[MyData & Open Data] Privacy Impact Assessments

• Previous message: [MyData & Open Data] Privacy Impact Assessments
• Next message: [MyData & Open Data] Privacy Impact Assessments
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Reuben,

A couple of examples of published PIAs:

http://www.england.nhs.uk/wp-content/uploads/2014/01/pia-care-data.pdf - NHS
England's old PIA on the care.data scheme. The PIA revealed (p9) that
patient clinical data would be extracted by the scheme even if they had
opted out, which directly contradicted public promises made by the Secretary
of State for Health on patient opt-outs. So in a way, this PIA served a
useful purpose - showing that NHS England was intending to be really, really
sneaky and thereby helping us get a proper opt-out for patients (i.e. no
data leaving the GP system for patients who had opted out). NHS England has
yet to publish an updated PIA.

http://www.hscic.gov.uk/media/12931/Privacy-Impact-Assessment/pdf/privacy_im
pact_assessment_2013.pdf -  generic PIA on the functions of the Health and
Social Care Information Centre. Again, HSCIC has yet to publish an updated
PIA.

I am also involved in a couple of ongoing PIAs as an external stakeholder. I
obviously couldn't talk about specifics, but would be happy to chat about
process, etc. 

I'm not aware of any specific PIAs covering profiling in the private sector,
but you might go digging around Phorm and its DPI stuff from a few years
back.

Cheers,

Phil

--

Phil Booth
Coordinator, medConfidential

Mobile: 07974 230 839
Web: www.medconfidential.org
Twitter: @medConfidential


-----Original Message-----
From: mydata-open-data [mailto:mydata-open-data-bounces at lists.okfn.org] On
Behalf Of Reuben Binns
Sent: 02 April 2015 14:49
To: mydata-open-data at lists.okfn.org
Subject: [MyData & Open Data] Privacy Impact Assessments

As part of my PhD research, I'm currently looking at privacy impact
assessments. I'm hoping to interview, or just have an informal chat with
anyone who has been involved in a PIA process. This could be a privacy /
data protection officer in an organisation, or a representative of an
external stakeholder group that has been consulted as part of a PIA. I'm
particularly interested in PIA's that cover profiling in the private sector.

I'm also gathering examples of publicly available PIA reports, so any
suggestions would be very helpful. The Catalonia health records report
shared by Gemma yesterday is a good example.

Many thanks in advance,

-Reuben

_______________________________________________
mydata-open-data mailing list
mydata-open-data at lists.okfn.org
https://lists.okfn.org/mailman/listinfo/mydata-open-data


-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2015.0.5863 / Virus Database: 4321/9437 - Release Date: 04/02/15

• Previous message: [MyData & Open Data] Privacy Impact Assessments
• Next message: [MyData & Open Data] Privacy Impact Assessments
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]