Supporting Caldicott Guardians across the UK


Caldicott Guardians offer an authoritative view on ethical and human rights and wrongs when considering the sharing of personal data. They seek to find a balance between an individual’s privacy and best interests, any risk of harm, and the public good. Their endeavour should result in the best possible answer in the circumstances. Caldicott Guardians are not established by a specific act of parliament and so have no directly related legal basis for their functions. There is however a complex framework of legislation, common law, non-statutory codes of practice and protocols which underpin everything they do.

In some complex situations, Caldicott Guardians may need to take legal advice, speak to other Caldicott Guardians or to the UK Caldicott Guardian Council before reaching a considered decision. Even if legally permitted, it may not follow that it is ethically right to disclose in particular circumstances. On the other hand, there may be occasions where the legal basis for sharing is unclear or disputed yet there is an overwhelming ethical imperative to disclose. It is important to appreciate that confidentiality is not necessarily absolute, and health care professionals need carefully to balance the importance of confidentiality against avoiding harm—to the confidant and to others who may benefit from disclosure.

The legal aspects which Caldicott Guardians particularly need to be familiar with are the Data Protection Act 2018, which incorporates the General Data Protection Regulation (GDPR), and the common law duty of confidentiality. Other relevant legislation is described on this page

Ethical considerations

It is generally agreed that data should be used in the 'right way', but for many the ethical aspects of doing so remain unclear. Many will recognise an ethical duty to 'do good', and possibly a corresponding duty to 'do no harm', but two other ethical considerations — autonomy and justice are less often recognised. These ethical considerations are known jointly as the four pillars of ethics:

  • Autonomy – respect for the patient’s right to self-determination;
  • Beneficence – the duty to ‘do good’;
  • Non-Maleficence – the duty to ‘not do bad;’
  • Justice – treat all people equally and equitably.

There are always consequences, either foreseen or unforeseen to any course of action, but there will also be consequences of 'not doing something'. Caldicott Guardians are often asked whether information may be disclosed or not. When making such choices, the consequences of not sharing should be considered along with the consequences of sharing. Whilst there may always be some unforeseeable consequences, rigorous efforts should be made to ensure, that as far as possible, both the likely and the unlikely consequences are considered.

Situations in the real world are often complex and it may not be possible to respect all four pillars of ethics equally at the same time. There may be situations where the duty to do good for an individual may result in harm being done to the individual or to others, and the needs of individuals should be balanced against the need to protect society, for example with communicable diseases, and where there is risk of violence. There is also an inherent danger where decisions are made by a single individual that their own personal views may colour their judgement. The need to respect a patient's right to self-determination may be influenced by a professional’s strong belief that their view is more informed and so should prevail over that of the patient.

A decision which may seem reckless to others may simply reflect a personal belief system and wishes. A patient with cancer might wish to discontinue treatment if they felt that their treatment was impairing their quality of life, and this should not necessarily indicate a lack of mental capacity. Although an individual’s autonomy should normally be respected there may occasionally be unintended consequences, for example the desire of a terminally ill patient to die at home may impact on other members of the household who are either unwilling or unable to care for them.

Public safety must also be considered and balanced against the wishes and autonomy of an individual. It is expected that cases of serious crime will be reported to the police, but it is not always clear what this means in practice. A case of rape should normally be reported, but the victim might object — creating a dilemma between the need to protect the public and respecting the autonomy of the victim. The apprehension, trial and conviction of a rapist would be good in terms of public safety, but it is possible that the experience of a trial might add to the victim's suffering.

Caldicott Guardians are often faced with such dilemmas where there is no clear, 'right' answer. It is often a case of finding the 'best possible' answer or the 'least worst' option”. It is therefore important that the decision-making process is documented, recording all the factors that have been considered. This is particularly important as Caldicott Guardians are frequently expected to make wise decisions based only upon the information that has been supplied. There may be other factors which might have led to a different decisions, had they been aware of them. Documenting the process helps to provide a consistent, structured approach to decision making, and may lead to a realisation that additional information is required before reaching a conclusion.

This page last updated 17th December, 2018