I'm involved with a project in the County Durham/Tees Valley/North
Yorkshire area to implement information sharing protocols based on a 3 tier
model (the Scottish Model I believe). To me, having protocols in place -
what I refer to as a Pro-active Framework - in advance is by far preferable
to having to take decisions "on the hoof". The framework must answer five
questions:
What data do we want to share?
With whom do we want to share it?
Why do we want to share it?
How can we justify sharing it?
How do we comply with the law?
On a similar tack, a colleague provided me with some information which came
out of the East Sussex IRT project and asks ten similar questions:
Why do I/they want the information?
Sufficient need to know?
Is the request proportionate?
Is the information up to date/accurate?
Will there be secondary disclosure?
Do I need consent?
Have I got consent?
Is there another justification?
Have I recorded the sharing?
Am I sharing securely?
Wherever a desire (note desire, not need) to share data is identified - and
preferably before any specific case is involved - ask and answer these
questions honestly and I believe you will be a long way towards developing
the protocols/procedures you need.
Regards,
Graham
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|