Karin Valentiner Ltd (the company) will manage the information collected from or relating to the client and any child being assessed or observed or discussed with great concern for privacy and confidentiality and in accordance with current professional and legal standards. Although the security of personal data has continuously been addressed by reference to the British Psychological Society's (BPS) Code of Conduct and the Health & Care Professions Council (HCPC) Standards of Conduct, Performance and Ethics, the way the company handles personal information has been strengthened and made more transparent by the provisions of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR 2016) requirements.
The GDPR requires the company to identify the legal basis upon which it processes personal data. The company will store personal data shared for the purpose of assessment and will do so lawfully, fairly and in a transparent manner. As the client will reasonably expect, given the context and nature of the relationship, the company will need to know who the client is. The intended purpose of processing this personal data is to conduct an educational psychological assessment, which includes psychometric profiling. In doing so, the company will only collect information that is relevant to the purpose of undertaking that assessment and the associated and expected reporting, profiling and advising. The company will reasonably require the following information:
- The client's name, address, contact number and email address and the name, date of birth, address and school of the person to be assessed. This will be collected during an initial phone consultation or email exchange. The company needs this information in order to communicate with the client so that it can inform the client about arrangements for an appointment.
- Some information about the purpose of the assessment and the nature of the difficulties/concerns of the person or persons to be assessed. The company may also need other personal information that the client deems to be relevant to this assessment. It is important to have a full understanding about the purpose of the assessment before proceeding and to gather background information, in order to tailor the assessment directly to the needs of the individual and make sure it is purposeful and helpful.
- Completion of a questionnaire that covers a range of areas, such as the strengths and weaknesses, behaviours, interests, social and emotional development, literacy/numeracy skills, medical issues, speech, language and communication issues of the person to be assessed.
- Completion of school or employer questionnaires, but the company will only send these with the consent of the client.
- Information from third parties such as school reports or reports from other professionals, e.g. Paediatrician, Speech and Language Therapist, Occupational Therapist or Clinical/Educational Psychologist.
- During the assessment, the psychologist may collect data about attainments of the person or persons being assessed, for example, from cognitive tests and various literacy and numeracy assessments. The data will be collected on paper and on test record forms. There may also be assessments relating to attention, concentration, emotional well-being and behaviour (for example, a child may be observed in class).
- Some of the assessments may be completed digitally using the Q-Interactive system on iPads published by Pearson. The iPads will be password protected and the client data will be transferred from the tablet, using a secure connection. The data from these electronic assessments will be stored in an encrypted database at Pearson's dedicated hosting facility in Toronto, Canada. The data stored by Pearson complies with the new GDPR laws and details of their data security and privacy policy can be found at: www.helloq.co.uk/content/dam/ped/ani/uk/helloq/downloads/q-interactive-data-security-white-paper.pdf
- All data will be stored securely in premises with an alarm system.
- Electronic information will be stored on a secure server. Reports will be password protected and not shared.