We don't know whether the most recent response to this request contains information or not – if you are L Claire please sign in and let everyone know.

Information Governance & Privacy by Design

We're waiting for L Claire to read a recent response and update the status.

Dear Mid and South Essex NHS Foundation Trust,

I would like to request the following information under the Freedom of Information Act;

IG Team
1. The team structure of your Information Governance team (or equivalent) as of todays date (10/01/22) including details of full/part time, permanent/temporary/maternity cover, NHS Banding and any vacancies in the team (this does not have to be a structure chart, could be a written break down of the roles of the team)
2. Who does the team report to i.e. Caldicott Guardian/Head of IT Security/Head of Corporate Risks?
3. Could I request the same as above as of 10/01/2021 & 10/01/2020 including any change in reporting lines in question 2.
4. Please provide names and contact details for your Data Protection Officer, Senior Information Risk Officer, Caldicott Guardian, Chief Information Officer and their deputies (if applicable).

ROPA
4. Does your organisation have a Record of Processing Activities (ROPA)/Information Asset Register (IAR)?
5. How is your ROPA/IAR held and maintained i.e. held on excel spreadsheet and routinely reviewed every financial quarter?
6. Who is responsible for maintaining, updating and signing off the ROPA/IAR?
7. Please share your ROPA/IAR template (Not the completed document, just your chosen headings/questions asked.
8. How many records of processing activities/Information Assets do you currently have on your ROPA/IAR and when was it last reviewed/signed off?

Privacy Management
9. Have you purchased any privacy management software such as OneTrust/DataGrail/Trust Arc
10. When was this purchased and is it fully implemented?
11. If not yet implemented, please share any extractions of meeting notes where these issues have been discussed with your working group / committees and when it will likely be rolled out.

Privacy by Design
12. Do you have a Data Protection Impact Assessment (DPIA) or Privacy Impact Assessment (PIA) template? If so, please share.
13. What is the assurance process to ensure your DPIAs are reviewed and signed off/agreed appropriately - if you have a policy/procedure for this, please share.
14. What other assurance documents do you have to assess information / data / privacy risks i.e. Third Party supplier assessments, DPIA specifically for mobile apps for example? Please share copies of these templates.

Please note, all terms used are the wider recognisable terms and therefore if yours is not called "DPIA" for example, please share the equivalent document that is being used in your organisation for the same purpose. Please also note, if your document is currently under review, please share the current one that is being used)

Look forward to hearing from you within the next 20 working days.

Yours faithfully,

L Claire

FOI.SUHFT (MID AND SOUTH ESSEX NHS FOUNDATION TRUST), Mid and South Essex NHS Foundation Trust

3 Attachments

Dear Mr Claire, 

 

Thank you for your Freedom of Information request dated 10.01.2022, which
has been handled under the Freedom of Information Act 2000 (FOIA).   

 

Your request and our response are attached: 

 

I hope that the response that the Trust has provided is satisfactory. 
However, if you are dissatisfied with the way in which your Freedom of
Information request has been dealt with you can request an internal
review. Please email [1][MSEFT request email]. within 40 working days with
clarification of what you would like to be reviewed. We will aim to
provide a review response within 20 working days.  

 

If you remain dissatisfied, you have the right under section 50 of the Act
to apply to the Information Commissioner to seek resolution to the matter.
Further details can be found on their website:
[2]https://ico.org.uk/make-a-complaint/. 

 

Re-use of Public Sector Information Regulations 2015 – General statement
of compliance 

 

The Trust for its part is happy for you to reuse any of the information
supplied to you in compliance with the Open Government Licence (OGL)
terms:  Please click here for further details
[3]http://nationalarchives.gov.uk/documents...
.  We do not permit the forwarding or sale of staff/departmental contact
details and a specific Re-use of Information Regulations request is
required for such purposes. 

 

If relevant, you will need the permission of other information owners. 
This can occur when you receive a document which is co-authored or where
the ownership lies with another organisation.  Provision under both the
Freedom of Information Act 2000 and Environmental Information Regulations
2004 does not entitle you to re-use the information without appropriate
permissions.  Use must be in compliance with an Open Government Licence or
other agreed terms. 

 

Kind regards. 

 

Nicola Frost 

Freedom of Information Manager – MSE Group 

Corporate Governance & Membership Services 

Mid and South Essex NHS Foundation Trust
Basildon University Hospital, Nethermayne, Basildon, Essex, SS16 5NL 

Telephone: via email

Email: [4][MSEFT request email] 

 

Visit our website: [5]https://www.mse.nhs.uk/ 

 

Interested in becoming a Member?
[6]https://www.mse.nhs.uk/membership-and-go...

 

--------------------------------------------------------------------------

From: L Claire <[FOI #821019 email]>
Sent: 10 January 2022 16:49
To: FOI requests at Mid and South Essex NHS Foundation Trust
<[email address]>
Subject: Freedom of Information request 6092 - Information Governance &
Privacy by Design
 
Dear Mid and South Essex NHS Foundation Trust,

I would like to request the following information under the Freedom of
Information Act;

IG Team
1. The team structure of your Information Governance team (or equivalent)
as of todays date (10/01/22) including details of full/part time,
permanent/temporary/maternity cover, NHS Banding and any vacancies in the
team (this does not have to be a structure chart, could be a written break
down of the roles of the team)
2. Who does the team report to i.e. Caldicott Guardian/Head of IT
Security/Head of Corporate Risks?
3. Could I request the same as above as of 10/01/2021 & 10/01/2020
including any change in reporting lines in question 2.
4. Please provide names and contact details for your Data Protection
Officer, Senior Information Risk Officer, Caldicott Guardian, Chief
Information Officer and their deputies (if applicable).

ROPA
4. Does your organisation have a Record of Processing Activities
(ROPA)/Information Asset Register (IAR)?
5. How is your ROPA/IAR held and maintained i.e. held on excel spreadsheet
and routinely reviewed every financial quarter?
6. Who is responsible for maintaining, updating and signing off the
ROPA/IAR?
7. Please share your ROPA/IAR template (Not the completed document, just
your chosen headings/questions asked.
8. How many records of processing activities/Information Assets do you
currently have on your ROPA/IAR and when was it last reviewed/signed off?

Privacy Management
9. Have you purchased any privacy management software such as
OneTrust/DataGrail/Trust Arc
10. When was this purchased and is it fully implemented?
11. If not yet implemented, please share any extractions of meeting notes
where these issues have been discussed with your working group /
committees and when it will likely be rolled out.

Privacy by Design
12.  Do you have a Data Protection Impact Assessment (DPIA) or Privacy
Impact Assessment (PIA) template? If so, please share. 
13. What is the assurance process to ensure your DPIAs are reviewed and
signed off/agreed appropriately - if you have a policy/procedure for this,
please share.
14. What other assurance documents do you have to assess information /
data / privacy risks i.e. Third Party supplier assessments, DPIA
specifically for mobile apps for example? Please share copies of these
templates.

Please note, all terms used are the wider recognisable terms and therefore
if yours is not called "DPIA" for example, please share the equivalent
document that is being used in your organisation for the same purpose.
Please also note, if your document is currently under review, please share
the current one that is being used)

Look forward to hearing from you within the next 20 working days.

Yours faithfully,

L Claire

-------------------------------------------------------------------

Please use this email address for all replies to this request:
[FOI #821019 email]

Is [email address] the wrong address for Freedom of Information
requests to Mid and South Essex NHS Foundation Trust? If so, please
contact us using this form:
[7]https://www.whatdotheyknow.com/change_re...

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:
[8]https://www.whatdotheyknow.com/help/offi...

For more detailed guidance on safely disclosing information, read the
latest advice from the ICO:
[9]https://www.whatdotheyknow.com/help/ico-...

Please note that in some cases publication of requests and responses will
be delayed.

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

show quoted sections

We don't know whether the most recent response to this request contains information or not – if you are L Claire please sign in and let everyone know.