It should be
noted that the requirement on the NHS to inform ICO of breaches only applies to
the NHS in
Nic Drew
DPO
From:
This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On
Behalf Of Ronan Durnin
Sent: 13 November 2009 12:59
To: [log in to unmask]
Subject: Re: Info
security[Scanned]
I have to say that I
agree with Simon. I work in a social work agency with the NI NHS (HSC as we
call it here!) and the IG regime here is brutally detailed. Its
implementation varies by organisation, be we are audited against DPA, Records
Management and ICT in great detail. The audits leave no stone unturned. Given
the size of the NHS nationally, it will more breaches than any other
organisation; it should be noted that the NHS employs around 1.3 million staff.
From:
This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On
Behalf Of Simon Howarth
Sent: 11 November 2009 17:47
To: [log in to unmask]
Subject: Re: [data-protection]
Info security[Scanned]
The NHS may be the
worst offenders in terms of reporting, but I doubt they are the worst overall.
I had this
conversation with the Deputy ICO. The NHS have “Information Governance” in
place to a very detailed level and well in advance of other public bodies. Part
of these arrangements are breach processes that mean that the ICO has to be
informed everytime there is a “SUI” Serious Untoward Incident. I work within
NHS Trusts and have worked for other public sectors and very few do this apart
from the NHS. This means that the NHS is being tarred with a brush for being
honest and upfront. Yes, it has to improve in a number of areas, but I wonder,
given the literally millions of records movements every day, just what
proportion breaches comprise. I would put cash money on any other public
authority being worse, but just not reporting there transgressions.
Seems the NHS is the
whipping boy for being advanced in IG thinking, processes and it’s desire to be
open, honest and above board.
If the ICO wants to
have a downer on the NHS it should concentrate its efforts on some of the
overpriced and worrying systems that it is developing which are creating HUGE
databases that have a laudable aim, but are being implemented in a questionable
way and which may cause far more breaches in the future.
The NHS is not
perfect, but I’d rather trust my details to these guys than most private sector
buffoons (technical word)...
Simon Howarth.
This message is strictly confidential and intended for the person or organisation to whom it is addressed. If you are not the intended recipient of the message then please notify the sender immediately. Any of the statements or comments made above should be regarded as personal and not necessarily those of Cardiff and Vale University Local Health Board, any constituent part or connected body.
All e-mail sent to or from this address will be processed by Cardiff and Vale University Local Health Board’s Corporate e-mail system and may be subject to scrutiny by someone other than the addressee.
Please be aware that, under the terms of the Freedom of Information Act 2000, Cardiff and Vale University Local Health Board may be required to make public the content of any emails or correspondence received. For further information on Freedom of Information or email monitoring, please refer to the Cardiff and Vale University Local Health Board website at www.cardiffandvaleulhb.wales.nhs.uk.
Mae’r neges hon yn gwbl gyfrinachol, ac fe’i bwriadwyd ar gyfer yr
unigolyn neu’r sefydliad y cyfeiriwyd hi ato/atynt. Os nad chi yw’r derbynnydd y
bwriedid y neges ar ei gyfer, byddwch mor garedig â rhoi gwybod i’r anfonwr yn
ddi-oed. Dylid ystyried unrhyw ddatganiadau neu sylwadau a wneir uchod yn rhai
personol, ac nid o anghenraid yn rhai o eiddo Bwrdd Iechyd Lleol Prifysgol
Caerdydd a’r Fro, nac unrhyw ran gyfansoddol ohono na chorff cysylltiedig.
Caiff pob e-bost a anfonir i / o’r cyfeiriad hwn ei brosesu gan system e-bost Gorfforaethol Bwrdd Iechyd Lleol Prifysgol Caerdydd a’r Fro, a gallai gael ei archwilio gan rai ac eithrio’r sawl a anfonodd y neges.
Cofiwch fod yn ymwybodol ei bod yn bosibl y bydd disgwyl i Fwrdd Iechyd Lleol Prifysgol Caerdydd a’r Fro gyhoeddi cynnwys unrhyw e-bost neu ohebiaeth a dderbyniwyd, yn unol ag amodau Deddf Rhyddid Gwybodaeth 2000. I gael rhagor o wybodaeth am Ryddid Gwybodaeth neu fonitro negeseuon e-bost, trowch at wefan Bwrdd Iechyd Lleol Prifysgol Caerdydd a’r Fro ar www.billcaerdyddarfro.cymru.nhs.uk .
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)