🦸

Key People and Their Responsibilities

Overview

It’s important that everyone in an organisation takes part in our Information Governance strategy as protecting sensitive data should be part of our every day considerations at work.

However, having strong Senior Management ownership and understanding of IG enables us to lead on IG from the ‘top down’ and ensure that our IG approach as an organisation is correct and that we’re compliant. To facilitate this ownership / understanding by Senior Management, we have created the IG people structure below.

Having an IG people structure also gives the team clear responsibilities and ensures there is accountability which is important from a governance point of view.

IG People Structure overview

The below diagram gives an overview of our IG People Structure including who reports to whom (indicated by the arrows).

To understand what all of the acronyms mean and who is in each of these posts, see the section below.

Who are the people in our IG People Structure?

‣

Practice Partners

‣

Senior Information Risk Owner (SIRO)

‣

Information Governance Lead (IG Lead)

‣

Information Asset Owners (IAOs)

‣

Information Asset Administrators (IAAs)

‣

Data Protection Officer (DPO)

‣

Caldicott Guardian

What about everyone else?

All Staff

All staff who work for Penrose Health are responsible for the maintenance of confidentiality, the protection and appropriate use of special categories of personal data in accordance with the Data Protection Legislation.

Staff have legal obligations regarding IG (under Data Protection Legislation, common law duty of confidentiality, and professional obligations/codes of conduct) as well as contractual obligations re: IG (under the confidentiality clauses in contracts/relevant addenda).

To help you fulfill those obligations, we’ve written this whole 🔒IG Homepage which takes into account all of the laws, requirements, standards and principles laid out here.

See 👪All staff and IG for more details

Those working on the organisation’s behalf

The same responsibilities in relation to confidentiality and Information Governance apply to those working on behalf of the organisation whether they are volunteers, students, work placements, contractors or temporary employees. Those working on behalf of the organisation are required to sign the same 🤐Confidentiality Policy outlining their duties and obligations.

For more details about external data processors see 📦Data Sharing and External Processors

Annual Statement of Assurance

Include annual statement of assurance