OK, but data subjects can withdraw their consent and the system should be
able to cope with those cases.
Mike Lloyd
Assistant Head (Academic)
ISaCS
University of Glamorgan
Llantwit Road
Treforest
Pontypridd CF37 1DL
tel: 01443 482417
email: [log in to unmask]
> ----------
> From: [log in to unmask]
> Reply To: [log in to unmask]
> Sent: Thursday, August 17, 2000 4:32 PM
> To: [log in to unmask]; Broom; Doreen
> Subject: Re: Data Protection/Modernising Government
>
>
> Dear All,
>
> Yes, Doreen is quite right. Data Protection and "Joint up Government"
> are
> dragging L.A.'s in opposite directions. However ....
>
> 1. With the '98 Act, the Data Controller is "The Council". This should
> make it easier as there is less scope for the older turf wars between
> Depts. Data is "owned" by the Council. However, watch out for any
> special
> rules for CT data and don't forget confidentiality as the old Common Law
> duty still exists. Your new Notification should cover sharing data
> around
> the Council - as long as it is only the data needed, etc. Of course,
> this
> is all dependent on getting informed prior consent from the data subject
> to the use of their data for a purpose other than that for which it was
> originally supplied. Leeds is reviewing all its application forms (try
> defining an "application form" in your Council) with the aim of including
>
> statements about use of data and,if necessary, tick lists of purposes.
> Don't forget that most people will agree to data sharing WITHIN the
> Council if it might be to their advantage, e.g. they might get better
> services, more benefits, bins emptied better, etc. Its not just about
> stating the law. You may need to positively sell the advantages of
> allowing personal data to be used within the Council. (One possible
> practical solution is to use "Chinese Walls". If Dept. A wants data from
>
> Dept. B to pursue a new initiative, B can send a letter to its clients
> containing a message from A plus a replied paid envelope from A. If the
> client is interested in the new service, they can reply directly to A to
> ask for it. That way, A has no idea who B has mailed while B has no idea
>
> who replied to A. And the clients have given consent to A - providing
> some
> careful thought has been given the wording of the letter and they reply
> using a pro forma.)
>
> 2. Where there are joint initiatives involving other public sector
> groups,
> the use of contracts will be vital. A contract must cover all the rules
> about the data to be shared, who has access, security measures, training
> plus, naturally, strict rules about obtaining informed prior consent from
>
> data subjects - where this is necessary. Leeds already has one such
> contract in place for joint use of a housing waiting list by both our
> Dept.
> and local housing assocs. Others are in the pipe line.
>
> 3. Where health data is concerned, it is vital to become acquainted with
>
> "Caldicott Guardians" and "Caldicott Principles". The Principles are
> relatively simple but the Guardians - a real person in each bit of the
> NHS -
> will jealously guard access to any clinical data. This poses severe
> problems. E.g. we have had to go through several hoops to get hold of
> data
> about 4 year olds for next September's school entries. The practical
> approach here is to create "Caldicott Agreements" WITH EACH PART OF THE
> LOCAL NHS. You have to pick them off as they are incapable of acting
> jointly! We have one such agreement with the local hospital trust and
> Soc.
> Services to cover a Joint Care Planning Team getting little old ladies
> out
> of hospital and back into the community. (For example, where hospital
> staff
> access our data, they have to follow our published Security Policy and
> where
> our staff access their data, they follow the hospital's Security Policy.)
> So
> find out who your "Caldicott Guardians" are and get agreement to formal
> statements of joint working.
>
> 4. Where there are public/private sector initiatives, I dread to think
> what we are doing. Private sector attitudes to data protection are
> highly
> variable. In the current climate, it is difficult to give practical
> advice.
>
> 5. However, the general principles should be clear :-
> - informed prior consent must be obtained
> - some form of written and legally binding contract is necessary
> - make sure each side swaps their security policy (Principle 7) or even
> agrees a joint policy
> - include staff awareness/training and get them to sign a piece of paper
> that says "I understand and will abide by the Data Protection and other
> rules."
> Remember you can sack you own staff but you will have to sue others if
> there is a total #@*%$*-up. If you don't have a contract, it is difficult
>
> to sue a third party. So my advice is to actively pursue contracts in
> one
> form or another and act defensively.
>
> Roger Cook
> I.T. Security Manager
> Leeds City Council
>
> ______________________________ Reply Separator
> _________________________________
> Subject: Data Protection/Modernising Government
> Author: "Broom; Doreen" <[log in to unmask]> at Internet
> Date: 17/08/00 11:28
>
>
> All
> Have any of your organisations given any thought to the above?
> The Prime Minster wants this joined-up Government approach (I believe now
> by
> 2005) which I foresee as a means of sharing information within
> organisations
> both internally and eventually externally. This makes sense in some
> instances especially in connection with detection of fraud/crime
> prevention
> etc.
> How do you see our roles of Data Protection Officers because on the one
> hand
> Mod Govt wishes to make information freely available and on the other,
> Data
> Protection ensures that information is only obtained for one specific
> purpose and not freely disclosed. Really, both these agendas contradict
> each other.
> I would be glad to receive any views on this.
> Doreen Broom
> Data Administrator
> Scottish Borders Council
> Council HQ
> Newtown St.Boswells
> Melrose
> Borders TD6 0PX
> Tel: 01835 824000 (Ext.5444)
> Fax: 01835-825041
>
>
> ________________________________________________________________
>
> This e-mail is privileged, confidential and subject to copyright.
> Any unauthorised use or disclosure of its contents is prohibited.
> The views expressed in this communication may not necessarily
> be the views held by the Scottish Borders Council.
> _________________________________________________________________
>
>
>
> __________________________________________________________________________
>
> Please ensure that any attachments to this E-Mail are checked for viruses.
>
> __________________________________________________________________________
>
> ________________________________________________________________________
>
> The information in this email (and any attachment) may be for the
> intended recipient only. If you know you are not the intended recipient,
> please do not use or disclose the information in any way and please
> delete this email (and any attachment) from your system.
> ________________________________________________________________________
>
>
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
