue to where the words end. Each passphrase should have at least 4 words. There is no need to use symbols. Passphrases should not be based on personal information such as family names. Consider using a password manager (some, for example, Dashlane have effective free versions) to store passwords so that you can have unique and complex passwords for each application you use.

An example of a good passphrase is: "Godsolovedtheworld" (God so loved the world).

See this article if you want to know more: How to create a good password | CERT NZ.

Disposing of Personal Information

A key way to prevent a privacy breach is not to hold personal information. If you don’t hold personal information there is no risk of a privacy breach. A practical application of this is not collecting information unless it is necessary. A related discipline is to dispose of personal information that is no longer required.

Store required personal information in secure places. Once personal information is no longer needed destroy the personal information completely and safely digitally or physically (for example with a shredder or burnt). Examples of personal information no longer being required include registration information after a conference or mentoring notes after a mentoring relationship ends.

Confidentiality Agreement Template

I _____________________ agree that in this mentoring relationship my mentor___________________ can share information about me with other Navigator staff when necessary for my development. I can expect that my mentor will not share more information than is necessary.

Signed ____________________                                                                Date___________________