JISCMail - DATA-PROTECTION Archives

Can anyone give me any advice on the following scenario.

We are presently conducting an audit of databases held within our Trust.
One such form was returned with what looked like excessive information for
the purpose.  For background information, the project to which the database
relates is a joint venture between Social Work, Primary Care and Acute
Trusts within our area and is aimed at keeping people over the age of 60
within a specific post code area out of hospital and at home with
appropriate support.  Referrals for this project are obtained in a variety
of ways, from social work, from health visitiors, from relatives or carers
or even from the patients themselves.  The form designed for the database
records information which seemed to be excessive for the purpose, e.g.
national insurance number, ethnic origin, present and past medical
conditions, social reasons, support issues, living alone etc.  It transpires
that the form was simply designed from a social work form which has probably
been on the go for numerous decades and is used by social work to refer
clients to the project.  I am confused as to who the data controller is in
respect of this project (although I suspect it is the Trust)  and cannot
confirm that the data subjects (in social work's case) are even aware that
their sensitive information is being used for this purpose.  Is the way
forward to design a form specifically for the purpose of the project and
gain client consent on collection rather than copy social work's?  Any
advice welcome.

Alison

The information contained in this message or any of its attachments may be privileged
and confidential and intended for the exclusive use of the addressee. The views
expressed may not be offical policy but the personal views of the originator. If you are
not the addressee any disclosure, reproduction, distribution, other dissemination or use
of this communication is strictly prohibited.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^