I second that!!!
Many thanks
Simon
I second that!!!
Many thanks
Trish
Trish-louise Bailey (MSc)
Information Governance (IG)
(responsible for: Information Sharing & Confidentiality, Informtaion Security, Information Quality & Assurance, Data Protection, Freedom of Information, Records & Information Management)
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: 19 November 2009 11:57
To: [log in to unmask]
Subject: Re: Data Protection and Information Security Policies
To some extent I agree with what Paul is saying and the NHS have "got
around" this issue by adopting "Information Governance" which incorporates
all the requirements of information compliance, security, confidentiality
and corporate assurance. More recently it's taking on more of a risk
assurance role.
www.igt.connectingforhealth.nhs.uk
If you want to construct a hierarchy then it's my belief that Information
Governance (and therefore DP and other stuff) should actually fall under
Records Management. The reason for this is that unless information (records)
is properly managed you do not know what you do not know (Rumsfeld?) and
therefore cannot be sure of complying with DP, FOI or confidentiality
requirements. It is my view that Records Managers have been too silent on
this issue and should be championing more their critical role in information
management and whilst there is no "right" way to structure information
management in an organization it is my firm belief that until RM is
implemented properly and oversees records and information in an
organization, that information management is not being done properly.
Simon Howarth.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Paul Ticher
Sent: 19 November 2009 11:10
To: [log in to unmask]
Subject: Re: [data-protection] Data Protection and Information Security
Policies
There may be some government agencies where Information Security is the
overarching issue (especially after all the recent kerfuffle), but surely
Data Protection is about compliance with all eight Principles, not just
Principle 7? In many organisations Information Security is possibly less
important than offering the right choices to comply with Principle 1 (or
have I misunderstood what InfoSec is?).
I feel there must be a matrix, not a hierarchy. For example,
Confidentiality is a major component of Data Protection and Information
Security, but also stands in its own right, because confidentiality covers
information that is not personal data, and may not even be recorded, and it
is subject to both common and contractual law. So now we've got three
interlocking policies, as a minimum, all giving a different and important
slant.
For the record, I'm with the 'short policy, backed up with explanation and
procedures (which may be long), and staff guidance (which must be short)'
brigade.
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
<snip>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error
please notify the originator of the message.
Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Telford & Wrekin Council.
The content of this email has been automatically checked in
conjunction with the relevant policies of Telford & Wrekin Council.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|