I am registered with the Information Commissioner's Office - https://ico.org.uk/register (ICO ZB909196).
This means that "an organisation has officially acknowledged its responsibilities under the Data Protection Act 2018 and is committed to handling personal data in compliance with data protection laws."
I have additional security measures in the form of multi-factor password protection, paid for anti-virus software, firewall, ransomware remediation, and 'Full Domain Protection' features this website to prevent unauthorized domain actions, such as transferring away, changing nameservers and editing domain contact information. By verifying identity first to ensure the owner is the one making changes by notifying them and prompting them to provide a passcode.
Retention of client notes
There are no hard and fast rules on how long client notes should be kept for, however, BABCP’s legal advisers suggest that therapists instruct their executors to arrange the retention of client records for seven years after their last session with them.
Disposal of Client notes
GDPR rules say that personal data must not be retained for longer than necessary. Therefore, as soon the seven-year period has elapsed, the Executor will be responsible to arrange for the confidential disposal of the notes. Some record keeping companies can schedule disposal when they receive the records.
Informing Clients about the Clinical Will
GDPR requires that clients are provided with a Therapy Contract. The privacy part of this will include information on what will happen to your notes and information on the Clinical Will. If I die or become incapacitated within seven years of finishing therapy with you, your data will be shared with the Executor and any organisations which will securely hold their records until their disposal.
Please note: I utilise a third party software for storing client data. You can read thier General Data Protection Regulation (GDPR) information below:
As a data processor, Kiku is fully GDPR compliant - https://www.wearekiku.com/gdpr
Fully Encrypted
Their website and admin system is secured with RSA 256 bit SSL encryption, which means that clients' data is encrypted when both processed and stored.
Access to Kiku is both password and two-factor authentication protected to ensure that the personal information that we process and store remains safe and secure.
Kiku is hosted on AWS Ireland Servers which adhere to strict and robust security measures.
GDPR Compliant, UK Developers
Kiku was developed and is maintained by Jump Up Limited (ICO Z160546X) in accordance with the latest security compliance standards.
The website code-base is stored in a private UK based github repository with full version control and developer accountability.
Data access
Our support team are only able to view your and your clients' contact details and attendance history via the Kiku application which is both password and 2FA protected.
In the event of data loss our permitted members of the Kiku Development Team are able to access more sensitive information (clinical notes, emergency contacts etc.) in order to restore your records. Their access is through the application where they must tunnel via a secure SSH encryption, an intermediate Bastion server and subsequently provide an additional SSH key to reach the database.