DRAFT
Page Content:
- Description
- Components
- Scope
- Related JIRA ticket links
- For Discussion & Assumptions
- Agreed Next Steps
Description
The question was raised whether TIS should have a cookie policy against apps.tis.nhs.uk with a corresponding disclaimer/consent.
The HEE one is on a parallel domain: https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies and includes specific individual cookie details which may set a precedent or at least expectation against LIN.
Need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS
Components:
Scope:
Need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS.
*As an* Information Governance lead
*I Want* to ensure that all TIS users have signed/agreed the relevant information governance T&Cs
*So That* they are compliant with HEE policy and law on data governance
Jira Links:
- TIS-289Getting issue details... STATUS
- TISDEV-2633Getting issue details... STATUS
- TISDEV-1216Getting issue details... STATUS
- TISDEV-2632Getting issue details... STATUS
For Discussion and Assumptions:
Item | Question | Comment | Owner |
---|---|---|---|
1 | Technically as it isn't a 'public facing' service does it need one? Would it be good practice to include on anyway for Learners confidence in the system? | Ray Hill (Unlicensed) | |
2 | Is there a need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS? | Ray Hill (Unlicensed) | |
3 | Should it have a Terms of Use either implicit by logging in or first time consent on user registration/first login? | Ray Hill (Unlicensed) | |
4 | Is a cookie policy required? | Ray Hill (Unlicensed) | |
5 | Is a Disclaimer/Consent required? Is so for which users? | Ray Hill (Unlicensed) | |
6 | Do we need to consider Terms & Conditions of Use? | Ray Hill (Unlicensed) | |
7 | Do we also need to consider Account and Password policy as part of this? | Ray Hill (Unlicensed) | |
8 | Consideration for GDPR (May 2018) and therefore seek guidance on Information Governance (Andrew Todd)? | Ray Hill (Unlicensed) | |
Examples we could consider:
- HEE Privacy and Cookie Policy: https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies
- Intrepid
- Oriel
Next steps:
- Discuss with Ray Hill on the above questions and agree the next steps.
- User Journeys to get to the relevant privacy notice pages and cookie policy
- Decide on the content of the cookie policy and the relevant page and create draft.
Add Comment