Data protection and freedom of information
The Caldicott Guardian
Background and purpose
The purpose of the Caldicott Guardian originated from the 1997 report produced by the Caldicott Committee, chaired by Dame Fiona Caldicott, which dealt with the use of held by NHS organisations that can identify patients.
The idea of a guardian was to have a senior person in each NHS organisation responsible for the oversight of the arrangements in that organisation for the use and sharing of clinical information. Subsequent work extended the requirement in 2002 to appoint guardians into councils with social service responsibilities.
In 2005, an elected body was created, made up of Caldicott Guardians from organisations involved in the provision of health and social care services in the United Kingdom. It was set up to facilitate the sharing of good confidentiality practice and the promotion of a national approach to confidentiality and appropriate information sharing.
Six principles relating to data-handling and use were established on which the role was to be based. These key principles enable the safe and secure handling of clients’ personal data.
- justify the purpose(s) for using confidential information
- do not use or transfer personally identifiable information unless it is absolutely necessary
- only use the minimum personally identifiable information that is required
- access to personally identifiable information should be on a strict need-to-know basis
- everybody must understand his or her responsibilities and obligations to respect client confidentiality
- understand and comply with the law
The person best equipped to be the Caldicott Guardian should fit one or more of these requirements:
1. be a senior person within the council’s social care management team
2. be a senior social care professional
3. have the responsibility for promoting information governance within the organisation
Our current holder is Gerald Hunt, assistant director (strategy, commissioning and quality assurance).