Can anyone give me any advice on the following scenario. We are presently conducting an audit of databases held within our Trust. One such form was returned with what looked like excessive information for the purpose. For background information, the project to which the database relates is a joint venture between Social Work, Primary Care and Acute Trusts within our area and is aimed at keeping people over the age of 60 within a specific post code area out of hospital and at home with appropriate support. Referrals for this project are obtained in a variety of ways, from social work, from health visitiors, from relatives or carers or even from the patients themselves. The form designed for the database records information which seemed to be excessive for the purpose, e.g. national insurance number, ethnic origin, present and past medical conditions, social reasons, support issues, living alone etc. It transpires that the form was simply designed from a social work form which has probably been on the go for numerous decades and is used by social work to refer clients to the project. I am confused as to who the data controller is in respect of this project (although I suspect it is the Trust) and cannot confirm that the data subjects (in social work's case) are even aware that their sensitive information is being used for this purpose. Is the way forward to design a form specifically for the purpose of the project and gain client consent on collection rather than copy social work's? Any advice welcome. Alison The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. The views expressed may not be offical policy but the personal views of the originator. If you are not the addressee any disclosure, reproduction, distribution, other dissemination or use of this communication is strictly prohibited. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm all commands go to [log in to unmask] not the list please! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^