DRAFT
Description
Should TIS have a cookie policy against apps.tis.nhs.uk with a corresponding disclaimer/consent?
The HEE one is on a parallel domain: https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies and includes specific individual cookie details which may set a precedent or at least expectation against LIN?
Technically as it isn't a 'public facing' service does it need one? Would it be good practice to include on anyway for Learners confidence in the system?
Should it have a Terms of Use either implicit by logging in or first time consent on user registration/first login?
Need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS
Next action:
- Users: Should it be for Admins and trainees only?
- Is a Cookie Policy required?
- Is a Disclaimer/consent required?
- Do we need to consider Terms & Conditions of Use?
- Do we need to also consider Account and Password policy as part of this?
- Consideration for GDPR (May 2018)? and therefore seek guidance on Information Governance (Andrew Todd)
Examples we could consider: