Body

The protection of confidentiality is closely linked with the ‘"do no harm" principle. This is about making sure that NPMs do not put detainees (and staff) at additional risk because of their work. The main risks are linked with reprisals, retaliation or inter detainee violence. This principle should guide the entire information management process, from collection, to storage and any transmission to third parties. 

Improper handling of information can lead to identification of sources, unauthorized disclosure, modification or loss of information and to risks to the safety of detainees and others and violations of the rights to privacy. For example, neglecting the way in which data on the sexual orientation and gender identity of persons deprived of their liberty is collected can lead to discriminatory and stigmatizing practices towards this population. Information about the charges that detainees face or the reasons for their detention can also put them at significant risk, including of interdetainee violence. 

In addition to the do no harm principle, following principles may also serve as a reference for NPMs: 

  • Lawfulness: information must be processed in a lawful and transparent manner. 
  • Consent: obtain consent before gathering certain information, in particular when is related to personal data. 
  • Information: to inform the person about the processing of information, including what information or data will be collected and why. 
  • Quality: strive to ensure that the information collected is accurate, complete, relevant and up to date. 
  • Proportionality: only collect and store as much information or data as needed for the fulfillment of the NPMs mandate. 
NPM Category
Institutional development
NPM Topic
Confidentiality and data protection