Skip to content
English
  • There are no suggestions because the search field is empty.

Client Personal Sensitive Information

As part of your practice, you will be required to collect personal information about your client such as:

Sensitive personal data

Details of racial or ethnic origin
Political, religious, or philosophical beliefs
Organizational data
The processing of genetic data and/or biometric data for the purpose of uniquely identifying a natural person
Health details
Information about a person's sex life or sexual orientation.

Personal data

This type of data does not fall under the category of ‘sensitive personal data’ can be referred to as ‘general/ordinary personal data’.

Ordinary personal data may include personal identification details such as name and address, customer relationships, personal finances, tax-related matters, debts, sick days, work-related circumstances, family circumstances, residence, car, qualifications, applications, CV, date of employment, position, area of work, work phone, key data: name, address, date of birth, IP address or other similar non-sensitive information.

Each country may have its own categories but for the purposes of this article, we will be focusing on these 2 primary areas as an example.

Within your course, we will cover the basics of data protection, but this article covers how you might consider data when choosing systems to store or interact with your client.

Due to the wide range of students and graduates who train with us, we are unable to advise on which software or services are compliant with your business practice, state, or country, but generally these fall into two categories.

Two types of systems you may come across:

CRM - CRM stands for Customer Relationship Management. It's a technology used to manage interactions with customers and potential customers. A CRM system helps organizations build customer relationships and streamline processes so they can increase sales, improve customer service, and increase profitability.

CRM systems are mainly aimed at sales and marketing and not client health data or personal sensitive data.

Medical Compliance Software - In some countries, especially the USA, if you are working with clinical data, especially if you are sharing that with third parties, such as insurance companies, you may need to use software that is compliant with the data regulations in your country.

For example HIPPA in the USA. HIPAA is a US regulation that stands for Health Insurance Portability and Accountability Act (HIPAA). In the UK this would come under the data protection act and within Europe GDPR.

Each country will have its own rules and regulations around how data can be stored and transferred and may have specific requirements around software that is compliant.

As a school, we cannot advise what software you should and should not use, but it is important that you use the correct software to store the collect data, in line with your own country or state's regulations.

As a business owner, it is key that you choose the correct software for your needs that also comply with the law.

You may be advised by colleagues which package to buy, but do your own research first.

A good example and a popular product is 17 Hats; this is a CRM and is not HIPPA compliant, so buyer beware.

If you are unsure, most software providers will have articles on their website or you can contact them to ask the question.

In the UK and Europe, for example, you must by law, if processing personal data electronically, this includes email, be registered with your country's data governance organization.

Useful websites for UK and USA data regulations are listed below.

If you are not in the UK or USA then Google data protection regulator for your country, and you should find the correct organization, or speak to your local authority or business support center who will advise.

UK - ICO (Information Commissioners Office - https://ico.org.uk/
USA - HIPPA (Health Insurance Portability and Accountability Act) https://www.hhs.gov/

It is important as a business owner to be aware of your obligations in your country, regarding how you use and process data, although this is covered within your course, it is just an overview and we recommend that you seek official guidance from your country or state.

Unfortunately, we cannot give legal guidance around this matter above the information contained in this article.