Which data privacy practice best preserves confidentiality when documenting IPV cases electronically?

• A. Share case notes with partners to improve safety.
• B. Store data on unsecured devices to reduce effort.
• C. Use secure systems, restrict access, encrypted storage, collect only necessary data, maintain confidentiality, follow legal guidelines, back up and audit logs, and avoid leaving devices logged in.
• D. Discard data after 30 days regardless of relevance.

Answer: (C)

Protecting sensitive information in IPV documentation hinges on controlling who can access data, how it’s stored, and what data is collected. The safest and most responsible practice is to use secure systems with strict access controls, encrypt data both in transit and at rest, collect only what is necessary for the case, maintain confidentiality in line with legal and professional guidelines, back up data with secure, auditable logs, and ensure devices are not left logged in or unattended. This combination minimizes the risk of unauthorized disclosure, supports accountability through audit trails, and keeps the information protected even if devices are lost or accessed by someone else. Sharing notes with partners, storing information on unsecured devices, or discarding data arbitrarily all create substantial confidentiality risks or hinder safety planning and compliance, making them unsuitable for protecting IPV-related information.