Those involved in the development and delivery of learning and development are aware of the Data Protection Act and what this means for the collection and protection of personal data.: NHS e-Learning Readiness

Further Information: Those involved in the development and delivery of learning and development are aware of the Data Protection Act and what this means for the collection and protection of personal data.

What do trainers need to be aware of?

Security concerns in the electronic networked environment mean that you should be aware of the need to protect personal data from access and unauthorised alteration.

When compiling training records you need to ask yourself the following questions:

Do I really need this information about an individual?
Do I know what I'm going to use it for?
Do the people whose information I hold know that I've got it?
Am I sure the personal information is accurate and up to date?

Staff responsible for collecting and inputting personal data should be trained and regularly updated in the requirements of the Data Protection Act 1999. They need to be aware of the Act and have the ability to relate this to the information that is being input into a learning management system (LMS). This could be the Oracle Learning Management (OLM) component of the Electronic Staff Record (ESR) .

Have you trained your staff in their duties and responsibilities under the Data Protection Act?

Are they putting them into practice?

How do you keep data secure?

Adequate security is now accepted as a basic requirement for every e-commerce or networked system. This applies to all the underlying components including the network, firewalls, routers, Internet, and so on.

How do you ensure that the security is appropriate and up to scratch?
How do you know that there are no major exposures?
How do you audit it methodically?

Information held on a laptop or other portable device that could be used to cause an individual damage or distress should be encrypted. This is particularly important where it contains financial or medical information. The level of protection provided by the encryption should be reviewed and updated periodically.

It is essential to ensure that it is sufficient in the event of the device being lost or stolen. You may need to seek specialist technical advice. In addition to technical security, organisations must have policies on the appropriate use and security of portable devices. Your staff will need to receive awareness training in these.

Related Resources

Electronic Staff Records (ESR)

Web site of McKesson, the implementers of ESR, the workforce and learning management system for the NHS.

http://www.esrsolution.co.uk
Joint guidance on use of IT equipment and access to patient data

An NHS CFH web page that includes information about data protection and laws of confidentiality.

http://www.connectingforhealth.nhs.uk/newsroom/media/jointguidance250407?searchterm=data+protection+
NHS Information Governance

A best practice guidance that lists the relevant legal and professional obligations management, use and disclosure of NHS and social care information.

Download file (267.2 KB pdf)
Data Protection Act - Information Commissioner's Office

The Information Commissioner's Office web page about the Data Protection Act. It includes links to informaiton about your responsibilities.

http://www.ico.gov.uk/what_we_cover/data_protection.aspx