Confidentiality Policy

Introduction:

Payana is a beacon of support and advocacy, particularly for sexuality minorities and individuals

living with HIV. Operating within such delicate contexts, where individuals often grapple with

societal stigma, discrimination, and personal safety concerns, the need for a robust confidentiality

and privacy policy cannot be overstated.

Payana's work extends to sexuality minorities who, due to societal pressures and fear of

discrimination, choose to conceal their sexual orientation from family, friends, and society at large.

The organization also provides vital support to individuals living with HIV, whose health status

demands utmost confidentiality to prevent discrimination and social ostracism. Moreover, Payana

interacts with community members and stakeholders who may find themselves navigating complex

situations, such as mixed orientation marriages, to shield themselves from societal judgment and

prejudice.

The consequences of breaching confidentiality and privacy within this context can be dire. It may

lead to irreversible harm, such as the loss of social status, family ties, or even endangerment of

mental health. In the most tragic scenarios, individuals may resort to self-harm or harm others if

their confidentiality is compromised.

Given the high stakes involved, Payana recognizes the critical importance of adhering to a strict

confidentiality and privacy policy. Every individual within the organization must understand their

role in safeguarding the privacy and dignity of those they serve. Failure to uphold these principles

could result in devastating consequences for the very individuals whom Payana seeks to empower

and protect.

Maintaining confidentiality and privacy is a fundamental principle of Payana's operations, and any

breach of this policy will be taken seriously and addressed promptly to ensure the protection of

individuals' rights and the integrity of the organization. By adhering to the principles outlined in this

policy, Payana is committed to protecting the confidentiality and privacy of individuals associated

with the organization, and to maintaining the trust and confidence of our constituents, stakeholders,

and employees.

Preamble:

Payana is committed to upholding the highest standards of confidentiality and privacy in all aspects

of its operations. This policy is designed to ensure the protection of personal information and the

privacy rights of our constituents, stakeholders, and employees, particularly marginalized sexuality

minorities, sex workers and people living with HIV.

Page 2 of 4

Scope:

This Policy applies to all employees, volunteers, contractors, partners, and stakeholders of Payana.

Aim/Purpose:

The aim of this policy is to establish guidelines for the collection, use, disclosure, and protection of

personal information in order to maintain the confidentiality and privacy of individuals associated

with Payana.

Definition of Confidentiality and Privacy:

Confidentiality refers to the obligation to safeguard personal information and prevent unauthorized

disclosure. Privacy refers to the right of individuals to control the collection, use, and disclosure of

their personal information.

Importance of Confidentiality and Privacy:

Maintaining confidentiality and privacy is essential to fostering trust, respect, and dignity in our

relationships with marginalized communities and vulnerable populations. It is also crucial for

ensuring compliance with legal and ethical standards, protecting individuals from discrimination and

stigma, and upholding the integrity and reputation of Payana.

What This Policy Seeks to Achieve:

 To establish clear guidelines and procedures for the collection, use, and disclosure of

personal information.

 To protect the confidentiality and privacy of individuals associated with Payana, particularly

marginalized sexuality minorities and people living with HIV.

 To promote trust, transparency, and accountability in our relationships with constituents,

stakeholders, and employees.

 To ensure compliance with legal and regulatory requirements governing the handling of

personal information.

Principles Guiding Payana's Confidentiality and Privacy Policy:

Consent: Personal information will only be collected, used, and disclosed with the consent of the

individual concerned, except where permitted or required by law.

Confidentiality: Payana will take reasonable measures to safeguard personal information from

unauthorized access, use, or disclosure, including implementing appropriate security measures and

protocols.

Purpose Limitation: Personal information will only be collected for specified and legitimate

purposes, and will not be used or disclosed for purposes other than those for which it was collected,

except with the consent of the individual concerned or as required by law.

Page 3 of 4

Data Minimization: Payana will only collect personal information that is necessary for the purposes

identified, and will not retain it for longer than necessary. The importance of Data Safety and

security of protected or confidential data is further illustrated in the IT Manual.

Accountability: Payana will designate an Ombudsman responsible for overseeing compliance with

this policy and handling inquiries or complaints related to privacy and confidentiality.

Breach of Confidentiality and Privacy

Payana considers the breach of confidentiality and privacy as a serious offense, which undermines

the trust, integrity, and reputation of the organization. The following actions constitute breaches of

confidentiality and privacy:

1. Unauthorized Disclosure: Sharing personal or sensitive information with unauthorized individuals

or entities without the consent of the individual concerned or the consent of Payana management

shall constitute a breach of confidentiality or privacy. This includes discussing confidential matters in

public spaces, on social media platforms, or with individuals who do not have a legitimate need to

know.

2. Accessing Information Without Authorization: Viewing, accessing, or obtaining personal or

sensitive information without proper authorization or a legitimate business need (as determined by

the Payana management). This includes accessing electronic records, files, or databases that contain

confidential information without permission.

3. Improper Use of Information: Using personal or sensitive information for purposes other than

those for which it was collected or authorized. This includes using confidential information for

personal gain, harassment, or discrimination against individuals associated with Payana.

4. Failure to Safeguard Information: Failing to take reasonable measures to protect personal or

sensitive information from unauthorized access, use, or disclosure. This includes leaving confidential

documents or electronic devices unattended, using weak passwords, or failing to secure physical or

digital files containing sensitive information.

5. Negligent Handling of Information: Careless or negligent handling of personal or sensitive

information that results in its loss, theft, or unauthorized disclosure. This includes leaving

confidential documents in public view, sending sensitive information via unsecured email or postal

services, or failing to properly dispose of confidential materials.

6. Unauthorized Alteration or Destruction of Information: Making unauthorized changes to personal

or sensitive information or intentionally destroying or tampering with records to conceal

wrongdoing or manipulate information.

7. Failure to Report Breaches: Failing to report breaches of confidentiality and privacy in a timely

manner to the designated Ombudsman or relevant authorities, as required by law or organizational

policies.

Consequences of Breach:

Page 4 of 4

Any breach of confidentiality and privacy will be thoroughly investigated, and appropriate

disciplinary action will be taken against the responsible individual(s). Consequences may include but

are not limited to:

- Verbal or written warning

- Suspension or termination of employment or contract

- Legal action and civil liabilities

- Reputational damage to the individual and the organization

Reporting Breaches:

Employees, volunteers, contractors, and partners are required to report any suspected breaches of

confidentiality and privacy to the designated Ombudsman or relevant authorities as soon as

possible. Failure to report breaches may also result in enquiry and/or disciplinary action against the

errant personnel. All personnel shall be protected through the Payana Whistleblower Policy in their

reportage of any breaches, misconduct or wrong-doings under the Confidentiality and Privacy Policy.

Punishment and Penalties for Violations:

Violations of this Confidentiality and Privacy Policy may result in disciplinary action, up to and

including termination of employment or contract, as well as potential legal consequences in

accordance with applicable laws and regulations.

Non-Disclosure Agreement

As part of my association with Payana, I, [Employee/Volunteer/Contractor Name], acknowledge and

agree to maintain the confidentiality of any sensitive information to which I may have access in the

course of my duties. I understand that this includes but is not limited to personal information

relating to sexual orientation, gender identity, HIV status, and any other sensitive information

disclosed by individuals associated with Payana.

I further agree not to disclose any confidential information to third parties without the express

consent of the individual concerned or as required by law. I understand that unauthorized disclosure

of confidential information may result in disciplinary action, up to and including termination of my

association with Payana.

Signed: _______________________________

Date: _________________________________