Supporting Caldicott Guardians across the UK


The common law duty of confidentiality

Common law (case law) is law that has developed through the courts making decisions in cases on legal points and creating binding precedents—in contrast to statutory law, which is determined by acts of parliament. Common law may be used to fill a gap in statutory provision or to interpret what the statute might mean in particular circumstances. There is no statutory provision which sets out a duty of confidence as such, although the DPA provides legal obligations in relation to data sharing.

The legal obligation for confidentiality is one of common law, which means it will change as case law evolves. The so-called ‘common law duty of confidence’ is complex: essentially it means that when someone shares personal information in confidence it must not be disclosed without some form of legal authority or justification. In practice this will often mean that the information cannot be disclosed without that person’s explicit consent unless there is another valid legal basis. It is irrelevant whether the individual is old or has mental health issues or indeed lacks capacity: the duty still applies. (See also Information sharing and disclosure: legal considerations and the GMC guidance on confidentiality. Common law requires there to be a lawful basis for the use or disclosure of personal information that is held in confidence, for example:

  • where the individual has capacity and has given valid informed consent;
  • where disclosure is in the overriding public interest;
  • where there is a statutory basis or legal duty to disclose, e.g. by court order.