Planned application developments which will contain personal information on members of the public or departmental staff are summarised in the following table. Year relates to expected year of implementation.
Any personal data stored on the Department’s databases are subject to the Data Protection Act and to our own, internal data protection policy.
Following the publication of the cross government data handling review in June 2008, new projects and programmes that hold significant amounts of personal data are obliged to conduct privacy impact assessments.
Year Database Description 2009-10 Hospitality Reporting Staff hospitality details and declarations of interest 2009-10 Public Bodies Data on the membership of all the Department’s sponsored public bodies 2009-10 Third Sector Funding Grant applications and award monitoring process 2009-10 The National Pandemic Flu Service Pandemic flu information management system 2011-12 Electronic Exchange of Social Security Information (EESSI) Details of medical treatment received while abroad and evidence of entitlement. System to be jointly managed with Department for Work and Pensions and Customs and Revenue n/k e-Directory Contact details for departmental staff and external contacts. Under consideration, but on hold; likely to be implemented sometime within the next five years NHS Choices n/k Contact management system Information on service providers who support the NHS Choices programme. Timing uncertain but likely to be in the next two years Medicines and Healthcare products Regulatory Agency (MHRA) MHRA are not developing, and have no plans to develop, any databases containing personal information in the next five years NHS Purchasing and Supply Agency (PASA) PASA are not developing, and have no plans to develop, any databases containing personal information in the next five years NHS Connecting for Health There are a number of programmes which are either in the planning or initiation phase. The datasets for these programmes will be developed as a consequence of the detailed analysis within each specific programme and it is, therefore, not possible to provide the requested detail at this stage. NHS Connecting for Health operate a comprehensive Information Governance programme with which all programmes must comply. The specific detail of future datasets will be submitted to the Information Standards Board for review and evaluation at the appropriate time within each programme
We are aware of only one attempt to gain unauthorised access to departmental databases or information and communication (ICT) systems in each of the last five years. A web page defacement resulted in a website page being altered without permission. There was no data loss, nor were any sensitive files compromised.
Attempts Successful attempts Databases ICT Systems Databases ICT Systems 2004-05 0 0 0 0 2005-06 0 0 0 0 2006-07 0 1 0 1 2007-08 0 0 0 0 2008-09 0 0 0 0