Supporting Caldicott Guardians across the UK


Council Meeting 15th August 2019


Dr Chris Bunch (Chairman), Sandra Lomax (Vice Chair), Carey Bloomer, Helen Dyer, Christopher Fincken, Andrew Harvey, Tim Kendall, Dr Cait Taylor.


Dr Tony Calland (CAG), Natasha Dunkley (CAG), Dawn Monaghan (NHSX), Heather Thomas (NHSD).


Professor Paul Dargan, Surg Cdr Catherine Powell, Dr Maria Rossi, Ross Thornton (NDGO).


Professor Martin Crook, Dr Arjun Dhillon, Stephen Hinde, Mr Adrian Marchbank, Professor Alison McCallum, Dale Phillipson, Richard Powley, Alison Walne, Gill Weatherill, Air Commodore Withnail, Dr Fenella Wrigley

Conflicts of interest from Sandra Lomax and Christopher Fincken (as training providers) were noted.

Chairman’s update 

The Chairman updated council members on his recent activities including attending the NDG’s Panel, speaking about the UKCGC at the Sussex-wide Information Governance Group’s second annual conference in Eastbourne, and participating in a panel debate on the perception of information governance as a blocker to technology at the Digital Healthcare Show.

Dr Bunch also reported on recent trip to NHS Digital and NHS England offices in Leeds where he met with a number of teams including the Digital Delivery Centre, National Record Locator Service and the Secondary Uses Data Governance Tool.

Vice Chair update

The Vice Chair updated council members regarding recent discussions with the Police and promoting the missing persons guidance the UKCGC produced in collaboration with the police force earlier in the year. 

Regional networks updates

The North network provided an update to council members on the UKCGC North network workshop that was held on 5 July 2019. 

The London network provided details of their recent meeting on 19 June 2019.  

The changing relationships of the Caldicott Guardian 

Council discussed the changing relationships of the Caldicott Guardian role with other senior information governance roles such as Senior Information Risk Owner (SIRO) and the new statutory requirement for a Data Protection Officer (DPO). Neither the Caldicott Guardian nor the SIRO have statutory roles but are de facto mandatory requirements through Health service Circulars and the Data Security Protection Toolkit (DSPTK). Dr Bunch is preparing a paper for the National Data Guardian’s Panel to discuss.

NHSX updates

Dawn Monaghan Head of Data Sharing and Privacy at NHS X dialled into the meeting to provide Council members with updates on the Local Health and Care Record Exemplar (LHCR) IG framework, the Code of Confidentiality and the organisational status and structure of the recently formed NHSX. Dawn advised that the latest iteration of the LHCR framework had been reviewed by the National Data Guardian’s Steering Group and NHSX are aiming to publish the framework during September 2019. 

NHSX is responsible for cross system Information Governance, to support this they are progressing with a relaunch of the Information Governance Alliance which will be called the National Information Governance Board. NHSX have shared a survey on potential guidance with stakeholders and this will inform their priorities.

Confidentiality Advisory Group

Dr Tony Calland and Natasha Dunkley presented an overview and updates to council members regarding the work of the Confidentiality Advisory Group (CAG). Council members were particularly interested in the Section 251 application process and the focus on the Common Law Duty of Confidentiality.  Dr Calland discussed the focus on ensuring applications have considered consent, public engagement, transparency and the ability to opt out appropriately. CAG is keen to raise awareness with applicants that it a privilege to have access to data and it is critical to maintain trust as this is the very foundation of the doctor patient relationship..

Workforce cyber campaign

Heather Thomas from NHS Digital attended to show council members the proposed materials to support the workforce cyber security campaign. The content included a series of posters and key messages designed to raise awareness of cyber security issues by connecting them to clinical and administrative security themes. Council members raised some considerations for the communications team regarding use of the word confidential and the potential impact this could have on data sharing messages aligned to Principle 7. 

Council members are keen to support the proposed staged roll out of the campaign across the NHS and then into social care. NHS Digital agreed to share the portal links to the workforce cyber campaign materials for the UKCGC to distribute through our networks.

ICO Report

A report by Freddie Baker from the Information Commissioner’s Office (ICO) responding to council members queries was discussed. These included included enquiries regarding the burden of Subject Access requests (SARs), data breach incident reporting and General Data Protection Regulation (GDPR) guidance.

Requests for Advice 

The Council discussed recent requests for advice that have been received by the UKCGC mailbox or raised on the Digital Health Caldicott Guardian forum. These requests included topics such as medical negligence documentation, archived records, and audio recording at safeguarding meetings. 

Full details of requests for advice can be provided upon and are also available to view as discussion topics on the digital health Caldicott Guardian forum.

Any other business

A query regarding the National Data Opt-out policy and organisational compliance raised by Mr Adrian Marchbank was discussed.


Chris Bunch