Employee Laptop Agreement Form INFORMATION SHARING PROTOCOL INTRODUCTION This protocol forms the by vqo83038

VIEWS: 0 PAGES: 21

More Info
									INFORMATION SHARING PROTOCOL

INTRODUCTION

This protocol forms the basis for the ethical and lawful exchange of information
between all organisations playing a part in child protection within the County of
Suffolk. These organisations are referred to in this Protocol as Relevant
Authorities (Paragraph 6.1).

A review of this Protocol will be undertaken every twelve months with
amendments only being made with the full agreement of all partner agencies.

This Protocol covers:

   The principles and process of data exchange

   The protection of data

   Confidentiality

   Access/limits on access to personal data

   Management of adherence to good practice in data exchange

   Indemnity




This is an SCB Policies an Procedures document – issue September 2006
CONTENTS
Legal and Duty Legislation

   1.   Common Law

   2.   European Convention On Human Rights - Article 8

   3.   Data Protection Acts 1984 and 1988

   4.   Adoption Act 1976

   5.   Children Act 1989

Management of the Protocol

   6. Parties/Signatories

Data Exchange
   7. General Principles

   8.   Examination of Other Agency Files during a Police Investigation

   9.   Information Exchange: Personal data

   10. Data protection/Liaison Officers

   11. Security

   12. Confidentiality

   13. Secondary use of Data

   14. Data Quality

   15. Documentation

   16. Indemnity

Appendices
Appendix A               Glossary of Terms
Appendix B               Procedure to be followed when requesting access to
                         personal data
Appendix C               Procedure to be followed when a request is received for
                         the disclosure of non personal/personal data
Appendix D               Administration: usage of forms supporting the data
                         exchange process
Appendix E               Forms
Appendix F               Determining Access to Personal Data




This is an SCB Policies an Procedures document – issue September 2006
LEGAL DUTY AND LEGISLATION

1      Common Law

1.1    There is an inherent duty of confidentiality attached to all information that
       may be shared under activities undertaken by the Relevant Authorities in
       order to tackle issues of Child Protection.

1.2    There are three broad reasons existing as justification for the disclosure of
       information held in confidence:

       (i)     When the Data Subject has given consent (wherever possible,
               practicable or appropriate the permission of the Data Source
               should be obtained.

       (ii)    When there is a requirement in law through a specific court order.

       (iii)   When the public interest in disclosure outweighs the public interest
               in confidentiality. This will normally be the case where disclosure is
               necessary to safeguard a child from significant harm.

2      European Convention on Human Rights - Article 8

2.1    The key principles of Article 8 are:

       (i)     Everyone has the right to respect for their private and family life,
               their home and the privacy of their correspondence.

       (ii)    There shall be no interference by a Relevant Authority with this
               right except as in accordance with the law and is necessary in a
               democratic society.

                         In the interests of national security
                         In the interests of public safety
                         For the economic well-being of the country
                         For the prevention of crime or disorder
                         For the protection of public health or morals
                         For the protection of rights or freedoms of others

       (iii)   Any interference shall be proportional to the aims of the disclosure.

3      Data Protection Acts 1984 and 1988

3.1    The Data Protection Act 1988 is primarily concerned with data that can
       identify individuals. It is intended to create a single legislative framework
       within which data may be shared and repeals and replaces the following
       Acts:
                The Data Protection Act 1984
                The Access to Personal Files 1987
                The majority of the Access to Health Records Act 1990




This is an SCB Policies an Procedures document – issue September 2006
3.2    There are eight Data Protection principles in the Data Protection Act
       1988. These principles are:

       (i)      Personal data shall be processed fairly and lawfully (qualified by
                schedules 2 and 3 of the Act).

       (ii)     Personal data shall be obtained only for one or more specified and
                lawful purposes and shall not be processed in any matter
                incompatible with that purpose or those purposes.

       (iii)    Personal data shall be adequate, relevant and not excessive in
                relation to the purpose or purposes for which they are processed.

       (iv)     Personal data shall be accurate and, where necessary, kept up to
                date.

       (v)      Personal data processed for any purpose or purposes shall not be
                kept longer than is necessary for that purpose or those purposes.

       (vi)     Personal data shall be processed in accordance with the rights of
                Data Subjects under the Act.

       (vii)    Appropriate technical and organisation measures shall be taken
                against unauthorised or unlawful processing of personal data and
                against accidental loss or destruction of, or damage, to personal
                data.

       (viii)   Personal data shall not be transferred to a country or territory
                outside the European Economic Area, unless that country or
                territory ensures an adequate level of protection for the rights and
                freedoms of Data Subjects in relation to the processing of personal
                data.

4      Adoption Act 1976

4.1    Personal data held by agencies (primarily social services) for the
       purposes of adoption is governed by the Adoption Act 1976 and
       associated regulations. This protocol does not apply to personal data
       held in connection with adoption.




This is an SCB Policies an Procedures document – issue September 2006
5      Children Act 1989

5.1    The Children Act 1989 and the many statutory instruments associated
       with the Act require in specified circumstances the disclosure of
       information between agencies involved in child protection.

5.2    Key provisions of the Children Act in relation to disclosure of information
       between agencies are as follows:

          A local authority providing services to children and families under the
           1989 Act may request help from any local authority, any housing
           authority or national heath trust provided that the request for help is
           compatible with other authorities and duties and functions. This would
           cover disclosure of personal data necessary to enable effect to be
           given to the assistance required. (Section 27)

          Where a social services authority is conducting a child protection
           investigation, it is the duty of any education authority, housing
           authority, any local authority, any health authority or national health
           service trust to provide the investigating authority with relevant
           information if called upon to do so. (Section 47(9) to (11)

       There are a large number of statutory instruments associated with the
       Children Act 1989 which contain duties and responsibilities which required
       disclosure of information between agencies. For example regulation 5 of
       the Arrangements for Placement of Children (General) Regulations
       requires a social services authority to notify various agencies including
       health and education as to the intention to place a child with foster
       parents, a children‟s home etc.

5.3    The Department of Health issues guidance on inter-agency working to
       safeguard and promote the welfare of children entitled “Working Together
       to Safeguard Children”. The guidance, issued under Section 7 of the
       Local Authority Social Services Act 1970, establishes Area Child
       Protection Committees comprised of representatives from agencies
       undertaking child protection work and establishes the basis for
       procedures governing multi-agency child protection work. The guidance
       covers disclosure of information between child protection agencies and in
       particular states in paragraph 7.29:

       “Professionals can only work together to safeguard children if there
       is an exchange of relevant information between them. This has been
       recognised in principle by the courts … Any disclosure of personal
       information to others must always, however, have regard to both
       common and statute law.”

       The guidance goes on to confirm (paragraph 7.32) that for child protection
       purposes, the public interest in the protection of children will often
       override the public interest in maintaining confidentiality.

       NB: Although personal data should therefore be routinely shared
       between agencies for child protection purposes, all the general


This is an SCB Policies an Procedures document – issue September 2006
         safeguards laid down by law and contained in this Protocol still apply. For
         example consent of the data subject to disclosure should always be
         sought where is practicable. However consent would not be necessary
         where disclosure is for the purposes of a criminal investigation or seeking
         consent would put the data subject, a child, another person, or in
         exceptional circumstances an employee of a child protection agency, at
         risk of significant harm.

MANAGEMENT OF THE PROTOCOL

6        Party/Signatories

6.1      This Protocol covers the exchange of information between Relevant
         Authorities; these authorities are:


6.2      It is the responsibility of all signatories to this Protocol to:

                Ensure that data exchanges are justified by, and in accordance with:

         (i)       The principles of data protection as enshrined in the Data Protection
                   Act 1998 (Paragraph 3 of this Protocol).

         (ii)      At least one of the three reasons existing as justification for the
                   disclosure of confidential information with regard to the rights of a
                   Data Subject under Common Law (Paragraph 1.2 of this Protocol).

         (iii)     Article 8 of the European Convention on Human Rights and the
                   circumstances in which disclosure is permitted (Paragraph 2.1 of
                   this Protocol).

         (iv)      The statutory responsibilities conferred on Relevant Authorities by
                   the Children Act 1989 and associated guidance (Paragraph 5 of this
                   Protocol).

     Only exchange information when such disclosure is necessary or expedient
      for the purposes of child protection.

     Ensure that information provided under the terms of this Protocol is not
      disclosed to any third party.

     Ensure that information exchanged is strictly in accordance with the
      stipulations concerning its personal nature: specifically care must be taken
      that any individual must not be able to be identified through any non-personal
      data provided (Paragraph 9.3).

     Ensure that the information is transferred and stored in an appropriate and
      secure manner (Paragraph 11).

DATA EXCHANGE

7        General Principles



This is an SCB Policies an Procedures document – issue September 2006
7.1    All data exchanged between Relevant Agencies under this Protocol must
       be:

          Relevant to activities/initiatives undertaken to protect children; and

          The minimum amount required for the specified purpose.

7.2    The Data Subject‟s right to access his/her personal data is not affected by
       this Protocol. An application by the Data Subject should be made to the
       Data Holding Agency in possession of the appropriate data.               In
       accordance with the Data Protection Act 1998 all forms and information
       exchanged under this Protocol will be considered to the third party
       information if such an application is made.

8      Examination of Other Agency Files during a Police Investigation

8.1    This Protocol does not apply to Police access to Agency files in the
       context of a criminal investigation or prosecution (and the Police and
       Social Care Services have a separate protocol on disclosure in those
       circumstances).

9      Information Exchange: Personal Data

9.1    For the purpose of data protection, the definition of „personal data‟ is not
       confined to the name of an individual, but covers all information which
       identifies a living individual, thus an address or even a post code is
       capable of being personal data (Appendix A).

9.2    Personal information relating to a victim, informant or witness should
       wherever possible be disclosed with the consent of the Data Subject.

9.3    When considering justifying disclosure of personal information and
       overriding the principles of confidentiality as enshrined in common law
       and Article 8 of the European Convention (Paragraphs 1 and 2) the
       following should be considered.

          It may be inappropriate or impossible to obtain the consent of an
           alleged perpetrator, as consent is likely to be withheld. Section 29(3)
           of the Data Protection Act 1998 allows disclosure of information where
           failure to do so might prejudice the prevention/detection of crime, or
           the apprehension/prosecution of offenders. Assessment must be
           made on a case by case basis and reasons recorded for the decisions
           made.

          With regard to third parties their consent to disclosure should be
           obtained.

          It is in the public interest to maintain a high standard of confidentiality
           so that people still have the confidence to come forward with their
           complaints or information.



This is an SCB Policies an Procedures document – issue September 2006
9.4    Children are entitled to the same duty of confidence as adults provided
       that, if they are under 16, they have the ability to understand the choices
       available to them and their consequences relating to any disclosure. If
       however, it is considered that a child is under the influence of another
       (e.g. perhaps in the case of alleged sexual abuse), confidentiality to the
       child may be breached in exceptional cases in order to safeguard the
       child. The child should however be informed of this first.

9.5    If the disclosure of personal information is necessary or expedient, the
       power to disclose must be agreed:

       (i)      With the consent of the Data Subject (Form CDP1)

       (ii)     Under the auspices of the Children Act 1989 (see Appendix E for
                forms).

       (iii)    In the interest of the Data Subject, e.g. in relation to his/her health.

       (iv) In the Public interest.

9.6    Where personal data is required for child protection purposes even when
       consent has not been sought or given, confidentiality still applies.
       Assessments should be made on a case by case basis whether:

              A disclosure is necessary to support child protection action.

              The public interest is of sufficient weight to override the presumption of
               confidentiality.

              The information is being processed fairly.

9.7    Guidelines for the disclosure of personal data (Data Protection Act of
       1998):

              Personal documentation must be destroyed when it is no longer
               required for the purpose for which it was provided.

              Any Requesting Agency may not keep any information shared for
               longer than the Data Holding Agency retains it or after its expiry date
               (see definition at Appendix A) as determined by the Data Holding
               Agency, has passed.

              Both/all parties should note disclosures of personal data.

              Any disclosure of personal data must have regard to both common law
               and statute law.

              The grounds for disclosure must be recorded.

              The signatories to the Protocol will nominate authorised named Data
               Protection/Data Liaison Officers to process written requests for
               personal information and a regularly updated register of such officers


This is an SCB Policies an Procedures document – issue September 2006
           must be maintained.

10     Data Protection/Liaison Officers

10.1   In order to ensure that personal information is exchanged in the most
       efficient, effective and safe manner, Relevant Authorities will designate
       Data Protection Officers/Data Liaison Officers. In selecting/appointing
       such officers Relevant Authorities must identify the minimum number of
       officers needed in order to retain operational effectiveness, dependent on
       the size and structure of the organisation. This may amount to a list of
       specific post holders.

10.2   These Officers should have responsibility for:

          Data protection (subject access).

          Data Quality

          Confidentiality.

          Security.

          Compliance.


10.3   Within the Relevant Authorities data should only be exchanged between
       data Protection/Liaison Officers. Information holders will not consider
       requests for information other than that requested by Data
       Protection/Liaison Officers.

10.4   There must be no movement of data without this officer‟s knowledge, and
       without the recording process being completed.

10.5   With regards to complaints any investigation will examine the process that
       led to the provision of data and will be handled by the Data
       Protection/Liaison Officer. Ideally this Officer will be the first point of
       contact for any complaints. This arrangement does not remove the right
       for complaints to be made directly to the Information Commissioner
       (formerly the Data Protection Registrar).


11     Security

11.1   The level of access to personal data is the responsibility of the Data
       Protection/Liaison Officer who is responsible for the security measures
       outlined above and the maintenance and security of passwords. An
       effective security policy must be in place in each Relevant Authority in
       accordance with the stipulations of the Data Protection Act 1998, and staff
       with authorisation to access personal data will be made fully aware of the
       terms of this protocol. An indicative minimum standard for data security is
       as follows:



This is an SCB Policies an Procedures document – issue September 2006
       (i)       Data disclosed as hard copy:

                    Data must be stored in a locked filling cabinet with the key
                     retained by the Data Protection/Liaison Officer.

       (ii)      Data disclosed and held on a network computer:

                    Databases/files are password protected with the record of
                     security passwords maintained by the Data Protection/Liaison
                     Officer.

                    If a database is shared hard copies of relevant files may only be
                     printed.

                    Database files are not left open on a computer when the
                     machine is unattended.

                    Backup disks of data are stored in a secure environment
                     (locked filing cabinet/safe) with the keys/combination held by
                     the Data Protection/Liaison Officer.

                    Except in the case of a laptop computer, the hard disk is
                     physically secured to the desk.

                    If the data is held on a laptop computer the equipment is stored
                     in a secure environment when not being used (locked
                     cabinet/safe) with the keys/combination held by the Data
                     Protection/Liaison Officer.

12     Confidentiality

12.1   When considering disclosure a balance must be found between the
       following public expectations:

             That personal information known to public bodies is properly
              protected.

             That information is shared between Relevant Authorities.

12.2   Underpinning this balance of disclosure are the following stipulations to
       ensure confidentiality is respected:

             Information shared will only be used for the purpose for which it was
              requested, unless the consent of the supplier of the information (the
              Data Holding Agency) is obtained for a specific use. The data must be
              securely stored (paragraph 11.1) and destroyed when no longer
              required.

             Information shared may not be retained by any Relevant Authority for
              longer than the Data Holding Agency retains it or its statutory expiry
              date has passed, e.g. Social Services files on looked after children
              must by law be preserved for 75 years. This may include information


This is an SCB Policies an Procedures document – issue September 2006
            passed by another agency which is entitled to destroy it after a shorter
            period.

           The extent and meaning of data provided will only be interrupted
            through consultation with agencies responsible for its collation and
            signatories to the terms of this Protocol.

           Any request for information disclosure by a third party must be referred
            to the Data Holding Agency.

           All partners/agencies wishing to be part of this information sharing will
            be required to sign up to this protocol. Those agencies that have
            signed up remain bound by the Protocol even if they cease to be
            partners in the process.

13     Secondary use of data

13.1   No secondary disclosure is permitted under this Protocol. Any requests
       for information by or for external organisations or other third parties must
       be made to the Data Holding Agency.

14     Data Quality

14.1   Information shared between Relevant Authorities should be factual with a
       minimum of anecdotal personal data.

14.2   Personal data found to be inaccurate should be notified through the
       relevant Data Liaison Officer to the authority owning the data. The
       authority will be responsible for:

           Correcting the information;

           Notifying all other recipients of this data (who, upon being notified of
            inaccuracy, are responsible for relevant data in their possession being
            corrected). This should be achieved using form CDP4 (Appendix E;
            Appendix F).

14.3   Data retained by Relevant Authorities should be regularly monitored, the
       frequency of such monitoring dependent on the type of data. Any
       corrections or amendments made to shared information must be made
       known to the Relevant Authorities which also retain that particular
       information within fourteen days.

15     Documentation

15.1   Requests for information to be shared between Relevant Authorities must
       be made on the appropriate form (Appendix E; Appendix F).

15.2   A written response from a Data Holding Agency should be made within
       fourteen days to such a request for information.

15.3   Any subsequent disclosure of information should record (Appendix C):



This is an SCB Policies an Procedures document – issue September 2006
          The source of the data.

          The Data Holding Agency as the originator of the data. This must be
           specific as the exchange of data may continue for several years, new
           staff will be involved and the original agreement may get watered
           down.

          What data was originally requested. In certain circumstances this may
           differ from what was actually permitted to be disclosed.

          Grounds/justification for disclosure (including why public interest
           outweighs the duty of confidentiality).

          What data has been disclosed with particular reference to the degree
           of personal data shared.

          Who (Data Protection/Liaison Officer), and which organisations, have
           received the data.

          What time limits apply to the sharing of data.

          Details of any extensions to these time limits.

          Whether (subsequently) there has been any secondary disclosure of
           the data.

          Amendments to the quality of the data.

15.4   Forms used for the exchange of data must be signed and dated by the
       Data    Protection/Liaison  Officer   of   the   Relevant     Authority
       holding/disclosing the data with copies retained by all parties to the
       disclosure.

15.5   Decisions made on the basis of disclosed personal data should be
       minuted.

15.6   A reference number must be assigned to all disclosures of data and must
       appear on the Form.

16     Indemnity

16.1   All Relevant Authorities will sign the formal agreement.         Signing this
       Protocol indemnifies all other signatories.

16.2   These Authorities will, as individual Authorities, be fully indemnified by the
       other Relevant Authorities, as parties to this Protocol, against liability or
       costs suffered under the terms of this agreement:

          As a consequence of any information being wrongly disclosed by a
           Partner Authority; or



This is an SCB Policies an Procedures document – issue September 2006
          As a result of any negligent act or omission by a partner Authority.




This is an SCB Policies an Procedures document – issue September 2006
Appendix A              Glossary of Terms

Accessible Public Any record which is kept by an authority represented as
Record            signatory to this Protocol and specified under its terms of
                  reference as a record of information that is available and
                  accessible to the public.

Data                    Information which:

                        (a)   Is being processed by means of equipment operating
                              automatically in response to instructions given for that
                              purpose;

                        (b)   Is recorded with the intention that it should be
                              processed by means of such equipment;

                        (c)   Is recorded as a part of a relevant filing system or
                              with the intention that it should form part of a relevant
                              filing system;

                        (d)   Does not fall within (a), (b) or (c) above but forms part
                              of an accessible record.

                        In this Protocol the terms of data and information are
                        interchangeable

Data         Liaison A person who (either alone or jointly or in common with
Officer              other persons) determines/is responsible for the purposes
                     for which any personal data are, or are to be, processed
                     and is empowered to take decisions on disclosure.

Data         Holding Relevant Authority in possession of and/or originating
Agency               specific data.

Data Subject            An individual who is the subject of personal data.

Expiry Date             The date at which the data becomes no longer relevant.
                        This could be either due to the data being superseded by
                        fresh data, or becoming obsolete due to statutory
                        stipulations/changed circumstances. Examples may be
                        offences becoming „spent‟ under the terms of the
                        Rehabilitation of Offenders Act 1974, or the validity of
                        educational attendance patterns after a specific individual
                        has left education. If this data has expired under the terms
                        of the Data Holding Agency‟s activities then any Relevant
                        Authorities sharing this data must either return or destroy
                        the data.



This is an SCB Policies an Procedures document – issue September 2006
Non Personal Data Information that will not identify an individual; this data may
                  also be personal data that has been depersonlised or
                  anonymised. Non personal data is principally statistical
                  data.

Personal Data           Data relating to a specific person even if the person‟s
                        name remains unknown. It concerns a living individual
                        who can be identified:

                        (a)    From those data, or

                        (b)    From those data and other information which is in
                               the possession of, or likely to come into the
                               possession of, the data controller, and includes any
                               expression of opinion about the individual, and any
                               indication of the intentions of the data controller or
                               any other person in respect of the individual.

Processing              In relation to information or data, means obtaining,
                        recording or holding the information or data or carrying out
                        any operation or set of operations on the information or
                        data, including:

                        (a)    Organisation, adaptation        or   alteration    of    the
                               information or data;

                        (b)    Retrieval, consultation or use of the information or
                               data;

                        (c)    Disclosure of       the    information    or      data   by
                               transmission;

                        (d)    Alignment, combination, blocking,              erasure    or
                               destruction of the information or data.

Relevant Authority An agency as a signatory to this Protocol.

Requesting              A Relevant Authority – or an agency acting on behalf of a
Agency                  Relevant Authority – making an application for data
                        (successful or not).

Secondary               Having received data exchanged under this Protocol a
Disclosure              Requesting Agency then disclosing such data to a party
                        not subject to the original sharing agreement. This
                        Protocol forbids such an agreement taking place, all third
                        party enquiries must be referred to the Data Holding
                        Agency.

Third Party             In relation to personal data, this refers to any person other
                        than:


This is an SCB Policies an Procedures document – issue September 2006
                        (a)    The Data Subject;

                        (b)    The Data Holding Agency and a Requesting
                               Authority.

                        (c)    A party outside a specific transaction of data taking
                               place between the Data Holding Agency and a
                               Requesting Authority.

                        The wording of this definition excludes all employees of
                        the Data Holding Agency as third party sources.




This is an SCB Policies an Procedures document – issue September 2006
Appendix B              Procedure to be followed when requesting access to
                        personal data

                               Are you the Designated
                               Officer?




                                                                            N
        YES                                                                NO


     Complete Form                Place copy of                         Complete Form
        *848(1)                  Form *848(1) on                           *848(1)
                                Data Subject‟s file



                                                                        Pass to
                                                                   Designated Officer


   Fax copy to the
   Data Holding
   Agency‟s
   Designated Officer



   Decision regarding disclosure made
   by Data Holding Agency




          Yes                     No



     Record in                Record in dedicated
     dedicated                 logbook and note
                              expiry date of data
     logbook



     Pass back to               Pass to Designated
      Designated                Officer of Requesting
       Officer of                Agency to place on
      Requesting                 Data Subject‟s file
       Agency


 * Or other relevant agency form. Please note that Suffolk
 Constabulary and Suffolk Social Care Services use Form 848
 when making referrals.


This is an SCB Policies an Procedures document – issue September 2006
   Appendix C                  Procedure to be followed when a request is received
                               for the disclosure of non-personal/personal data




                                       Are you the Designated
                                       Officer?




                                                                                  N
            YES                                                                  NO

                                             Refer to Requesting
  Has the request for data        No         Agency and stipulate            Complete Form
 been received in writing on                  that the request is               *848(1)
       Form *848(1)                              received on
 Does the request stipulate:                   appropriate Form

 (1)What data is required?
 (2)Why the data required?




              Yes



                                                                    Provide written confirmation of ability
Make decision on disclosure of data.              Yes                        to disclose data.
Record this decision and state
reasons for decision.                                                      Provide requested data



              No
                                                                         Record what has been provided
                                                                                 and to whom.

   Inform applying agency in                                              Record reasons why disclosure
                                                                         was appropriate or inappropriate.
   writing stating reasons for
   non-disclosure




     * Or other relevant agency form. Please note that Suffolk
     Constabulary and Suffolk Social Care Services use Form 848
     when making referalls.




   This is an SCB Policies an Procedures document – issue September 2006
Appendix D              Administration: Usage of forms supporting data
                        exchange




1.   A request is received for disclosure of data

           a. if disclosure of data would identify an individual use the form
              *848(1) – consider whether the consent of the individual is
              necessary. if so, use form #1091(c).
           b. if the disclosure of data would not identify an individual use the
              form *848(2).


2.   If the data disclosed is subsequently found to be inaccurate, either by the
     data holding agency, a requesting agency or other relevant agency in
     possession of specific data, then form #1091(d) should be used by the
     agency/authority discovering the inaccuracy to inform all relevant
     authorities with access to the data of the inaccuracies.

3.   Form #1091(e) should be used following a request by a data subject for
     access to their personal data. a separate form should be sent to all
     relevant authorities that have contributed to the file of data held.




           * Or other relevant agency form. Please note that Suffolk
           Constabulary and Suffolk Social Care Services use Form 848
           when making referalls. Forms #1091, C, D & E are used solely
           by Suffolk Constabulary.




This is an SCB Policies an Procedures document – issue September 2006
Appendix E              Forms




1091C          Consent Form from Data Subject permitting the disclosure of
               personal data

1091D          Notification for correction of inaccurate personal data

1091E          Notification of Data Subject Request for access to personal data

848            Request for disclosure of personal data

848(2)         Request for disclosure of non-personal data




Note:

Each agency needs to list its own equivalent forms. The above refers to
Suffolk Police only.




This is an SCB Policies an Procedures document – issue September 2006
Appendix F              Determining Access to Personal Information

Example of the Procedure

An example from the Adult Protection Service in Leeds is given below. It is a
relatively complex example. There may not be a need to go into as much detail
in order to resolve access issues for other service areas.

Step One – Identify Roles
The following roles are relevant to Adult Protection. (Note – some of these roles
may be unfamiliar for people not working in the Adult Protection field).

   Membership of the Adult Protection Committee (roles in relation to audit,
    quality assurance)
   Membership of the professional practice sub-group
   Adult Protection Enquiry Co-ordinator
   Participants in strategy meetings
   Enquiry participants
   Adult Protection Co-ordinator
   Senior management of participating organisations
   Administrative staff within participating organisations
   Emergency Duty Team(s)
   Elected Members as constituency representatives
   Board Members
   „Alerting‟ Managers
   Staff working with people at risk from abuse
   Staff working with people who may have perpetrated abuse
   „Alerters‟
   Organisations as employers
   Providers of services

Step Two – Agree „Levels‟ of Information Relevant to Adult Protection
The „levels‟ of information identified relate to the degree of confidentiality. These
range from Level One – “unrelated to any individual” – to Level Five – “sensitive
identifiable information about an individual”.

Step Three
Make a list of the reasons justifying access to a particular „level‟ of information.

Step Four
Draw up a matrix to show which roles get access to information at each level and
for what reason.

Top of Page

Back to Guidance and Procedures Index




This is an SCB Policies an Procedures document – issue September 2006

								
To top