Protecting the Personal Data of Your Residents
The Information Commissioner’s Office (ICO) is the regulator responsible for ensuring that organisations comply with the Data Protection Act 1998.
The ICO routinely caries out data protection advisory visits within the care sector to understand how organisations process personal data.
These visits have, in the past, highlighted a number of failures, the most common of which are as follows:
- Training: a lack of formal data protection training for staff to ensure that everyone is aware of the need for data protection.
- Retention of Data: failing to ensure that any retention schedule applies to both manual and electronic records. The retention of records needs to be justifiable, based on the type of data and any business or legislative needs.
- Communication of Fair Processing Information: failing to inform individuals about how their information is used and who it can be shared with.
- Encrypted Email: failing to encrypt emails containing personal data. If encryption is used, this is normally at the insistence of local authorities. This therefore means that there are inconsistences in implementation, with some care homes using encrypted emails when dealing with a local authority but not when dealing with other care homes.
- Data Protection Policies: failing to ensure that proper policies and procedures are in place to cover data protection issues. For example, many care homes do not have formal policies to support the sharing of personal data with other organisations.
So, what can you do? For a starter, make sure you do not fall into any of the traps listed above. If the ICO does find out that you are in breach of the relevant regulations then it has a number of enforcement powers at its disposal, including imposing hefty financial penalties and starting prosecution action.
Organisations are legally required to advise individuals as to how their personal data will be used and whom it will be shared with. It is good practice to tell your residents how they can access their personal data. It is important that you regularly review your data protection practises to ensure they are up to date and meet the requirements of the Data Protection Act 1998.
If you need any help with this then please let us know.
How can we help?
If you have an enquiry or you would like to find out more about our services, why not contact us?