Confidentiality Policy

1. Purpose 

The purpose of this Confidentiality Policy is to establish the obligations of all individuals, including staff, contractors, and agents of the College of Allied Educators (CAE), in protecting sensitive information from unauthorized disclosure. This policy applies to all types of confidential information, including but not limited to personal data and proprietary information. 

2. Scope 

This policy applies to all employees, contractors, agents, and other individuals who have access to confidential information in the course of their work with CAE. It covers all forms of information, whether written, electronic, or verbal, and applies regardless of how the information is stored or transmitted. 

3. Definition of Confidential Information 

Confidential information includes but is not limited to: 

  1. Personal Data: Information related to an identifiable individual, such as students, staff, or other stakeholders, protected under the Personal Data Protection Act (PDPA). 
  1. Proprietary Information: Information owned by CAE, including business plans, financial records, intellectual property, course materials, and internal communications. 
  1. Operational Information: Internal processes, policies, procedures, and any other information that could affect the operations or reputation of CAE if disclosed. 
  1. Third-Party Information: Information provided by external parties under confidentiality agreements, including partners, vendors, and service providers. 

4. Responsibilities and Obligations 

All individuals subject to this policy are required to: 

  1. Maintain Confidentiality: Ensure that confidential information is kept secure and only accessed or disclosed to those with authorized access on a need-to-know basis. 
  1. Use Information Appropriately: Use confidential information solely for legitimate work-related purposes and not for personal gain or other unauthorized purposes. 
  1. Protect Against Unauthorized Disclosure: Take reasonable precautions to safeguard confidential information from accidental or intentional disclosure to unauthorized persons. 
  1. Report Breaches: Immediately report any suspected or actual breaches of confidentiality to the appropriate supervisor or the Data Protection Officer. 

5. Handling of Confidential Information 

Individuals must adhere to the following practices when handling confidential information: 

  1. Physical Security: Store paper documents containing confidential information in locked cabinets or secure areas. Do not leave such documents unattended. 
  1. Electronic Security: Protect electronic documents with appropriate security measures, including passwords and encryption. Do not share login credentials or allow others to access information without authorization. 
  1. Communication Security: Avoid discussing confidential information in public areas or through unsecured communication channels. Use encrypted emails or secure file-sharing platforms for sensitive communications. 
  1. Disposal: Ensure that confidential information is disposed of securely, using methods such as shredding for paper documents or permanent deletion for electronic records. 

6. Disclosure of Confidential Information 

Confidential information may only be disclosed under the following conditions: 

  1. Authorized Disclosure: Information may be disclosed to individuals who have been granted explicit authorization to access it. 
  1. Legal Requirements: Disclosure may occur if required by law, regulation, or court order, in which case, the Data Protection Officer should be consulted prior to any disclosure. 
  1. Consent: Information may be disclosed with the explicit consent of the individual to whom the personal data pertains or the owner of the proprietary information. 

7. Breach of Confidentiality 

Any breach of confidentiality, whether accidental or intentional, may result in disciplinary action, including termination of employment or contract. CAE reserves the right to take legal action if a breach results in harm or potential harm to the organization. 

8. Training and Awareness 

CAE will provide regular training and resources to ensure that all staff understand their confidentiality obligations and the procedures for safeguarding confidential information. 

9. Policy Review 

This policy is reviewed once every two years or when there are significant changes in applicable laws, regulations, or CAE’s operational practices. 

10. Contact Information 

For questions about this policy or to report a confidentiality breach, please contact: 

Mr. Shahdan Sulaiman
Data Protection Officer 
Email: shahdan@icae.edu.sg 
Phone: 6533-0031 

Version 1.0