A really simple rule of thumb – if you keep call recordings expect a data subject to want to have a copy. If you don’t want them to have a copy – destroy the recording at the appropriate time. Of course, never destroy the recording when someone asked for it – that might force the
There had to be a lot of leeway on the ground for staff that physically had to be there all the time and the job could be done no other way. That meant we took a blind-eye to some things recognising that some rules would be a hindrance if they were strictly enforced. That was
is not the same as what the law says or was meant to say. I still make use of some advice which said “if it did not say it you cannot imply it” or as Judge Judy said “If it is not in the four corners of this piece of paper it does not exist”.
There are some pretty tight spending restrictions in the NHS at the moment. The trouble is the roles that they are not filling are exactly the ones that will get you fined if not adequately resourced (and I believe that the ICO will fine public sector organisations if they place money over the law). If
… is not always what they can have, especially when they are using legislation to try and get what they want. That is especially true of FOI – there are checks and balances and they are there for a reason.
What a lot of people do not realise is that once someone dies the law and processes do not join up and at times contradict each other. If I had my way, there would be the Data Protection Act (Living) and Data Protection Act (Deceased).
Simple answer Yes – complex answer the marketplace is artificially priced at a low level that realistically cannot survive. Each Practice should be charged at £2500+ and not the current £350 inclusive of VAT if you are lucky.
The ICO has released the questions that its staff ask when they investigate FOI complaints Key Questions for Public Authorities – Freedom of Information Act 2000 | ICO. It is not all the questions but gives a fair idea of what you need to think about and what you need to have done.
Over the weekend the Guardian ran an article about NHS care organisations and their website cookie compliance: https://www.theguardian.com/society/2023/may/27/nhs-data-breach-trusts-shared-patient-details-with-facebook-meta-without-consent If your website is using anything like Facebook Pixel this: The Privacy and Electronic Communication Regulations (PECR) is the legislation covering this. The Information Commissioner is consistently happy to fine organisations for breaches under this – the
When someone does not want you to know what the policy is Secret Home Office policy to detain people with NHS debt at airport found unlawful (msn.com). It seems like there was a fundamental failure to understand FOI let alone the other legislation linked to Oversea Visitors and the right to stay – the debts