We don't know whether the most recent response to this request contains information or not – if you are L Claire please sign in and let everyone know.

Information Governance & Privacy by Design

We're waiting for L Claire to read a recent response and update the status.

Dear NHS Black Country and West Birmingham Clinical Commissioning Group,

I would like to request the following information under the Freedom of Information Act;

IG Team
1. The team structure of your Information Governance team (or equivalent) as of todays date (10/01/22) including details of full/part time, permanent/temporary/maternity cover, NHS Banding and any vacancies in the team (this does not have to be a structure chart, could be a written break down of the roles of the team)
2. Who does the team report to i.e. Caldicott Guardian/Head of IT Security/Head of Corporate Risks?
3. Could I request the same as above as of 10/01/2021 & 10/01/2020 including any change in reporting lines in question 2.
4. Please provide names and contact details for your Data Protection Officer, Senior Information Risk Officer, Caldicott Guardian, Chief Information Officer and their deputies (if applicable).

ROPA
4. Does your organisation have a Record of Processing Activities (ROPA)/Information Asset Register (IAR)?
5. How is your ROPA/IAR held and maintained i.e. held on excel spreadsheet and routinely reviewed every financial quarter?
6. Who is responsible for maintaining, updating and signing off the ROPA/IAR?
7. Please share your ROPA/IAR template (Not the completed document, just your chosen headings/questions asked.
8. How many records of processing activities/Information Assets do you currently have on your ROPA/IAR and when was it last reviewed/signed off?

Privacy Management
9. Have you purchased any privacy management software such as OneTrust/DataGrail/Trust Arc
10. When was this purchased and is it fully implemented?
11. If not yet implemented, please share any extractions of meeting notes where these issues have been discussed with your working group / committees and when it will likely be rolled out.

Privacy by Design
12. Do you have a Data Protection Impact Assessment (DPIA) or Privacy Impact Assessment (PIA) template? If so, please share.
13. What is the assurance process to ensure your DPIAs are reviewed and signed off/agreed appropriately - if you have a policy/procedure for this, please share.
14. What other assurance documents do you have to assess information / data / privacy risks i.e. Third Party supplier assessments, DPIA specifically for mobile apps for example? Please share copies of these templates.

Please note, all terms used are the wider recognisable terms and therefore if yours is not called "DPIA" for example, please share the equivalent document that is being used in your organisation for the same purpose. Please also note, if your document is currently under review, please share the current one that is being used)

Look forward to hearing from you within the next 20 working days.

Yours faithfully,

L Claire

FOI, Bcwbccg (NHS BLACK COUNTRY AND WEST BIRMINGHAM CCG), NHS Black Country and West Birmingham Clinical Commissioning Group

SENT ON BEHALF OF THE BLACK COUNTRY & WEST BIRMINGHAM CCG
[email address]

IN CONFIDENCE
FOI Ref: 0237

Dear Ms Claire

Thank you for your request for information regarding Information Governance & Privacy by Design. Your request was received 11/01/2022, we are dealing with it under the terms of the Freedom of Information Act 2000. We will make every effort to provide the information requested by 08/02/2022.

Please be aware that Dudley, Sandwell & West Birmingham, Walsall & Wolverhampton CCGs merged on the 1st April 2021, to form the Black Country & West Birmingham CCG (BCWB CCG). The individual CCGs no longer exist, there is no need to duplicate your request by sending to the legacy CCGs; your request for information will now be covered by BWCB CCG.

We strive to be transparent and to work with an open culture. However at this time, whilst care of our patients and the safety of our staff takes precedent, it is likely that responses to some requests for information or records will be delayed. We apologise for this position in advance, and will endeavour to provide you with as much information as we can, as soon as we are able. It may therefore in certain cases take longer than the statutory deadline for Freedom of Information requests. We will try and continue to process them as normal, but this will be dependent on the availability of relevant staff to respond.

If you have a complaint linked to how we are dealing with requests, please contact the CCG at [email address]. However if additional information is required from yourself to clarify your request, or agreement is required from a third party to release information, then this date may be altered. Should this be the case then we will contact you.

If you have any queries about this letter, please contact us. Please remember to quote the reference number above in any future communications.

Yours sincerely
Black Country & West Birmingham CCG
Information Governance Team
[email address]

show quoted sections

FOI, Bcwbccg (NHS BLACK COUNTRY AND WEST BIRMINGHAM CCG), NHS Black Country and West Birmingham Clinical Commissioning Group

17 Attachments

SENT ON BEHALF OF THE BLACK COUNTRY & WEST BIRMINGHAM CCG

FOI Ref: 0237

Dear Ms Claire

We are writing to confirm that NHS BCWB CCG has now completed its search for the information which you requested on 11/01/2022.

A copy of the information is enclosed.

We trust this provides the information required or if you are dissatisfied with the handling of your request, please contact the Black Country & West Birmingham Clinical Commissioning Group – Information Governance Team by email [email address]

You can also refer to the Information Commissioner at:

Information Commissioner’s Office
Wycliffe House
Water lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113
www.ico.org.uk

Please be aware of that any information we provided following your request under the Freedom of Information Act does not confer an automatic right for you to re-use that information, for example to publish it. If you wish to re-use the information that we provide and you do not specify this in your initial application for information then you must make a further request for its re-use as per the Re-Use of Public sector Information Regulations 2005 www.opsi.gov.uk

Yours sincerely

Black Country & West Birmingham CCG
Information Governance Team

show quoted sections

We don't know whether the most recent response to this request contains information or not – if you are L Claire please sign in and let everyone know.