What is Personal Data?
Personal data – the Data Protection Act 2018 defines personal data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
Examples of personal data are: Name, Address, Postcode, NHS number, Email address, Date of Birth, Driving licence number, Telephone number, Patient Identifier, National insurance number
Sensitive personal data – the Data Protection Act 2018 defines sensitive personal data consisting of information as to –
(a) the racial or ethnic origin of the data subject,
(b) their political opinions,
(c) their religious beliefs or other beliefs of a similar nature,
(d) whether they are a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),
(e) their physical or mental health or condition,
(f) their sexual life,
(g) the commission or alleged commission of any offence, or
(h) any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings
What is a Safe Haven?
A Safe Haven is the term used to describe a secure area suitable for storing sensitive personal data. A Safe Haven is protected by a combination of security policies and also technical security measures. There are several Safe Havens being operated within the School of Clinical Medicine.
I store my identifiable data on the WBIC or MRC Epidemiology system. Does it need to be moved to the Secure Data Hosting Service?
No, these School networks have Safe Havens which are of an equivalent level of security as the Secure Data Hosting Service. Please note, WBIC is specifically for scan data. If you wish to use the WBIC system you should contact Guy Williams.
What do I do about existing studies that store personal identifiable data outside of these approved Safe Havens?
If you have an existing study storing personal identifiable data, you should contact Carolyn Read or Victoria Hollamby at the Information Governance Office discuss how to proceed. If it is decided that data needs to be moved to the SDHS then CSCS will work with you to adapt the data flows in your study appropriately.
Does the Clinical School have an NHS Digital Data Security and Protection Toolkit?
Yes, the Clinical School has been assessed against the NHS Digital Data Security and Protection Toolkit and has achieved “Standards Met”. This accreditation applies to all approved Safe Havens.
For information about the Clinical School’s toolkit please contact Carolyn Read or Victoria Hollamby in the Information Governance Office.
Who can use the Clinical School NHS Digital Data Security and Protection Toolkit?
The Clinical School NHS Digital Data Security and Protection Toolkit can be used by any member of the Clinical School for storing research data in line with the School’s Information Governance Policy.
If you are not a member of the Clinical School and would like to store research data in a Clinical School Safe Haven, please contact Carolyn Read or Victoria Hollamby in the Information Governance Office.