Freedom of Information Request: 0614 2019/20
1 – JD/Band for DPO
Please see attached document Band 8c JD – Deputy Foundation Secretary
2 – JD/Band for IG Manager
Please see attached document Band 8a JD – IG Lead
3 – JD/Band for joint post of DPO/IG Manager
We do not have a joint DPO/IG Manager post
4 – Structure to show DPO route to Board (Also show all staff that support DPO role)
Please see attached document – Board To DPO and IG Structure
5 – Structure to show IG Manager role identifying all staff who support IG Manager and IG agenda
Please see attached document above
6 – Please list additional work load generated following implementation of DPO responsibilities.
There is no additional work load generated specific to the implementation of DPO responsibilities. Additional work load was generated following the implementation of the Data Protection Legislation, and other frameworks that follows such as Data Security Protection Toolkit which was driven by NDG Data Security Standards and/or national/regional partnership initiatives to deliver improved services including streamlining information sharing.
7 – what if any areas of concern and potential conflict have been raised between the IG Manager/DPO role (please provide rationale why you feel there is a conflict) and how you have resolved.
Not Valid Under Freedom of Information
8 – Does FOI currently sit under your IG/DPO role within your organisation (if it does NOT) please state where this sits.
9 – Please state lead areas for the IG Manager and lead areas for the DPO and how these differ.
Information Governance Lead
- Co-ordinate the IG work programme and professionally report to the DPO and the SIRO;
- Contribute to the development and maintenance of the currency of comprehensive and appropriate documentation that demonstrates commitment to and ownership of IG responsibilities;
- establishing working groups, if necessary, to co-ordinate the activities of staff given IG responsibilities and progress initiatives;
- ensuring annual assessments using the DSPT and audits of DSPT policies and arrangements are carried out, documented and reported, in line with the requirements of the NHS Standard Contract;
- ensuring that the annual assessment and improvement plans are prepared for approval by the senior level of management, e.g. the board or senior management team, in a timely manner;
- ensuring that information governance staff understand the need to support the safe sharing of personal confidential data for direct care, as well as the need to protect individuals’ confidentiality;
- ensuring that appropriate training is made available to all staff and completed as necessary to support their duties.
- liaising with other committees and working groups in order to promote and integrate IG standards;
- monitoring information handling activities to ensure compliance with law and guidance;
- providing a focal point for the resolution and/or discussion of IG issues.
Data Protection Officer
- Accountable for ensuring effective management, accountability, compliance and assurance for all aspects of IG;
- Developing and maintaining the currency of comprehensive and appropriate documentation that demonstrates commitment to and ownership of IG responsibilities, e.g. an overarching high-level strategy document supported by corporate and/or directorate policies and procedures;
- ensuring that there is top level awareness and support for IG resourcing and implementation of improvements. This includes advisory function at the board level;
- providing direction in formulating, establishing and promoting IG policies;
- ensuring that the approach to information handling is communicated to all staff and made available to the public via Privacy Notice;
- liaising with programme boards in order to promote and integrate IG standards;
- monitoring compliance with law and guidance;
- handle queries of complaints received via ICO or serious personal data breach requires escalation to NHSD/ICO.
10 – In your organisation can you provide your policy on completion for Data Privacy Impact Assessments and advise who completes them
Project Lead will complete the PIA with assistance from IG Managers. Depending of the risk outcome, approval of the PIAs would come from the following:
Low Risk – IG Lead
Medium to High Risk – Digital Healthcare Executive/Information Governance Group Please
See the Privacy Impact Assessment Procedure for further details