Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

DRAFT

Page Content:

  • Description
  • Components
  • Scope
  • Related JIRA ticket links
  • For Discussion & Assumptions
  • Agreed Next Steps


Description

The question was raised whether TIS should have a cookie policy against apps.tis.nhs.uk with a corresponding disclaimer/consent.

The HEE one is on a parallel domain: https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies and includes specific individual cookie details which may set a precedent or at least expectation against LIN.

Need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS


Components:

TIS-679


Scope:

Need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS.

*As an* Information Governance lead
*I Want* to ensure that all TIS users have signed/agreed the relevant information governance T&Cs
*So That* they are compliant with HEE policy and law on data governance


Jira Links:

TIS-289 - Getting issue details... STATUS

TISDEV-2633 - Getting issue details... STATUS

TISDEV-1216 - Getting issue details... STATUS

TISDEV-2632 - Getting issue details... STATUS



For Discussion and Assumptions:


ItemQuestionCommentOwner
1Technically as it isn't a 'public facing' service does it need one? Would it be good practice to include on anyway for Learners confidence in the system?
Ray Hill (Unlicensed)
2Is there a need to consider different user groups - HEE staff, Trainees, Trusts, Trainers etc who will have different legal relationships to HEE and TIS?
Ray Hill (Unlicensed)
3Should it have a Terms of Use either implicit by logging in or first time consent on user registration/first login?
Ray Hill (Unlicensed)
4Is a cookie policy required?
Ray Hill (Unlicensed)
5Is a Disclaimer/Consent required? Is so for which users?
Ray Hill (Unlicensed)
6Do we need to consider Terms & Conditions of Use?
Ray Hill (Unlicensed)
7Do we also need to consider Account and Password policy as part of this?The is superseded by: Password Management PolicyRay Hill (Unlicensed)
8Consideration for GDPR (May 2018) and therefore seek guidance on Information Governance (Andrew Todd)?
Ray Hill (Unlicensed)














Examples we could consider:

  1. HEE Privacy and Cookie Policy: https://www.hee.nhs.uk/about-us/contact-us/privacy-cookies
  2. Intrepid 
  3. Oriel


Next steps:

  • Discuss with Ray Hill on the above questions and agree the next steps.
  • User Journeys to get to the relevant privacy notice pages and cookie policy
  • Decide on the content of the cookie policy and the relevant page and create draft.


  • No labels

Slack: https://hee-nhs-tis.slack.com/
Jira issues: https://hee-tis.atlassian.net/issues/?filter=14213