JISCMail - DATA-PROTECTION Archives

I second that!!!


Many thanks 


Simon

I second that!!!


Many thanks 
Trish
Trish-louise Bailey (MSc)
Information Governance (IG)
(responsible for:  Information Sharing & Confidentiality, Informtaion Security, Information Quality & Assurance, Data Protection, Freedom of Information, Records & Information Management)


-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Simon Howarth
Sent: 19 November 2009 11:57
To: [log in to unmask]
Subject: Re: Data Protection and Information Security Policies

To some extent I agree with what Paul is saying and the NHS have "got
around" this issue by adopting "Information Governance" which incorporates
all the requirements of information compliance, security, confidentiality
and corporate assurance. More recently it's taking on more of a risk
assurance role.

www.igt.connectingforhealth.nhs.uk

If you want to construct a hierarchy then it's my belief that Information
Governance (and therefore DP and other stuff) should actually fall under
Records Management. The reason for this is that unless information (records)
is properly managed you do not know what you do not know (Rumsfeld?) and
therefore cannot be sure of complying with DP, FOI or confidentiality
requirements. It is my view that Records Managers have been too silent on
this issue and should be championing more their critical role in information
management and whilst there is no "right" way to structure information
management in an organization it is my firm belief that until RM is
implemented properly and oversees records and information in an
organization, that information management is not being done properly.

Simon Howarth.

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Paul Ticher
Sent: 19 November 2009 11:10
To: [log in to unmask]
Subject: Re: [data-protection] Data Protection and Information Security
Policies

There may be some government agencies where Information Security is the 
overarching issue (especially after all the recent kerfuffle), but surely 
Data Protection is about compliance with all eight Principles, not just 
Principle 7?  In many organisations Information Security is possibly less 
important than offering the right choices to comply with Principle 1 (or 
have I misunderstood what InfoSec is?).

I feel there must be a matrix, not a hierarchy.  For example, 
Confidentiality is a major component of Data Protection and Information 
Security, but also stands in its own right, because confidentiality covers 
information that is not personal data, and may not even be recorded, and it 
is subject to both common and contractual law.  So now we've got three 
interlocking policies, as a minimum, all giving a different and important 
slant.

For the record, I'm with the 'short policy, backed up with explanation and 
procedures (which may be long), and staff guidance (which must be short)' 
brigade.


Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB

<snip>

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

--------------------------------------------------------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed. If you have received this email in error 
please notify the originator of the message. 

Any views expressed in this message are those of the individual
sender, except where the sender specifies and with authority,
states them to be the views of Telford & Wrekin Council.

The content of this email has been automatically checked in 
conjunction with the relevant policies of Telford & Wrekin Council.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^