The specific standard
Jump to
The statutory framework
There is a wide range of legal provisions that limit, prohibit or set conditions in respect of the handling, sharing and publication of information obtained and/or created by the Ombudsman’s Office and, similarly, a range of legal provisions that require or allow for such information to be shared or published. These provisions create a complex legislative landscape and balancing the right to know and the right to privacy can be challenging.
The foundations of the statutory framework for the Information Promise are:
- Parliamentary Commissioner Act 1967
- Health Service Commissioners Act 1993
- Data Protection Act 1998
- Freedom of Information Act 2000
- Environmental Information Regulations 2004, and
- Human Rights Act 1998.
For an overview of the legislation relevant to this framework, reference should be made to Parliamentary and Health Service Ombudsman’s Information Promise: guidance on legal obligations.
Codes of Practice
Certain legislation, including the Data Protection Act and the Freedom of Information Act, allows for the preparation and publication of codes of practice relating to the processing of information. The codes do not impose any additional legal obligations but give an authoritative interpretation of the practice data controllers/public authorities should adopt to meet their legal obligations.
The codes of Practice relevant to this framework are:
- The Information Commissioner’s Code of practice on data sharing (issued under section 52A of the Data Protection Act 1998)
- The Lord Chancellor’s Code of practice on dealing with requests under the Freedom of Information Act(issued under section 45 of the Freedom of Information Act 2000)
- The Lord Chancellor’s Code of practice on the management of records (issued under section 46 of the Freedom of Information Act 2000)
Joint Protocols
Dealing with Information Rights: An agreed set of principles between the Parliamentary and Health Service Ombudsman and the Information Commissioner’s Office sets out how we will handle access requests under the Freedom of Information Act and the Data Protection Act and the application of exemptions specifically relevant to the Ombudsman’s work.
Parliamentary and Health Service Ombudsman policy
We have various policies and guidance that are specifically related to information governance and therefore set the administrative framework for the Information Promise. These are:
The Ombudsman’s Delegation Scheme sets out the activities delegated by the Ombudsman and to whom. It includes the delegation of her powers and functions relating to the obtaining and disclosure of information, and the issuing of reports.
Casework Policy and Guidance provides policy and guidance for staff on how to deal with casework and casework related issues, including the handling and sharing of information in the context of assessment and investigation.
Sharing and Publishing Information about NHS Complaints sets out our policy and practice on sharing of information held by the Ombudsman’s Office to improve NHS services.
Records Management Policy provides a framework for the effective management of the Ombudsman’s Office records in accordance with all statutory and business requirements.
Part of the records management policy is the Casework Retention and Disposal Schedule which defines the period of retention for records kept on casework files.
Security Policy is the policy from which all security controls, procedures, advice and education are drawn. It sets out how the Ombudsman’s Office manages security and who is responsible for the delivery of the policy. Amongst other things, it covers the protection of information.
Email Management and Data Storage Policy ensures that the Ombudsman’s Office has in place adequate mechanisms to:
- ensure email messages that form records of business activities are managed appropriately
- ensure compliance with data protection and freedom of information obligations
- mitigate against the risks of inappropriate and excessive data storage.
ICT Acceptable Use Policy provides guidance for staff on the use of the Ombudsman’s Office’s ICT systems.
