Confidentiality is the basis for a successful therapeutic relationship. It is what makes the client trust us and feel safe to open up and be honest. 

The first ethical principle in the BACP Ethical Framework is ‘Being trustworthy – honouring the trust placed in the practitioner’, and to show respect by protecting client confidentiality and privacy (3b) is one of our key commitments to clients.

Complaints about confidentiality

Complaints primarily arise because clients have assumed confidentiality to be absolute. They feel surprised and let down because their therapist has broken confidentiality, even if the therapist acted ethically or within the law. This has resulted in a loss of trust and an irretrievable breakdown in the therapeutic relationship.

Sometimes complaints are made when information has been shared within multi-disciplinary settings, such as GP surgeries, hospitals or schools.

They can also arise when a client asks their therapist to disclose information about them, but to do so may not be in the client’s best interest.

Key considerations for practice

Contracting with clients

Make it clear at the very beginning of work with each client that total confidentiality cannot be guaranteed so they can proceed on the basis of informed consent. Make it clear when and with whom you may need to share information about them, so they know that if they make certain disclosures you may not be able to keep that information to yourself. 

If you're working with children and young people, confidentiality and boundaries can require careful negotiation with clients and those with parental responsibility.


  • discuss confidentiality with your client at the contracting stage
  • be clear about the possible exceptions to confidentiality
  • be explicit about who you may need to share their information with, and who else has access to their records
  • explain that you need to discuss your casework with a supervisor
  • provide a copy of your privacy notice


  • promise total confidentiality
  • leave the discussion around confidentiality too late, for example until you hear information from them that may warrant disclosure

See Contracting - what complaints tell us

Record keeping

Keeping records that are appropriate, accurate, relevant, lawful and secure is vital for ethical practice and data protection. Make sure you:

  • get explicit consent from clients for keeping records and explain their right to see their notes (Subject Access Requests)
  • maintain records that are adequate and relevant but limited to what is necessary
  • keep clients’ names and contact details separately from their session notes and other records
  • keep records securely and safely disposed of when no longer required
  • familiarise yourself with and comply with GDPR legislation. Check whether you need to register with the Information Commissioner’s Office.

Client information can only be described as anonymous if it does not relate to an identified or identifiable person.

Making disclosures

Make sure you understand the difference between when you are required by law to break confidentiality, and when you are permitted by law to break confidentiality if it's in the public interest (discretionary disclosures). 

Examples of legally obliged disclosures include:

  • acts of terrorism
  • drug trafficking and money laundering
  • court orders or subpoenas

Examples of discretionary disclosures:

  • child protection and safeguarding
  • protection of vulnerable adults
  • risk of suicide or serious self-harm or harm to others


  • consult with your supervisor and obtain legal advice, for example via your professional insurer, if you're in any doubt about sharing information with a third party
  • unless it’s an emergency situation, give yourself time to reflect, consult and consider the possible consequences before taking action


  • act impulsively without consultation
  • be pressurised into handing over information unless legally obliged to do so, even to authority figures

Where client data is shared, what are known as the ‘Caldicott principles’ would normally be followed.

See GPiA 014 Managing confidentiality which includes a disclosure checklist.

Client consent

If you're considering breaching confidentiality, it's generally advisable and ethical to discuss it with your client and obtain their consent.

However, there are some occasions, when you legally have to make a disclosure even without their consent, or when it could be illegal to inform them (for example, terrorism). In other cases, it may be inadvisable to inform your client if it increases the risk of harm to a child or others, or where it may compromise a police investigation.

  • Be clear when you should obtain client consent before making a disclosure
  • Consider whether your client has the mental capacity to give explicit informed consent at this moment in time

Client requests

If a client asks you to disclose information about them, for example for a court case, this gives you the necessary legal authority to make a disclosure, but it may not always be in the client’s best interests to do so. 

Make sure you discuss the possible implications with your client before complying with their request. They may not be aware that they would have limited control over who sees that information, or that it could potentially be used against the client. Their records may contain information that is not relevant to the case in question which the client would not wish to be disclosed. You may be able to write a report rather than handing over the client records in their entirety.

See GPiA 069 Sharing records with clients, legal professionals and the courts 

Working in organisations

If you're working in multi-disciplinary settings, such as a GP surgery or hospital, there may be an expectation the client information will be freely shared. Make it clear at the contracting stage who else has access to the client’s data, and the reasons why anyone else might need to access it. 

  • Make sure you are familiar with the organisation's policies and guidelines