Ethical Standard Deep Dive: Standard 10
Throughout the month of October, members of the AFP Ethics Committee will be addressing each of the standards in our Code of Ethics. AFP Chief Advocacy and Strategy Officer, General Counsel and Ethics Committee Staffer Jason Lee explores Standard 10 which addresses one of the most important ethical principles: privacy and confidentiality.
Standard 10: Members shall protect the confidentiality of all privileged information relating to the provider/client relationships.
Jason: Trust forms the foundation of any relationship between a provider and their client, particularly the essential trust that privileged information will be kept confidential.
In an age when identity theft is an ever-present threat to both individuals and organizations, there is a heightened trepidation around the safety of confidential information, particularly any information related to donors or proprietary organizational strategies, programs, and products.
This increasing concern gave rise to the creation and implementation of the General Data Protection Regulation that was promulgated in Europe, and we can anticipate the development of similar regulations in North America. It underscores the value that the public and governments place on the confidentiality of privileged information.
News stories covering the exposure of confidential data by name-brand companies (due to data hackers, lax safeguards, or both) reveal the danger of losing trust around the protection of privileged information. It not only irreparably damages the relationships and those directly impacted by the data disclosure, but it also undermines public trust in the brand. To avoid similar public relations nightmares and to maintain the intrinsic trust necessary for any successful provider/client relationship, a provider must implement the requisite measures to protect their clients’ sensitive information. These measures should include staying current with the ever-evolving practices and technologies that combat data theft/disclosure.
- Ensuring that all legal requirements concerning privacy, confidentiality and privileged information concerning donors, clients and nonprofit organizations, as well as these ethical standards, are adhered to.
- Business members are organizationally required by the code, to ensure that their employees uphold this standard.
- Members urge their organizations to adopt and operate within written policies governing confidentiality of privileged information.
Examples of Ethical Behavior
- Developing policies for non-disclosure of privileged information.
- Assuring that staff and contractors are aware of the laws and regulations governing the appropriate use and disclosure of privileged information.
- If confidential information is received inadvertently, immediately notifying appropriate parties and returning and/or destroying information in any and all forms in which it was received.
- Establishing clear procedures for the use, transfer and release of confidential information.
- Providing and signing confidentiality agreements, where appropriate.
Example of Unethical Behavior
- Using privileged information for purposes other than those specified by law or explicitly approved by the protected party.
- Failing to take reasonable steps within a member’s control to protect privileged information from unauthorized use or disclosure.
- Failing to comply with the confidentiality standards set forth by this code while adhering to a strict reading of applicable law.