You may want to share personal information which was originally provided to you in confidence.

Case law has defined confidential information as something that has the “necessary quality of confidence about it” and is not public knowledge.

A duty of confidence will generally arise in circumstances where a person receives information that he/she knows or ought to know is being given in confidence.

In such cases the organisation or person given the information is restricted from using it for a purpose other than that for which it was provided, or disclosing it without the individual’s permission, unless there is an overriding reason in the public interest for this to happen or another law or power permits disclosure.

The term ‘public interest’ could be defined as something which is in the interests of the community as a whole, a group within a community or even an individual, for example, an  issue which affect peoples rights, health, wellbeing and finances.

When deciding whether there is a public interest in sharing ‘confidential’ information, you should consider if the sharing is necessary to :

  • protect someone from harm
  • prevent or detect a crime
  • apprehend an offender
  • comply with a court order or other legal obligation


  • If the person has given their consent to release the information?
  • If there any other reason in the public interest?

When deciding if the public interest should override a duty of confidence, consider the following:

  • Is the intended disclosure proportionate to the intended aim?
  • What is the vulnerability of those who are at risk?
  • Is there another equally effective means of achieving the same aim?
  • Is the sharing necessary to prevent or detect crime and uphold the rights and freedoms of others?
  • Is the disclosure necessary to protect other vulnerable people?

The duty of confidentiality can also extend to information relating to deceased individuals and that duty must be upheld. The Access to Health Records Act 1990 gives some eligible people the right to access health records of deceased individuals.

Caldicott Principles

 All health and social care organisations have a Caldicott Guardian to oversee access to patient and service-user information. Health and social care partners agree to access, share and disclose patient-identifiable information in accordance with the Caldicott principles:

  • Justify the purpose(s) for using confidential information
  • Only use it when absolutely necessary
  • Use the minimum that is required
  • Access should be on a strict need-to-know basis
  • Everyone must understand their responsibilities
  • Understand and comply with the law
  • The duty to share information can be as important as the duty to protect patient confidentiality

Confidentiality is also an important aspect of information security – helping to ensure information is available to authorised users only.