The Pan-London DSA working group approach
As part of our Pan-London Data Sharing (DSA) project, Information Governance for London (IGfL) acts as coordinator, with a working group for each DSA. The working group is an experienced selection of professionals in multiple specialisms from local authorities, health and police, who have engaged with front-line practitioners and other local agencies, like the voluntary sector. Each working group is led by an information governance professional from a London borough, part of the IGfL membership, and incorporates professionals specialising in public sector duties, police procedures and crime prevention, information governance, and law
The working group members create a DSA, and a Data Protection Impact Assessment (DPIA). Multiple meetings and review periods take place. The group consults with any relevant colleagues to ensure the agreement is legally and factually correct, and accurately describes the data sharing and the lawful basis justification for the work. This liaison may involve other groups, such as the London Safeguarding Children Partnership or the London Heads of Community Safety. A final version is then published for signature by all parties.
Agreement of the DSA
A DSA is an agreement between equal partners and each organisation has a responsibility to ensure it is correct and reflects their situation. However, coordinating the preferences of scores of parties is a struggle. The working group approach is designed to allow relevant professionals to develop an agreement without input from every party. The project provides confidence to all parties that a completed DSA includes all relevant information and requirements.
Can organisations propose changes?
We hope that all parties can feel confident that an experienced group of professionals from multiple specialisms has included all relevant information and requirements. The working group members work to a structure and language that meet the requirements of all and avoids any personal or organisational preference for structure, language or design. Therefore, we request that changes are only proposed where you believe there are material, factual errors. All DSAs will be reviewed on a regular basis and any requested changes can be considered in the reviews.
Can we add appendices or other documents to this DSA?
Each organisation is expected to have local protocols, policies and processes that cover the local specifics of its work under each DSA. These documents complement the DSA and should sit alongside it, but not added to it. The DSA is for all parties across London and so local changes cannot be made.
Undertaking a Data Protection Impact Assessment
The sensitivity and volume of the personal data, and the vulnerability of the data subjects, means that the sharing under each DSA is processing that most likely requires a Data Protection Impact Assessment (DPIA). Each working group produces a high-level DPIA which is published as part of the DSA. It is suggested that each organisation can use this DPIA and include a ‘top-up’ for any specific local risks. A template for this top-up is provided, to use in whole or part (or not at all) as you wish.
DSA publication and agreement
All London boroughs have a licence funded by the GLA. Other partners may choose to purchase a licence, or free registration is available, which provides for a small number of users to sign DSAs only.
A DSA will be reviewed when it meets its review date. In addition, changes in legislation and developments in the areas of public sector data sharing will be considered as and when they arise, as will any changes to the signatory parties.
A review assesses whether the purposes for sharing remain relevant, that the scope has not slipped, that the benefits to the data subjects and organisations are being realised, and that the procedures followed for information security are effective.
For more information on the latest updates from the pan-London DSA project, visit the project page.