Assessment Notices under the Data Protection Act 1998 - Extension of the Information Commissioner’s Powers

Closed 17 May 2013

Opened 25 Mar 2013

Results Updated 22 Jan 2015

Based on evidence presented by the Information Commissioner and the responses from NHS bodies and others to the consultation document, the government believes a compelling case has been made for extending the Information Commissioner’s Office’s powers of compulsory audit to public authority NHS bodies.

This will be done by way of a Designation Order, SI 2014/3282, entitled, ‘Data Protection (Assessment Notices) (Designation of National Health Service Bodies) Order 2014’.

The Order comes into effect on 1 February 2015.

Files:

Overview

This consultation paper sets out our proposal to extend the powers of the Information Commissioner to carry out compulsory assessments of NHS bodies’ compliance with the Data Protection Act 1998 and its data protection principles. It seeks views from NHS data controllers across the United Kingdom. The proposals are informed by the Information Commissioner’s experience working with NHS bodies to improve their compliance with data protection law. 

Audiences

  • NHS data controllers
  • HSC data controllers

Interests

  • Data protection