DRAFT
Page Content:
- Agreed Next Steps
- Description
- Components
- Scope
- Related JIRA ticket links
- For Discussion & Assumptions
Next steps:
- Discuss with Ray Hill on the above questions and agree the next steps.
- User Journeys to get to the relevant privacy notice pages and cookie policy
- Decide on the content of the cookie policy and the relevant page and create draft.
- Review SOPS and Governance Compliance documents on Confluence.
- Review of ESR - how data will be processed?
- Arrange call with Andrew Todd/RayHill on GDPR considerations
Description
The question was raised whether TIS should have a cookie policy against apps.tis.nhs.uk with a corresponding disclaimer/consent.
The HEE one is on a parallel domain: https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies and includes specific individual cookie details which may set a precedent or at least expectation against LIN.
Need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS
Components:
Scope:
Need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS.
*As an* Information Governance lead
*I Want* to ensure that all TIS users have signed/agreed the relevant information governance T&Cs
*So That* they are compliant with HEE policy and law on data governance
Jira Links:
TIS-289 - Getting issue details... STATUS
TISDEV-2633 - Getting issue details... STATUS
TISDEV-1216 - Getting issue details... STATUS
TISDEV-2632 - Getting issue details... STATUS
For Discussion and Assumptions:
| Item | Question | Comment | Owner |
|---|---|---|---|
| 1 | Technically as it isn't a 'public facing' service does it need one? Would it be good practice to include on anyway for Learners confidence in the system? Or is it superceded by HEE IG terms? | Ray Hill (Unlicensed) | |
| 2 | Is there a need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS? | Trainees will be public facing I believe whille the rest of the users over N3. Trainees will need to see and agree a Privacy Policy on first time logging in. (Splash screen) | Ray Hill (Unlicensed) |
| 3 | Should it have a Terms and Conditions of Use either implicitly by logging in or first time consent on user registration or first login? | There may not be registration on TIS. | Ray Hill (Unlicensed) |
| 4 | Is a cookie policy required? | Temporary session cookie only to enable section of the site to be used and navigated or persistant cookies? Or persistent cookie until the time set expires or the user deletes the cookie? Required for trainees to view and accept cookies. Whether temporary or persistant is a technica decision. | Ray Hill (Unlicensed) |
| 5 | Is a Disclaimer/Privacy Policy required? Is so for which users? | This is more about the data collected and how they are processed by TIS. Documents available on: SOPS - confluence (Ray ro send) Governance compliance - confluence (Ray to send) | Ray Hill (Unlicensed) |
| 6 | Do we need to consider a link for 'Terms & Conditions of Use' visible and accessible all time on the TIS? | Ray Hill (Unlicensed) | |
| 8 | Consideration for GDPR (May 2018) and therefore seek guidance on Information Governance (Andrew Todd)? | Yes - removal of data from the system requests Retention of medical records requirement Arrange Call on Wednesday/Thurs - meeting with Andrew Todd | Ray Hill (Unlicensed) |
| ESR - Review | |||
Examples we could consider:
- HEE Privacy and Cookie Policy: https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies
- Intrepid
- Oriel
Add Comment