Asked by: David Mundell (Conservative - Dumfriesshire, Clydesdale and Tweeddale)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether she has had recent discussions with the Information Commissioner’s Office on the adequacy of the guidance provided on their website for (a) identifying and (b) reporting breaches of data protection law related to personal health data.
Answered by John Whittingdale
The UK’s data protection legislation requires all organisations to process personal data lawfully, fairly, transparently and securely. There are stricter conditions and safeguards in relation to processing of personal data relating to people’s health.
The Data Protection and Digital Information (no. 2) Bill does not remove or amend these foundational principles. Instead, it builds on the existing elements of the legislation to make it more ambitious and innovation-friendly, while still underpinned by secure and trustworthy data standards.
The ICO already has published guidance for organisations on the use of special category data, but it has recently been made aware of concerns linked to the inappropriate sharing of personal health data, including the HIV status of individuals. It is currently engaging with the organisations involved to understand these issues further. It has indicated that it will take the necessary steps to ensure that it supports and advises relevant organisations about sharing sensitive information, and that it is clear in its guidance about identifying and reporting breaches linked to health data.
Asked by: David Mundell (Conservative - Dumfriesshire, Clydesdale and Tweeddale)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, if the Information Commissioner’s Office will publish guidance for (a) employers, (b) health and social care settings and (c) police forces on sharing data about a person's HIV status.
Answered by John Whittingdale
The UK’s data protection legislation requires all organisations to process personal data lawfully, fairly, transparently and securely. There are stricter conditions and safeguards in relation to processing of personal data relating to people’s health.
The Data Protection and Digital Information (no. 2) Bill does not remove or amend these foundational principles. Instead, it builds on the existing elements of the legislation to make it more ambitious and innovation-friendly, while still underpinned by secure and trustworthy data standards.
The ICO already has published guidance for organisations on the use of special category data, but it has recently been made aware of concerns linked to the inappropriate sharing of personal health data, including the HIV status of individuals. It is currently engaging with the organisations involved to understand these issues further. It has indicated that it will take the necessary steps to ensure that it supports and advises relevant organisations about sharing sensitive information, and that it is clear in its guidance about identifying and reporting breaches linked to health data.
Asked by: David Mundell (Conservative - Dumfriesshire, Clydesdale and Tweeddale)
Question to the Department for Science, Innovation & Technology:
To ask the Secretary of State for Science, Innovation and Technology, whether her Department has made an assessment of the potential impact of the Data Protection and Digital Information (No.2) Bill on people living with HIV.
Answered by John Whittingdale
The UK’s data protection legislation requires all organisations to process personal data lawfully, fairly, transparently and securely. There are stricter conditions and safeguards in relation to processing of personal data relating to people’s health.
The Data Protection and Digital Information (no. 2) Bill does not remove or amend these foundational principles. Instead, it builds on the existing elements of the legislation to make it more ambitious and innovation-friendly, while still underpinned by secure and trustworthy data standards.
The ICO already has published guidance for organisations on the use of special category data, but it has recently been made aware of concerns linked to the inappropriate sharing of personal health data, including the HIV status of individuals. It is currently engaging with the organisations involved to understand these issues further. It has indicated that it will take the necessary steps to ensure that it supports and advises relevant organisations about sharing sensitive information, and that it is clear in its guidance about identifying and reporting breaches linked to health data.