Data Protection Policy
Statement of Principle for Direct Observation of Practice
We regard the lawful and correct treatment of personal information by Skills for Care as an important element of our business and maintaining the confidence of those with whom we deal. We ensure that our organisation treats personal information (data) lawfully and correctly.
Personal data means data which relate to a living individual who can be identified either from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
Therefore Skills for Carefully endorses and, through appropriate management, strict application of criteria and controls, adheres to the 8 Principles of Data Protection as described in the Data Protection Act 1998.
We also ensure that:
Skills for Care Limited is a data controller required to notify under the Data Protection Act 1998. Our registration number is Z6220820
Privacy policy
Skills for Care is committed to safeguarding your privacy. The following policy details how personal information will be collected and treated under the Direct Observation of Practice initiative.
Data collection - Direct Observation of Practice
Data for the purposes of this project is collected by way of video which is used to record the practice of social workers for the purposes of training and ensuring a nationally consistent assessment standard.
Prior to each video recording where the service user has capacity the purpose of the video will be explained and they will be asked to sign a consent form. (Appendix1) Where the service user lacks capacity the social worker will complete an assessment to determine whether the video poses any threat or would be detrimental to the service user and where appropriate seek approval from a relative/carer ( appendix2)
Beyond the video recording no other data will be collected in respect of this initiative.
The video will not include any personal information (i.e. full name, address, etc) and the recording will be assigned a unique reference number to identify it.
Data use
As part of their training and professional development all social workers should be observed ‘in practice’ by a registered experienced social worker who can assess their skills and ability to put their theoretical knowledge into practice.
By videoing these sessions the social worker and their assessor can review the recordings and discuss what went well and any areas for improvement.
The videos will also be reviewed by one other person an ‘internal moderator’ (an experienced social work professional) who will compare it with others within the organisation to ensure a consistent standard and approach is being maintained.
The data will not be used for any other purpose.
The social worker and assessor should ensure when reviewing the video that every precaution is taken to maintain privacy. The video should be not reviewed in a public place. Individual social workers will be expected to comply with the requirements laid down by their employer on the security arrangements for accessing and using data when working remotely.
Data access
The video can only be viewed by the social worker and assessor involved in the meeting where the recording took place – they cannot view videos made by other social workers. In addition, all videos made by social workers within a particular organisation can only be viewed by the ‘internal moderator’.
No Skills for Care staff will have access to the video recording.
Data security
All tablets/laptops will be encrypted and only accessible through personal log in details. At the end of the meeting where video recording takes place the video will automatically be saved onto the tablet/laptop computer. As soon as reasonably possible the video will be transferred to a secure storage library hosted and administered by SICL, who are a “tier 3” hosting provider with ISO27001 accreditations, for Skills for Care which will be password protected. At this point the video will automatically be deleted from the tablet/laptop. In order to view the videos the social worker, assessor and internal moderator will need a unique username and password to ensure that they can only view videos relevant to them.
Skills for Care confirms it has established Incident Reporting and Management procedures consistent with the Information Commissioner’s guidance for investigating and handling security breaches. In the event of a breach of security or confidentiality resulting in the compromise of data, urgent remedial measures will be implemented.
Appendix 3.
Removal of data
At the end of the project,(date 2017), all of the video recordings will be securely wiped from the secure storage library. The deletion will follow best Government practice and will be undertaken in line with HMG Security Policy Framework and ISO27001 standards.
Skills for Care ensure that the secure deletion of data will be performed at the end of the project or if the company was to go into administration.
Should any service user advise Skills for Care that they wish to have data removed or suppressed this will be done within 14 days of receipt of the request. We will keep a register of participants who withdraw from the project.
Freedom of information
The Freedom of Information Act 2000 provides public access to information held by public authorities. Skills for Care is not a public authority and does not fall within the provisions of the Act. The Act does not give people access to their own personal data (information about themselves) such as their health records or credit reference file. If a member of the public wants to see information that Skills for Care holds about them, they should make a subject access request under the Data Protection Act 1998.
Signed – Skills for Care Signature Date
Signed – Agency Name Signature Date
Appendix 1
Newly Qualified social worker
Direct Observation of Practice
As part of their training and professional development all newly qualified social workers must be observed ‘in practice’ by a registered experienced social worker who can assess their skills and ability. This is to ensure that social workers are safe and competent to practice, and to reassure you that you are getting the best service possible.
For this purpose the social worker will be accompanied by their assessor who will be checking that their practice reaches the required standard. The session will be videoed. By videoing these sessions the social worker and their assessor can watch them back and discuss what the social worker did that went well and any areas for improvement.
The videos will also be reviewed by one other person who is an experienced social work professional. They will view the video in order to compare it with others within the organisation to ensure a consistent standard and approach is being maintained by social workers.
At the end of the interview once the social worker has left the assessor will ask you for your feedback on the practice of the social worker.
You do not need to worry about any other unauthorised person seeing the video. The process is run in accordance with the Data Protection Act (1998).
Further details about the implications of the Data Protection Act in relation to this process are available weblink or ask your social worker for a copy.
Please sign to say that you are happy for the observation and video to go ahead
Signed
Dated
Thank you for helping to ensure that the service that social workers provide is the best it can be.
Appendix 2
Assessment - Where the Service User lacks capacity
NQSW - to complete assessment, and Assessor to sign as appropriate for video recording
Is this a situation that you would have chosen for a Direct Observation under the existing arrangements (refer to Guidance: Preparing for the Direct Observation) YES /NO
Where possible and appropriate the consent of a relative/Carer to the videoed Direct Observation should be obtained.
-Is there a relative/Carer who is able to give informed consent Yes / No
-Has the request been explained and discussed with the relative/Carer using the Participant Information sheet Yes /No
-Are they in agreement to the videoed Direct Observation proceeding Yes /No
Identify any issues that could make use of the video detrimental to the service user. Consider:
Signed :
NQSW ………………………………………………………………………………………..DATE
Assessor - I agree that all reasonable steps have been taken to assess any detrimental impact of the use of the video on the Service User …………………………………………………………….Date
Appendix 3
Direct Observation Pilot - ICT Security
Arrangements and information for end users
Introduction
In providing a secure system for the video recording of live practice Skills for Care will supply and encrypt the mobile device and provide a central secure storage facility available only to authorised staff.
Skills for Care protect its ICT systems effectively. Where appropriate and proportional to the business requirements, Skills for Care implements “best practise” security measures.
General
- Skills for Care systems are hosted at a number of locations and resilience built into the design. If one of the hosting locations fails, then an alternative one takes over.
- All internal systems are protected by “best of breed” system perimeter defences that consist of enterprise firewall and intrusion detection systems.
- Staff are briefed on security arrangements and a robust password policy is in place, which are underpinned by an Acceptable Usage Policy (AUP)
- All PCs/Laptops are locked down and protected by McAfee antivirus software and updates are applied regularly.
- There is a Disaster Recovery and Business Continuity plan in place, which is tested annually.
- There are planned annual systems security penetration tests undertaken to ensure the measures implemented are effective.
Skills for Care adopt a proportional and cost effective means of securing its systems, which is proportional to the needs and requirements of the business. As such, and for the purpose of this project, ICT systems and data will be secured by:
- Adopting, where appropriate, HMG Security Policy Framework* (SPF) practises to secure and manage data / information.
- Defining an Information Asset Owner (IAO) who will be responsible for the protection and safeguarding of the Direct Observations data and information (including videos).
- Encrypting data on any devices supplied (i.e. Tablets) using CESG (GCHQ) endorsed encryption software (BitLocker)
- Implementing data communication security technologies to safeguard the data when synchronised from the device into the cloud.
- All endeavours will be made to ensure any data and information stored in 3rd party products and systems is encrypted and security protected.
- Any data / information (incl. Videos) will be stored; in order to comply with the Data Protection Act (DPA) on EU territories. All data / information will be synchronised onto a secure hosting environment.
*
The security policy framework describes the standards, best-practice guidelines and approaches that are required to protect assets (people, information and infrastructure). It focuses on the outcomes that are required to achieve a proportionate and risk-managed approach to security that enables government business to function effectively, safely and securely.
1