Retention Policy
Dear South Western Ambulance Service NHS Foundation Trust,
Please can I request a copy of the Trusts data retention policy, I am happy to receive the full policy but my main interest is, data concerning decision making when the decision is made using Signal, WhatsApp or SMS/text Message.
I wish to understand how this data is managed in a corporate environment, with these applications being used on Trust devices such as Smartphones and iPad's.
I further wish to understand how the Trust manages data leakage, where staff are allowed to use their personal Signal and WhatsApp accounts/credentials on Trust devices and therefore how the Trust manages this data then also being viewable on personal devices, when it may contain highly sensitive patient, operational or commend information / decisions.
I am no interested in the security of Signal or WhatsApp as this is freely available, I am interested in how these applications are used on trust devices with personal accounts. Thus how information leakage is prevented say to staff leaving SWAST but still remain in WhatsApp or Signal groups
Yours faithfully,
Sarah-Lee Saltburn
Information Governance
Request ID: 18432
Freedom of Information request - Retention Policy -
Created Date | Sep 22, 2024 04:25 PM
══════════════════════════════════════════════════════════════════════════
Dear Sarah-Lee Saltburn,
This is an acknowledgement mail for your request. Your request has been
created with id 18432. The title of the request is: Freedom of Information
request - Retention Policy.
Kind regards,
Information Governance
South Western Ambulance Service NHS Foundation Trust
This email is sent on behalf of South Western Ambulance NHS Foundation
Trust and any attachments are confidential and may be privileged. If you
are not the intended recipient, please notify the sender immediately by
return e-mail, and then delete the email without making any copies or
disclosing the contents to any other person. Email transmission cannot be
guaranteed to be secure or error or virus free. You should carry out your
own virus check before opening any attachment.
Dear Sarah-Lee Saltburn,
Category : Freedom of Information
I refer to our acknowledgement in respect of your request for information
under the provisions of the Freedom of Information Act 2000.
Please see below response to your questions below:-
Please can I request a copy of the Trusts data retention policy, I am
happy to receive the full policy but my main interest is, data concerning
decision making when the decision is made using Signal, WhatsApp or
SMS/text Message.
Our response
Please find attached our policy ‘Acceptable use of IM & T services’ in
particular section 5. This policy is currently under review and a more
specific social media policy is also being drafted.
Please also find attached our records retention and disposal policy.
In addition, the below guidance is shared among the Trust (as part of the
Nation Cyber Awareness Month Campaign and be part of our Data Protection
Training material), it contains our overarching principles in the use of
WhatsApp/Signal or SMS/text message.
[1]https://www.gov.uk/government/publicatio...
I wish to understand how this data is managed in a corporate environment,
with these applications being used on Trust devices such as Smartphones
and iPad's.
Our response
WhatsApp is currently deployed as a trusted app.
As we move to COPE (allowing personal apps to be deployed) there will be
policies in place to stop data being copied from work based (trusted) apps
and the likes of WhatsApp.
I further wish to understand how the Trust manages data leakage, where
staff are allowed to use their personal Signal and WhatsApp
accounts/credentials on Trust devices and therefore how the Trust manages
this data then also being viewable on personal devices, when it may
contain highly sensitive patient, operational or commend information /
decisions.
Our response
Please see the below sections of the policy ‘Acceptable use of IM & T
services’
5. Internet and Email conditions of use
5.7. Under no circumstances should patient or staff records be recorded or
made
available via the internet
5.10. Individuals must not use Trust equipment to undertake or perform the
following:
For the avoidance of doubt, internet applications referenced below may be
platforms such
as Facebook, Twitter, Instagram, LinkedIn, or online games. This is not an
exhaustive list.
… 5.10.8. Send unprotected sensitive or confidential information
externally.
8. Mobile storage devices
8.2. Only SWAST authorised mobile storage devices with encryption enabled
must be
used when transferring sensitive or confidential data. Staff are
responsible for
notifying the IM&T department if they hold any equipment not suitably
encrypted.
If there is a data leakage thru the use of WhatsApp or SMS, the Trust
should report the case to ICO thru the DSPT within 72 hours same as other
data leakage incidents.
This policy is currently under review and a more specific social media
policy is also being drafted.
I am no interested in the security of Signal or WhatsApp as this is freely
available, I am interested in how these applications are used on trust
devices with personal accounts. Thus how information leakage is prevented
say to staff leaving SWAST but still remain in WhatsApp or Signal groups
Our response
If sensitive information is sent using WhatsApp or Signal out of the
Trust, it will no longer under the control of SWAST, other than the
acceptable use policy, we will have no other ways to further prevent
information leakage.
Please note that, under the Re-use of Public Sector Information
Regulations, if you wish to publish or otherwise use this information
besides for your own means, you will need to seek our permission to do so.
Please feel free to contact me if you require further clarification of the
information provided, or to discuss any aspect of the way in which we have
responded to your request.
However, if you are dissatisfied with our response, you also have the
right to make use of the following complaints procedures:
In the first instance you may write to the Chief Executive of this Trust:
Dr John Martin
South Western Ambulance Service NHS Foundation Trust
Abbey Court
Eagle Way
Exeter EX2 7HY
Dr Martin will then either make arrangements for your complaint to be
reviewed and for the outcome to be communicated to you, or will convene a
panel of Trust Directors to consider an appeal against a decision to
withhold information.
If you are unhappy with the response to your complaint, or findings of the
Panel, you can contact the Information Commissioner at:
Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire. SK9 5AF
Tel: 01625 545 700
Kind regards,
Information Governance Team
South Western Ambulance Service NHS Foundation Trust
Description :
Please be aware. This email originated from outside the organisation. Do
not click on links or open attachments unless you recognise the sender and
know the content is safe.
Dear South Western Ambulance Service NHS Foundation Trust,
Please can I request a copy of the Trusts data retention policy, I am
happy to receive the full policy but my main interest is, data concerning
decision making when the decision is made using Signal, WhatsApp or
SMS/text Message.
I wish to understand how this data is managed in a corporate environment,
with these applications being used on Trust devices such as Smartphones
and iPad's.
I further wish to understand how the Trust manages data leakage, where
staff are allowed to use their personal Signal and WhatsApp
accounts/credentials on Trust devices and therefore how the Trust manages
this data then also being viewable on personal devices, when it may
contain highly sensitive patient, operational or commend information /
decisions.
I am no interested in the security of Signal or WhatsApp as this is freely
available, I am interested in how these applications are used on trust
devices with personal accounts. Thus how information leakage is prevented
say to staff leaving SWAST but still remain in WhatsApp or Signal groups
Yours faithfully,
Sarah-Lee Saltburn
-------------------------------------------------------------------
Please use this email address for all replies to this request:
[2][FOI #1178031 email]
Is [3][South Western Ambulance Service NHS Foundation Trust request email]
the wrong address for Freedom of Information requests to South Western
Ambulance Service NHS Foundation Trust? If so, please contact us using
this form:
[4]https://www.whatdotheyknow.com/change_re...
Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:
[5]https://www.whatdotheyknow.com/help/offi...
For more detailed guidance on safely disclosing information, read the
latest advice from the ICO:
[6]https://www.whatdotheyknow.com/help/ico-...
[7]https://www.whatdotheyknow.com/help/ico-...
Please note that in some cases publication of requests and responses will
be delayed.
If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now