Society of British Neurological Surgeons Information Security Policy
This policy is designed to cover the information and data protection policy of the Society of British Neurological Surgeons.
The “SBNS” and the “society” are The Society of British Neurological Surgeons
Data Protection Policy
The SBNS undertakes to abide by the data protection act 1998, the principles of which are summarised here:
- Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless certain conditions are met.
- Personal data shall be obtained only for specified and lawful purposes, and shall not be further processed in any manner incompatible with those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it is processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose.
- Personal data shall be processed in accordance with the rights of data subjects under the data protection act 1998.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
The SBNS will
- Maintain an informatics committee with specific responsibility for data protection
- Observe fully conditions regarding the fair collection and use of information
- Collect and processes appropriate information, and only to the extent that is needed to fulfil operational needs or to comply with the legal requirements
- Ensure the quality of information used
- Ensure that the rights of people about whom information is held are able to be fully exercised including
- the right to be informed that processing is being undertaken
- the right of access to one’s personal information
- the right to prevent processing in certain circumstances
- the right to correct, rectify, block or erase information which is wrong
- Take appropriate technical and organisational security measures to safeguard personal information
The Informatics Committee’s responsibilities
- To ensure SBNS complies with data protection legislation
- To maintain the SBNS website
- To act as data guardians for SBNS data including logbook data, national audit data and membership data.
SBNS data security standards
Electronic membership data
- Secure password protected website with regular off site backup
- Local desktop computer in locked office and password protected
Medical Data held by SBNS
- As above but in addition
- Secure encrypted website (uses e-logbook site)
- All access controlled by SBNS informatics committee
Notes about the e-logbook data
- Data controllers for the e-logbook are the logbook users. Each is expected to register with the data protection commisioner.
- Speciality specific summary data is available and owned by the SBNS. Access to this data is controlled by the informatics committee.
- The informatics committee will not usually give access to data that relates to a single patient, doctor or hospital.