Competency 2.1.2

Question 1

Why was the Data Protection Act 1998 Necessary?

Answer 1

• It was needed to replace earlier legislation which was lacking in regards to new computerised methods of storing information
• It was around this time that computer systems were becoming a more common way of data storage by companies and the legislation needed to be updated to reflect this

Question 2

What is contained in the Data protection Act 1998?

Answer 2

• Features 8 core principles which companies use to mould their own policies
• Fair and Lawful
• Purposes
• Adequacy
• Accuracy
• Retention
• Rights
• Security
• International Transfers

Question 3

What is the Fair and Lawful Principle in Data Protection Act 1998?

Answer 3

• Requires the controller to notify the subject of:
  
  • Identity of controller
  • Intended purpose of the data
  • To whom the data may be inclosed
• Ensures that data is processed lawfully and fairly

Question 4

What is the Purposes Principle in Data Protection Act 1998?

Answer 4

• The data can only be used for lawful and justifiable purpose

Question 5

What is the Adequacy Principle in Data Protection Act 1998?

Answer 5

• Can only collect the minimum amount of data required
• Avoids excessive data capturing
• No need for Specsavers to hold information that does not relate to the patients eye care

Question 6

What is the Accuracy Principle in Data Protection Act 1998?

Answer 6

• The data collector can only collect and hold accurate information
• Important to update phone numbers and addresses in Speccies when patient turns up

Question 7

What is the Retention Principle in Data Protection Act 1998?

Answer 7

• This means that the data cannot be stored indefinitely
• There exists a limit to how long it can be stored

Question 8

What is the Rights Principle in Data Protection Act 1998?

Answer 8

• Gives the individual rights surrounding how their data is used:
  
  • Can access their personal data
  • Prevent direct marketing
  • Correct inaccurate data

Question 9

What is the Security Principle in Data Protection Act 1998?

Answer 9

• Places responsibility on the controller to protect data from:
  
  • unauthorised access
  • Unlawful processing
  • Accidental damage, destruction or loss of data

Question 10

What is the International Transfers Principle in Data Protection Act 1998?

Answer 10

• Controller has to inform individual if they intend to move their data internationally
• Controller has to investigate if the country theyre moving their data to has sufficient laws to secure their data

Question 11

Data Protection Act 2018 Changes

Answer 11

• Now 7 principles, with the security and international transfers sections being looked after by separate legislation
• Added legal obligation to comply with rest of principles, this compliance must be proven on demand through e.g. company policies.
• Now both controller and processor can be fined.
• Creation of special category data

Question 12

Special Category Data

Answer 12

• Greater protection for information deemed to be more sensitive e.g. ethnicity or health information
• When dealing with special category data both a lawful basis and a condition are needed for processing
• In optics this could be:
  
  • Lawful basis > In public interest
  • Condition for processing > Processing for medical reasons

Question 13

Measures Taken to Protect Patient Records

Answer 13

• Staff such as optometrist and DO’s etc must be GOC registered and therefore must comply with GOC standards to ensure confidentiality
• All computers are password protected and locked when not in use
• Each colleagues login details provide differing levels of access depending on qualification e.g OA cannot change sight test data
• Paper details are enclosed in a plastic file which prevents any data being visible to those not authorised to see it
• Store colleagues provided with iLearn training which informs them on Data Protection responsibilities
• Records kept for 10 years after last contact/death or in case of an under 18, until their 25th birthday

Question 14

When Can Records be Shared?

Answer 14

• Sharing to charity organisation regarding suspected abuse of a child (safeguarding the individual)
• Sharing details with DVLA of an individual who poses a risk by driving (safeguarding public)
• Sharing data with law inforcement to facilitate their work

Question 15

Obtaining Consent for Records

Answer 15

• Record VCG and supervisor initials e.g. JR
• The patient is consenting to the record being anonymised and shared with both supervisor and assessor from college for the purpose of assessment and development.
• Personal data such as name and address will be anonymised but certain relevant information e.g ethnicity or health information will remain.

Question 16

If a Patient Refuses Consent

Answer 16

• If refusing to be used in assessment then just don’t count record to portfolio but as long as patient happy for data to be shared with supervisor then can be tested by me
• If refusing to be shared with both supervisor AND assessor then cannot be tested by me, as I am practising under supervision.
• If refuses consent to store any data at all, then cannot perform eye test as unable to protect yourself through records from legal allegations.