Whole Essex Information Sharing Framework

Whole Essex Information Sharing Framework



Title of Agreement / Social Worker Productivity Project
Organisation Name / Head Office Address / Phone / Email / Named Data Protection Officer / ICO Notification reference
PA Consulting Services Limited / 10 Bressenden Place, London, SW1E 5DN, United Kingdom / 020 77309000 / / ShaibalRoy / Z6822657
Essex County Council / County Hall, Chelmsford, Essex CM1 1QH / 08457430430 / / Gillian Furlong / Z6034810
Version Control
Date Agreement comes into force / 30th Oct 2017
Date of Agreement review / 30th Nov 2017
Agreement owner (Organisation) / Essex County Council
Agreement drawn up by (Author(s)) / Nicki Mallett, Lauri Almond
Status of document / APPROVED
Version / V1.0

Whole Essex Information Sharing Framework

This Information Sharing Protocol is designed to ensure that information is shared in a way that is fair, transparent and in line with the rights and expectations of the people whose information you are sharing.

This protocol will help you to identify the issues you need to consider when deciding whether to share personal data. It should give you confidence to share personal data

when it is appropriate to do so, but should also give you a clearer idea of when it is not acceptable to share data.

Specific benefits include:

•transparency for individuals whose data you wish to share as protocols are published here;

•minimised risk of breaking the law and consequent enforcement action by the Information Commissioner’s Office (ICO)or other regulators;

•greater public trust and a better relationship by ensuring that legally required safeguards are in place and complied with;

•better protection for individuals when their data is shared;

•increased data sharing when this is necessary and beneficial;

•reduced reputational risk caused by the inappropriate or insecure sharing of personal data;

•a better understanding of when, or whether, it is acceptable to share information without people’s knowledge or consent or in the face of objection; andreduced risk of questions, complaints and disputes about the way you share personal data.

Please ensure all sections of the template are fully completed with sufficient detail to provide assurance that the sharing is conducted lawfully, securely and ethically.

Item / Name/Link /Reference / Responsible Authority
Privacy Impact Assessment / / PA Consulting
Supporting Standard Operating Procedure / NA – small PA team present on Essex site with data on PA laptops but not PA site / Please see contract
Associated contract / / PA Consulting
Other associated supporting documentation / / PA Consulting

Published Information Sharing Protocols can be viewed on the WEISF Portal.

1. / Purpose / REFERENCES
We will form a joint team of Essex CC colleagues and PA consultants to work for 10 consecutive days to deliver substantial insights about social worker productivity. We will focus the activities of the team on exploratory analytics using our many times tried and tested framework we call the Value Pyramid. The Value Pyramid is a simple structure on top of which any data-driven discussion can be organised. In this assignment, we will use it to define the specific insights we need to explore, which in turn helps define the specific analytics actions required.
This will be the first step on a journey for you and participating key stakeholders that showcases the hidden value in the data you have easy access to but do not routinely use.We will aim to re-use data you have quick and convenient access to – not construct elaborate data sets from scratch.
The final output from the 2 week challenge will be a data-story that explains at least one substantial insight. This is much more than a single number or quantified answer to a specific question about the opportunity to improve productivity or save money. We use the term ‘insight’ here to mean the full derivation and story of discovery of an evidence-based finding that each member of the team will be able to explain. This will be delivered in quantitative outputs you would expect (for example Tableau visualisations, Excel workbooks) and also outputs you might expect less – infographics, animations and videos that explain the approach and key findings. / GDPR
Go to article 5
2. / Information to be shared
The pseudonymised information to be shared is as follows. Details of each of these variables can be found below:
Demographics & location / Service / Reablement Fields
TITLE / CurrentServices / Referral Source
DATE_OF_DEATH / Package_Requesting_Team / Amended Hospital
GENDER / Contract_Type / Failed to Start
MARITAL_STATUS_DESC / ELEMENT_GROUP / Reason Package Failed to Start
AllCareSpecialism / BUDGET_CODE / Actual Package Start Date
LOCALITY_NAME / SERVICE_START_DATE / Has the person been supplied with Equipment
DISTRICT_NAME / SERVICE_END_DATE / has the person been supplied with Assistive Tech
CCG / ELEMENT_END_DATE / Number of days person was in Reablement
Length_of_Stay / Single or Double handed care at the start
Active_Package / Situation at the end of Reablement/ when Reablement Ceases
Review allocation Report Fields / PURCHASING_TEAM / Package Started
LAST_EVENT_REGION / COST_PER_WEEK / Amended Referral source
RESPONSIBLE_TEAM / ONE_OFF_COST / Hospital or Community
Overdue / RATE_TYPE
Reviews Fields / UNIT_OF_MEASURE
STEP_STATUS / Calculated_Rate
Review_Type2 / Active_Package_Cost
Assessments Fields
Assessment Type
Age at event
Referral Start
Previous Referral?
Referral Source
Referral Source Category
Referral End
Step Name
Step Start Date
Step End Date
Pathway Ref
Marker Name
Contact Staff Dept
Key Team
Go to articles 6 - 9
3. / Legal Basis
Anonymised/pseudonymised data only will be shared. No person identifiable data will be used and it is therefore not necessary to satisfy a condition for processing under either the Data Protection Act 1998 schedules 2 & 3, or the General Data Protection Regulation 2016 Articles 6 & 9.
Personal Data / Special Categories of Data
Anonymised/pseudonymised data only will be shared. No person identifiable data will be used.
If personal data is fully anonymised/pseudonymised it is no longer personaldata. In this context anonymised means that it is not possibleto identify an individual from the data itself or from that data incombination with other data, taking account of all the meansthat are reasonably likely to be used to identify them.
ECC will comply with the Health & Social Care Anonymisation Standard and the ICO Anonymisation Code of Practice to ensure that datasets used for this project do not contain personal data. / Anonymised/pseudonymised data only will be shared. No person identifiable data will be used.
If personal data is fully anonymised/pseudonymised it is no longer personaldata. In this context anonymised means that it is not possibleto identify an individual from the data itself or from that data incombination with other data, taking account of all the meansthat are reasonably likely to be used to identify them.
ECC will comply with the Health & Social Care Anonymisation Standard and the ICO Anonymisation Code of Practice to ensure that datasets used for this project do not contain personal data.
Fair Processing in accordance with General Data Protection Regulation 2016 article 12.
Each Partner is responsible for ensuring that Fair processing requirements have been satisfied by being transparent regarding their use of anonymised data for research and service planning in the privacy notices given to individuals at point of contact.
Use of any pseudonymised dataset is for the sole purpose set out above. The Data must not be shared with any other organisation or named individual not explicitly referred to within this protocol.
Fair processing requirements have been satisfied by clear reference on our website to our use of data for service improvement/research, and an assurance that only anonymised/pseudonymised data will be used. / GDPR
Go to articles 6-14
4. / Responsibilities
For the purposes of this Protocol the responsibilities are defined as: / √ or × / Organisation Name(s)
The Sole Data Controller for this sharing is / √ / Essex County Council
Data Processors party to this protocol are:
1.Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.
2.The processor shall not engage another processor without prior specific or general written authorisation of the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.
3. Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.
Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation. A processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller. / √ / PA Consulting
This Protocol will be reviewed one year after it comes into operation to ensure that it remains fit for purpose. The review will be initiated by Essex County Council. / GDPR
Go to articles 13-14, 24 - 31
5. / Subject Rights
GDPR Article 15 -Subject Access - is an individual’s right to have a copy of information relating to them which is processed by an organisation.
Once information is disclosed from one agency to another, the recipient organisation becomes the Data Controller for that information. With regards to subject access requests, the Data Controller has a statutory duty to comply with article 15 of the GDPR, unless derogation applies. It is good practice for the recipient organisation to contact the originating organisation. This enables the originating organisation to advise the use of any statutory derogation that may need to be applied prior to disclosure to the requesting individual. Communication should take place speedily thus allowing the servicing of the request to take place within the Statutory 20 working days (additional 2 months for complex SARs), time period.
If a party receives a request for information under the Freedom of Information (FOI) Act 2000 or Environmental Information Regulations (EIR) 2004 that relates to data that has been disclosed for the purposes of this Information Sharing Protocol, it is best practice to seek advice from the originating organisation prior to release. This allows the originating organisation to rely on any statutory exemption/exception under the provisions of the FOI Act or EIR and to identify any perceived harms. However, the decision to release data under the FOI Act or EIR is the responsibility of the agency that received the request.
Essex Partner Agencies’ Information Sharing Agreements are made publicly available on the Whole Essex Information Sharing Framework website to enable compliance with article 12 of the GDPR.
GDPR Article 17 (1)(b)&(e) – Right to be forgotten–This right may apply where the sharing is based on consent, or where a Court Order has demanded that the information for an individual must no longer be processed. Should either circumstance occur, the receiving Partner must notify all Data Controllers party to this protocol, providing sufficient information for the individual to be identified, and explaining the basis for the application, to enable all Partners to take the appropriate action to ensure compliance with the GDPR. / GDPR
Go to articles 12 – 22
Go to article 17 & 19
6. / Security of Information
Control in place / √ / ×
There are good quality access control systems in place / √
Paper information is stored securely / NA
Paper and electronic information is securely destroyed with destruction log for electronic information / √
Laptops and removable media such as memory sticks are secured when not in use / √
Technical security appropriate to the type of information being processed is applied / √
Arrangements are in place to meet the requirements for confidentiality, integrity and availability / √
Disaster recovery arrangements are in place / NA
Encryption of personal data is fully implemented / √
Data minimisation has been considered / √
Can pseudonymised or anonymised data be used to meet your processing needs? / √
There are sufficient access controls for systems/networks in place / √
Routine and regular penetration tests are carried out / √
Article 40 Codes of Conduct are adhered to (where applicable) / √
Appropriate security is applied to external routes into the organisation; for example, internet firewalls and remote access solutions / √
Personal information will be securely shared viaEgress secure email and file transfer service
Pseudonymisation at source is via OpenPseudonymisation provided by University of Nottingham which is compliant with NHS Digital Anonymisation Standard and aligns to the Information Commissioners Office Anonymisation Code of Practice.
Partners receiving information will:
  • Ensure that their employees areappropriately trained to understand their responsibilities to maintain confidentiality and privacy;
  • Protect the physical security of the shared information;
  • Restrict access to data to those that require it, and take reasonable steps to ensure the reliability of employees who have access to data, for instance, ensuring that all staff have appropriate background checks
  • Maintain an up to date policy for handling personal data which is available to all staff
  • Have a process in place to handle any security incidents involving personal data, including notifying relevant third parties of any incidents
  • Ensure any 3rd party processing is agreed as part of this protocol and governed by a robust contract and detailed written instructions for processing.
articles 30 - 45
7. / Format and Frequency
The format the information will be shared in iscsv and excel files
The frequency with which the information will be shared is ‘one off only’
8. / Data Retention
Information will be destroyed by PA at the end of the project. Storyboards and insight generated will remain be property of ECC
Intellectual Property and Rights of Use
7.1 / Intellectual Property (“IP”) means all forms of intellectual property, including, without limitation, property in and rights under copyright, patents, conceptual solutions, circuit layout rights, performance rights, design rights, designs, database rights, trade names, trademarks, service marks, methodologies, ideas, processes, methods, tools and know-how and entitlement to make application for formal (or otherwise enhanced) rights of any such nature.
7.2 / IP and rights to IP owned by either Party on the date of the Agreement or created outside the terms of this Agreement and all modifications thereto and derivative versions thereof created during the services ("Background IP”) shall remain the property of that Party.
7.3 The Client hereby grants to PA a royalty-free, non-exclusive, non-transferable licence to use the Client's Background IP as required to allow PA to perform its obligations under the Agreement.
7.4 / IP created or developed by PA within the provision of the services ("Foreground IP") and rights to such IP will be owned by PA.
7.5 / Upon completion of the services and on receipt of payment in full by PA, PA will grant to the Client a royalty-free, non-exclusive, non-transferable licence to use any Foreground IP and PA's Background IP as required to allow the Client to use the deliverables produced by PA for the objectives set out in the Agreement.
7.6 / The licence referred to in clause 7.5 will be terminable by PA if the Client uses or seeks to use the Foreground IP and PA’s Background IP for purposes other than those described in clause 7.5.
7.7 / PA warrants that to the best of PA’s knowledge and belief the results of the services shall not infringe the copyright of any third party.
Go to article 5
9. / Data Accuracy
It is incumbent on each Partner to ensure that appropriatedata quality assurance checks are made to assure the quality of the data used in this activity. Any Partner who becomes aware of incorrect data must advise all relevant Partners as soon as possible to enable remediation not only at source, but also within the portal.
The data controller retains full responsibility for the actions of the data processor – if there is a data protection breach then the data controller remains responsible. The key obligation is that the processing by a data processor must be carried out under a written contract which requires the data processor to act only on instructions from the data controller.Partners to this protocol will have the right to independently audit the psuedonymisation activity to assure compliance. This right can be exercised by making a request from one named contact (listed above) to another partner’s named contact.
ECC is extracting data t used information from standard reports that are used for statuary returns this include a QA process by operational teams and signed off by exec directors. / GDPR
Go to articles 5, 16 - 18
10. / Breach Notification
Where a security breach linked to the sharing of data under this protocol is likely to adversely affect a data subject, Partners are required to inform all involved Partners within 48 hours of the breach being detected. The email addresses on page 1 should be used to contact the Partners. The decision to notify the ICO can only be made after consultation with any other affected Partner to this protocol, and notification to the ICO must be made within 72 hours of the breach being detected. Where agreement to notify cannot be reached within this timeframe, the final decision will rest with the Protocol owner as depicted on page 1 of this document.
All involved Partners should consult on the need to inform the Data Subject, so that all risks are fully considered and agreement is reached as to when, how and by whom such contact should be made. Where agreement to notify cannot be reached, the final decision will rest with the Protocol owner as depicted on page 1 of this document.
All Partners to this protocol ensure that robust policy and procedures are in place to manage security incidents, including the need to consult Partners where the breach directly relates to information shared under this protocol.