Dear Royal Cornwall Hospitals NHS Trust,

Please can you tell be what specific legal basis you are relying upong to share information in the information sharing gateway - you cannot just say DPA, what schedule 2 and 3 are you relying upon?

You have shared staff information without explicit consent and you cannot rely upon a blanket consent in standard employment contracts, according to the ICO, you must ensure that you satisfy one or more, in the case of sensitive data, of the other conditions for processing of personal information.

Yours faithfully,

Juno Clarke

FOI (ROYAL CORNWALL HOSPITALS NHS TRUST), Royal Cornwall Hospitals NHS Trust

Dear  Juno Clarke

FREEDOM OF INFORMATION ACT 2000 - INFORMATION REQUEST Ref: 1811

Thank you for your request for information as detailed below (if I have
misunderstood any part of your request, please let me know as soon as
possible, otherwise I shall continue to retrieve the information as
outlined):

 

What specific legal basis you the RCHT relying upon to share information
in the information sharing gateway.

 

 

Your request was received 11 05 17 and I am dealing with it under the
terms of the Freedom of Information Act 2000.

In some circumstances a fee may be payable and if that is the case I will
let you know. A fees notice will be issued to you, and you will be
required to pay before I will proceed to deal with your request.

You will receive the information requested within 20 working days unless
the Royal Cornwall Hospital does not hold the information or there is a
reason for it to be withheld. I will write to you in any event.

If you have any requirements regarding the format any information should
be supplied in, e.g. the language to be used, audio, large print and so
on, then please let me know.

Further information about your rights is also available from the
Information Commissioner at:

 

Information Commissioner's Office Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Telephone: 0303 123 1113 or 01625 54 57 45

[1]www.ico.gov.uk

 

In the meantime, please do not hesitate to contact me if you have any
queries or concerns (please remember to quote the reference number in any
future correspondence).

 

Yours sincerely

 

Angela Kaye

Information Governance Team

 

show quoted sections

References

Visible links
1. http://www.ico.gov.uk/

FOI (ROYAL CORNWALL HOSPITALS NHS TRUST), Royal Cornwall Hospitals NHS Trust

2 Attachments

The RCHT are always looking to improve the service that we provide and
would welcome any feedback that you wish to give about your experience
dealing with FOI.  Please take a few moments to complete an anonymous
survey so that we can take into consideration your comments: 
[1]https://www.surveymonkey.com/r/Y7T2N78

 

Dear  Juno Clarke

 

FREEDOM OF INFORMATION ACT 2000 - INFORMATION REQUEST Ref:  1811

Your request for information has now been considered and the response is
attached.

 

If you have any queries or concerns then please do not hesitate to contact
me (please remember to quote the reference number above in any future
communications).

If you are unhappy with the service you have received in relation to your
request and wish to make a complaint or request a review of our decision,
you should write to the Information Governance Manager, 2nd Floor
Knowledge Spa, Royal Cornwall Hospital, Truro, Cornwall, TR1 3LJ or
e-mail [2][Royal Cornwall Hospitals NHS Trust request email]

If you are not content with the outcome of your complaint or review, you
may apply directly to the Information Commissioner for a decision.
Generally, the ICO cannot make a decision unless you have exhausted the
complaints procedure provided by the Royal Cornwall Hospital.

 

The Information Commissioner can be contacted at:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Telephone: 0303 123 1113 or 01625 54 57 45

[3]www.ico.gov.uk

 

Yours sincerely

Angela Kaye 

 

 

 

show quoted sections

References

Visible links
1. https://www.surveymonkey.com/r/Y7T2N78
2. mailto:[Royal Cornwall Hospitals NHS Trust request email]
3. http://www.ico.gov.uk/

Dear FOI (ROYAL CORNWALL HOSPITALS NHS TRUST),
I do not believe that your answer is correct - you are putting in identifable information to be used by other organisations as part of the STP - such as DOB and gender, therefore what schedule 2 and 3 are you relying on?

Yours sincerely,

Juno Clarke

FOI (ROYAL CORNWALL HOSPITALS NHS TRUST), Royal Cornwall Hospitals NHS Trust

Dear Mr Clarke,

FREEDOM OF INFORMATION ACT 2000 - INFORMATION REQUEST Ref: 1811

Thank you for your correspondence requesting a review of our recent response disclosed 12 May 2017 under the Freedom of Information (FOI) Act 2000.

Your request was received 09 June 2017 and I am dealing with it under the terms of our complaints process, also known as an internal review. In that review, we will:

•make a fresh decision based on all the available evidence that is relevant to the date of the request, not just a review of the first decision;
•ensure the review is done by someone who did not deal with the request, where possible, and preferably by a more senior member of

staff; and

•ensure the review takes no longer than 20 working days in most cases, or 40 in exceptional circumstances.

If you have any queries or concerns then please do not hesitate to contact me by writing to the Information Governance Manager, 2nd Floor Knowledge Spa, Royal Cornwall Hospital Truro, Cornwall, TR1 3LJ or email [email address] (please remember to quote the reference number above in any future communications).

If you are not content with how we are dealing with your request, you may apply directly to the Information Commissioner for a decision. Generally, the ICO cannot make a decision unless you have exhausted the complaints procedure provided by the Royal Cornwall Hospital.

The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113 or 01625 54 57 45
www.ico.gov.uk

Yours sincerely

Angela Kaye

show quoted sections

SCALLAN, Mark (ROYAL CORNWALL HOSPITALS NHS TRUST), Royal Cornwall Hospitals NHS Trust

2 Attachments

Dear Juno Clark

 

FREEDOM OF INFORMATION ACT 2000 - INFORMATION REQUEST Ref:

 

Thank you for your patience whilst the Royal Cornwall Hospitals Trust
(RCHT) conducted an internal review of its response to the Freedom of
Information (FOI) Act 2000 request you received.

 

I am now able to confirm that the RCHT have conducted its internal review
process and conclude that the information originally provided was accurate
and answered the question you raised.

 

The review was conducted by Mark Scallan, Head of Corporate Compliance who
did not deal with the original request.

 

The findings were as follows:

 

As part of your original response you were informed that no data was being
shared as part of the ISG. The ISG is an administration tool for the
management of Information Sharing Agreements (ISA) between the
organisations involved and not for sharing of data.

 

The response you were given also informed you that we have been sharing
Workforce Data under an ISA as part of the Sustainability and
Transformation Plan (STP) modelling activity.

 

Your request for a review has indicated that you believe we are using
dates of birth, this is not the case. We are only proving year of birth
and gender.

 

We took the decision not included Date of Birth, Ethnic Origin or Sexual
Orientation as these along with information relating to the role would as
you would agree lead to the positive identification of a unique
individual. This would have relied on a Schedule 2 condition under the
Data Protection Act 1998.

 

We took the required steps to update our Fair Processing Notices (see
attached) before we shared any data to include:

 

•  Staff Workforce information used for scenario modelling to support
planning of future service provision*

 

*You have a right to object to your identifiable information being used
for these purposes.

 

I hope this review has provided clarification of the original response you
were provided and allayed any fears you may have had that we were sharing
person identifiable data without a legal basis.

 

If you have any queries or concerns then please do not hesitate to me in
writing at 2nd Floor Knowledge Spa, Royal Cornwall Hospital Truro,
Cornwall, TR1 3LJ or email [1][email address] (please remember to
quote the reference number above in any future communications).

 

If you are not content with how we have dealt with your complaint, you may
apply directly to the Information Commissioner for a decision.  The
Information Commissioner can be contacted at:

 

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Telephone: 0303 123 1113 or 01625 54 57 45

[2]www.ico.gov.uk ( [3]http://www.ico.gov.uk/ )

 

 

 

Yours sincerely

 

Mark Scallan

 

 

Mark Scallan

Head of Corporate Compliance

Data Protection Officer/Freedom of Information Lead

 

 

show quoted sections

References

Visible links
1. mailto:[email address]
2. http://www.ico.gov.uk/
3. http://www.ico.gov.uk/

Dear SCALLAN, Mark (ROYAL CORNWALL HOSPITALS NHS TRUST),
You have advised that you have used year of birth and gender.
As a living individual could be identified from that data and other information in your possession it is personally identifiable.
What is the legal basis for sharing it with STP partners as STP have no legal basis
Yours sincerely,

Juno Clarke

SCALLAN, Mark (ROYAL CORNWALL HOSPITALS NHS TRUST), Royal Cornwall Hospitals NHS Trust

Dear Juno

Under the provisions of the Data Protection Act 1998 personal data needs to have enough quality and depth of data items as to be able to uniquely identify an individual. The information we have shared with the STP is de-identified to the point where it would not be possible to make this unique connection.

I am sorry that I have not been able to reassure you, and am unable to offer you any further information in order to provide that assurance.

The RCHT works diligently to ensure all data transactions and data flows internally and externally are lawful and are done so in adherence to the Data Protection Act 1998.

My advice would be to contact the ICO if you are still firmly under the belief that we have acted in a fashion which would bring us in to conflict with the provisions of the Data Protection Act 1998.

Kind Regards

Mark

Yours sincerely

Mark Scallan

Mark Scallan
Head of Corporate Compliance
01872 258580

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org