Model Protocol process
PROCESS SECTION
-
We will define the requirement, outline the nature of the risk, identify the information holders and agree future disclosure procedures. It is this initial contact between us whether by meeting, correspondence or telephone, that is fundamental to the drawing-up of this Protocol. This process may involve meetings, but the process must be documented in writing. This is to provide a paper trail for any audit and for clarity purposes.
-
Agreed disclosure procedures will generally require making a request in writing. The reply to this request will normally be made within [insert timeframe]. As the disclosing partner, it is my responsibility to make the assessment and consider the nature of the formal request, replying within [ Insert time-frame].
-
Access to personal information by staff other than ourselves [as PDO or DO], must be limited to employees whose work is directly related to the project and those working within the crime reduction program or field.
-
The data subject is legally entitled to request their records from the receiving agency unless an exemption under the Data Protection Act 1998 applies. If the subject requests access to their records, we should immediately contact the disclosing agency, to determine whether the latter wishes to claim exemption. From this stage, the procedure should be fully documented in writing and stored on file.
-
We must agree the criteria for the review and weeding of data in accordance with existing policies and codes of practice [insert here]. This should cover variations of data held by us and we should agree a maximum retention period for each item of data.
[It must be noted that the above represents the recommended approach to setting-up data sharing arrangements. You may have less formal arrangements.]
Last update: