(Thanks Lynn!) And a bit more context - in the NHS we insist of a s29 having signatory of Inspector or above (although no one has ever been able to tell me where that directive comes from, I think it's just about demonstrating sufficient seniority to make such a request).
Kind regards,
Andrew.
Andrew Harvey AMIRMS
Head of Information Governance
GDPR Data Protection Officer
Chair, Sussex-Wide Information Governance Group
Western Sussex Hospitals NHS Foundation Trust
Worthing Hospital, Lyndhurst Road, Worthing, BN11 2DH
Tel 01903 205111 x84508
Mob 07900 736922
Email [log in to unmask]
NHSmail [log in to unmask]
If unavailable [log in to unmask]
Is your Information Governance Mandatory Training up to date? If not, click here.
www.westernsussexhospitals.nhs.uk
The information contained in this e-mail may be subject to public disclosure under the NHS Code of Openness or the Freedom of Information Act 2000.
Any processing, redistribution, disclosure, or reproduction of this message, except as intended is prohibited. Unless the information is legally exempt from disclosure, the confidentiality of this e-mail and your reply cannot be guaranteed.
If you received this e-mail in error, please notify the sender and remove all copies of the message, including any attachments. Any views or opinions expressed in this e-mail (unless otherwise stated) may not represent those of Western Sussex Hospitals NHS Foundation Trust.
E-mails are not considered a secure medium for sending personal, sensitive or confidential information outside the Trust network unless encrypted and may therefore be at risk.
-----Original Message-----
From: Jackson, Lynn [mailto:[log in to unmask]]
Sent: 22 November 2017 13:02
To: Harvey Andrew (Western Sussex Hospitals)
Subject: RE: [data-protection] Data requests from police
I agree with Andrew.
We call 101 and go through the switchboard, which works really well. Police Officers submit requests via their own S29 form and some need reminding of this. Those who oppose our requirements are generally on a phishing expedition. I've never had a Force say they don’t have a S29 form.
Hope this is helpful.
Lynn Jackson (nee Sutcliffe), Academic Board Secretary Executive Assistant (Governance & Information Compliance), Secretariat Egerton Court 2 Rodney Street, Liverpool, L1 2UA
t: 01512313550 e: [log in to unmask]
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Harvey Andrew (Western Sussex Hospitals)
Sent: 22 November 2017 11:50
To: [log in to unmask]
Subject: Re: [data-protection] Data requests from police
If we couldn't suitably verify a request of any description (not just police / s29), we wouldn't release it. The burden of proof / justification for releasing is on the requestor, not the Data Controller; the DC's responsibility is to appropriately manage the data and ensure it's not seen by the wrong people or released inappropriately.
Kind regards,
Andrew.
Andrew Harvey AMIRMS
Head of Information Governance
GDPR Data Protection Officer
Chair, Sussex-Wide Information Governance Group Western Sussex Hospitals NHS Foundation Trust Worthing Hospital, Lyndhurst Road, Worthing, BN11 2DH Tel 01903 205111 x84508 Mob 07900 736922 Email [log in to unmask] NHSmail [log in to unmask] If unavailable [log in to unmask] Is your Information Governance Mandatory Training up to date? If not, click here.
www.westernsussexhospitals.nhs.uk
The information contained in this e-mail may be subject to public disclosure under the NHS Code of Openness or the Freedom of Information Act 2000.
Any processing, redistribution, disclosure, or reproduction of this message, except as intended is prohibited. Unless the information is legally exempt from disclosure, the confidentiality of this e-mail and your reply cannot be guaranteed.
If you received this e-mail in error, please notify the sender and remove all copies of the message, including any attachments. Any views or opinions expressed in this e-mail (unless otherwise stated) may not represent those of Western Sussex Hospitals NHS Foundation Trust.
E-mails are not considered a secure medium for sending personal, sensitive or confidential information outside the Trust network unless encrypted and may therefore be at risk.
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Danny Budzak
Sent: 22 November 2017 11:45
To: [log in to unmask]
Subject: [data-protection] Data requests from police
Hi all,
How are people on this list dealing with requests from police officers for personal data, or to confirm 'someone works at your organisation' and so on?
We received a request yesterday from what looks like a police officer from Camden. When I phoned the number to check this I got put through to Islington CID. They would not confirm or deny that the email came from a bona fide police officer. I am not prepared to pass on personal data on the basis of one email if I cannot validate the source.
We very rarely receive such requests (in fact this is the first one I can remember in over five years). I would prefer that they came from the data protection team at the Met Police rather than individual officers.
It would be useful to know what other people do.
We do have a CCTV control room but there is an existing process and protocol with the local police should they make requests for footage.
thanks + rgds
Danny
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
________________________________
Important Notice: the information in this email and any attachments is for the sole use of the intended recipient(s). If you are not an intended recipient, or a person responsible for delivering it to an intended recipient, you should delete it from your system immediately without disclosing its contents elsewhere and advise the sender by returning the email or by telephoning a number contained in the body of the email. No responsibility is accepted for loss or damage arising from viruses or changes made to this message after it was sent. The views contained in this email are those of the author and not necessarily those of Liverpool John Moores University.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|