Download original attachment
(Word document)
This is an HTML version of an attachment to the Freedom of Information request
'Re: Data Protection Act'.
(Word document)
Marie Griffiths
08 June 2010
Our Ref: Information Request CQC IG 780
Dear Ms Griffiths,
Thank you for your email dated 25 May 2010 to the Commission requesting, under the Freedom of Information (FOI) Act 2000, information regarding the Commission's responsibilities under the Data Protection Act (DPA) 1998. Your request has been passed to me for reply.
I will deal with each question in turn:
1. How many requests do you get under the DPA each year?
I can confirm that the Commission does hold information relevant to your request;
As you will be aware, on 1 April 2009, the Care Quality Commission became the regulator of health and adult social care in England. Therefore, I have provided you with the DPA figures for the Commission's predecessor organisations, before this date.
Year |
Predecessor Organisation |
Predecessor Organisation |
2005/06 |
CSCI: 38 |
MHAC: 0 |
2006/07 |
CSCI: 22 |
MHAC: 3 |
2007/08 |
CSCI: 38 |
MHAC: 12 |
2008/09 |
CSCI: 32 |
MHAC: 6 |
CSCI: Commission for Social Care Inspection |
MHAC: Mental Health Act Commission |
HC: Healthcare Commission |
I can confirm that the Commission does hold information relevant to your request for the number of DPA requests received for 2009/10. This figure is 136.
Please find attached in PDF, the only data we have been able to retrieve for the Healthcare Commission (HC) in relation to your request for information.
When the Healthcare Commission ceased to exist on 31st March 2009, the system that held such information was decommissioned. However, we were able to locate the attached information from a colleague's email account. Please be advised that this data represents the total number of requests received under both FOI (Freedom of Information) and DPA.
2. How do you verify the authenticity of DPA requests?
I can confirm that the Commission does hold information relevant to your request. The Commission has in place, processes to ensure that an applicant's identity is verified before any information is disclosed to them under the DPA. This Commission requires the applicant to request this information through a formal written request, which is signed. The Commission has regard for accessibility requirements, and where it is not possible to provide this written request, for example, due to any form of disability; then other methods will be considered.
The applicant must also provide copies of two forms of identification, which are required to display the signature of the applicant and confirm their address of residence. The Commission will, for example, accept copies of passports, driving licenses, utility and other bills. When this identification is received by the Information Governance Team, it is viewed by two members of the team, who sign that they have witnessed it. If the identification is a copy, is then securely destroyed, in line with data protection principles. If the identification provided is an `original', it is sent back to the applicant via Royal Mail Special Delivery.
If the Commission is unable to ascertain the identity of the applicant through the normal processes, then we will use other means that are deemed to be reasonable in the circumstances.
3. Do you conduct regular DPA audits / have an auditing policy?
I can confirm that the Commission does hold information relevant to your request. The Audit and Risk Committee decide an annual programme of internal audit. Last year the Commission was internally audited on information assurance; the report is being prepared at the moment. This year, the Commission will be audited on information governance. Both audits include aspects of DPA compliance.
4. Do you maintain data on errors in information covered by the DPA?
a. If so, please provide data for the past 5 years.
As stated in my previous email of 21 May 2010, the Commission is unable to provide a response until clarification has been received, pursuant to s1 (3)(b) of the FOI Act.
I do hope that you have found this information helpful. If you are dissatisfied with the handling of your request, you have the right to ask for an internal review. These should be addressed to:
Information Governance Team
Care Quality Commission
Finsbury Tower
103-105 Bunhill Row
London
EC1Y 8TG
A further right of appal exists to the Information Commissioners Office once the internal reviews process has been exhausted.
Yours sincerely,
Rebecca-Jane Turner
Information Governance Officer
Secretariat - Information Governance Team
Care Quality Commission
Finsbury Tower
103-105 Bunhill Row
London
EC1Y 8TG
Email: [email address]
Direct Tel: 020 7448 9417
Internal Tel: 3417
Care Quality Commission
Finsbury Tower
103 - 105 Bunhill Row
London
EC1Y 8TG
[email address]
www.cqc.org.uk
Chairman
Dame Jo Williams
Chief Executive
Cynthia Bower
Registered office:
Finsbury Tower
103-105 Bunhill Row
London EC1Y 8TG