I agree completely. And it's a similar commitment to being transparent and serious about data security incidents in local government (in conjunction with the Data Handling Guidelines) which I suspect leads them sometimes to report those incidents to the ICO without properly assessing whether there has been a DPA contravention.
Jonathan Baines
Complaints and Information Rights Officer
Legal and Democratic Services
Buckinghamshire County Council
01296 383681
Follow us on twitter @buckscclegal
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: 29 November 2013 14:38
To: [log in to unmask]
Subject: Re: [data-protection] NHS notification of breaches
This is where the DH has done us all a disservice. Reportable incidents are not just about where the DPA has been broken. It's about managing issues to person identifiable information; being open and honest and sorting out those problems to ensure that confidentiality, integrity and availability of information is maintained. Throwing the IG reporting tool in which notifies the ICO simply draws attention from the wider needs of good IG and suddenly everyone is thinking it's all about the DPA. It's not.
Simon Howarth MSc. MBCS CITP
IG Specialist and Director
Mob. 07836 365588
@SSHowarth
Webtech Systems Limited t/a The Information Edge, registered in England No.
03428632.
More information from www.informationedge.co.uk
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Baines, Jonathan
Sent: 29 November 2013 14:25
To: [log in to unmask]
Subject: Re: [data-protection] NHS notification of breaches
Or, before that, without there having necessarily been a breach of the DPA.
The 2nd and 3rd incidents there could quite easily just describe individual errors or acts (i.e. the health org's corporate compliance could have been water-tight).
Jonathan Baines
Complaints and Information Rights Officer Legal and Democratic Services Buckinghamshire County Council
01296 383681
Follow us on twitter @buckscclegal
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Jones Sandre (NOTTINGHAM CITYCARE PARTNERSHIP)
Sent: 29 November 2013 14:12
To: [log in to unmask]
Subject: Re: [data-protection] NHS notification of breaches
SIRI: Serious Incident Requiring Investigation.
The first report has been published by the Health & Social Care Information
Centre:
https://www.igt.hscic.gov.uk/Publications/2013-Q3_Report%20of%20H&SC%20Close
d%20Level%202%20IG%20Serious%20Incidents_June%20to%20Sept.pdf
As anyone who has looked at the checklist has probably quickly identified, it's rather 'easy' to get to a total score of 2 without there actually having been any damage or distress caused ...
Sandre
Sandre Jones
Information Governance Lead
Nottingham CityCare Partnership
1 Standard Court
Park Row
Nottingham
NG1 6GN
Tel: 0115 883 9534 EXT 39534
Mob: 07545 422312
Nottingham CityCare Partnership CIC is registered as a company limited by guarantee.
Company Registration Number: 07548602
Registered address: 1 Standard Court, Park Row, Nottingham, NG1 6GN
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of White Sarah (DEVON DOCTORS LTD - NQW)
Sent: 29 November 2013 13:42
To: [log in to unmask]
Subject: Re: [data-protection] NHS notification of breaches
---
This message was sent from an email address external to NHSmail but gives the appearance of being from an NHSmail (@nhs.net) address. The recipient should verify the sender and content before acting upon information contained within.
The identified sender is [log in to unmask]
---
Yes it is. The trouble is the IG SIRI is a L2 and you report on the toolkit, the ICO are informed automatically whether you would have or not. The SIRI grading criteria doesn't quite seem to mirror, or say "see the DPA" their grading criteria is rather different.
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Baines, Jonathan
Sent: 29 November 2013 13:35
To: [log in to unmask]
Subject: Re: [data-protection] NHS notification of breaches
I think this is the key document, but NHS colleagues can no doubt clarify
https://www.igt.hscic.gov.uk/KnowledgeBaseNew/HSCIC%20IG%20SIRI%20%20Checkli
st%20Guidance%20V2%200%201st%20June%202013.pdf
Jonathan Baines
Complaints and Information Rights Officer Legal and Democratic Services Buckinghamshire County Council
01296 383681
Follow us on twitter @buckscclegal
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of GRAHAM Susan
Sent: 29 November 2013 13:21
To: [log in to unmask]
Subject: [data-protection] NHS notification of breaches
I have heard it said that it is standard practice for the NHS to notify all data protection breaches to the Information Commissioner, and that this is why so many of the monetary penalty notices relate to NHS organisations. Is there a policy document that sets out the NHS approach to breach notification and defines what should/should not be notified?
Best wishes
Susan Graham
--
The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Buckinghamshire County Council
Visit our Web Site : http://www.buckscc.gov.uk Buckinghamshire County Council Email Disclaimer
This Email, and any attachments, may contain Protected or Restricted information and is intended solely for the individual to whom it is addressed. It may contain sensitive or protectively marked material and should be handled accordingly. If this Email has been misdirected, please notify the author or [log in to unmask] immediately. If you are not the intended recipient you must not disclose, distribute, copy, print or rely on any of the information contained in it or attached, and all copies must be deleted immediately. Whilst we take reasonable steps to try to identify any software viruses, any attachments to this Email may nevertheless contain viruses which our anti-virus software has failed to identify. You should therefore carry out your own anti-virus checks before opening any documents.
Buckinghamshire County Council will not accept any liability for damage caused by computer viruses emanating from any attachment or other document supplied with this email.
All GCSx traffic may be subject to recording and / or monitoring in accordance with relevant legislation.
The views expressed in this email are not necessarily those of Buckinghamshire County Council unless explicitly stated.
This footnote also confirms that this email has been swept for content and for the presence of computer viruses.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
****************************************************************************
****************************************
This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.
Thank you for your co-operation.
NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSi recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere
****************************************************************************
****************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
****************************************************************************
****************************************
This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents:
to do so is strictly prohibited and may be unlawful.
Thank you for your co-operation.
NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSi recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere
****************************************************************************
****************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|