Digital Obsolescence February 2020

Digital Obsolescence February 2020

DIGITAL OBSOLESCENCE FEBRUARY 2020 This Policy supersedes all previous policies for Data Protection Policy title Digital Obsolescence Policy COR71 reference Policy category Corporate Policies Relevant to All Staff Date published February 2020 Implementation date Date last reviewed Next review February 2023 date Policy lead Mahwish Noor, Information Governance Manager Contact details Email: [email protected] Telephone: 020 3317 7100 Accountable Jeffrey Boateng, Director of Clinical Information Management Director Approved by Information Governance Steering Group (Group): Approved by (Committee): Audit and Risk Committee Document Date Version Amendments history September 1 New 2019 Membership of the Policy development/ Information Governance Manager review team Consultation Members of the Information Governance Steering Group Summary 1. The legislative requirements that the Trust must comply with and how this affects the ongoing collection and maintenance of personal data. 2. How to ensure that the Trust’s digital resources remain authentic and accessible both in the present and the future to anyone who needs them. 3. How the Trust will ensure the ongoing preservation of its Information Assets DO NOT AMEND THIS DOCUMENT Further copies of this document can be found on the Foundation Trust Intranet. 2 SUMMARY: DIGITAL OBSOLESCENCE POLICY Purpose of this policy The purpose of this Policy is to ensure that the Trust‟s digital resources will remain authentic and accessible in the future to anyone who needs them. To do so it must counter the threats of rapid technological obsolescence and the inherent fragility of digital media, by providing mechanisms to identify and predict the impacts of those threats to its resources, and to plan and execute appropriate preservation strategies to mitigate these impacts. Who it applies to Applies to all those employed by the Trust, including students, volunteers, contractors, temporary staff or any individual carrying out work on behalf of the Trust as well as Third Parties and Suppliers who may hold information belonging to the Trust. What it includes in detail Policy describes how to manage, preserve and, where it is no longer necessary, destroy digital information and data processed by the Trust with current data protection legislation. It provides a high-level overarching framework within which employees are expected to conduct their day-to-day activities, and how the Trust is expected to manage its information. Important points for all staff The Trust shall carry out audits to ensure that its digital resources follow principles that, in turn, ensure that digital records are, and remain, trustworthy and accessible. Record creators should consider the preservation of digital content at the point of its creation to ensure that records, deemed sufficient in value to be preserved for the long-term, are created in a manner that will facilitate their preservation. The information shall be allocated to an Information Asset Owner (IAO) who shall be responsible for its appropriate. In regard to archive; at the point of accession into the archive, digital records shall be properly screened and documented to ensure the „chain of custody‟ is maintained, the records retain authenticity and that the digital preservation process begins with good quality data and metadata. The deletion of digital resources and metadata shall only be allowed under controlled and authorised circumstances. Additionally includes The Trust collects and maintains substantial amounts of digital information regarding patients and the Trust‟s operations. The information that the Trust collects and maintains is used constantly, to facilitate the wellbeing of patients and employees, and to maintain Trust operations. Therefore, it is essential that digital information can be managed in a way that will ensure the long-term use of the data. 3 Contents 1. Purpose ......................................................................................................................... 5 2. Scope ............................................................................................................................ 5 3. Applicability .................................................................................................................... 6 4. Terminology ................................................................................................................... 6 5. Policy ............................................................................................................................. 6 6. Monitoring and Evaluation .............................................................................................. 8 7. Related Policies ............................................................................................................. 9 4 1. Purpose 1.1. Camden and Islington NHS Foundation Trust (hereafter referred to as “the Trust”) collects and maintains substantial amounts of digital information regarding patients and the Trust‟s operations. The information that the Trust collects and maintains is used constantly, to facilitate the wellbeing of patients and employees, and to maintain Trust operations. Therefore, it is essential that digital information can be managed in a way that will ensure the long-term use of the data. 1.2. The purpose of this Policy is to ensure that the Trust‟s digital resources will remain authentic and accessible in the future to anyone who needs them. To do so it must counter the threats of rapid technological obsolescence and the inherent fragility of digital media, by providing mechanisms to identify and predict the impacts of those threats to its resources, and to plan and execute appropriate preservation strategies to mitigate these impacts. 1.3. This Policy describes how to manage, preserve and, where it is no longer necessary, destroy digital information and data processed by the Trust, in accordance with the Data Protection Act 2018 (DPA 2018). It provides a high-level overarching framework within which employees are expected to conduct their day- to-day activities, and how the Trust is expected to manage its information. 2. Scope 2.1. This Policy relates to information resources held by or on behalf of the Trust in digital form. These can be categorised as follows: „Born-digital‟ resources, which were created and managed electronically for business purposes; „Made-digital‟ resources which were created in non-digital form but have been subsequently converted to digital form; and „Remade‟ digital resources. These were created digitally, have been managed in non-digital form for business purposes (e.g. under a „print to paper‟ policy), but have been subsequently re-digitised for business, preservation or access purposes. 2.2. Data can be created in two common methods: software / hardware; a physical format e.g. a paper document or photographic techniques. 2.3. Preservation spans the full lifetime of data. Different formats will have different life spans. For example, the longevity of a Compact Disc (CD) will be affected by disc rot (oxidation of reflective layer) and UV light exposure over time. At the end of this lifetime, data and the resource upon which it is stored should be securely removed, destroyed, or overwritten. 5 3. Applicability 3.1. This Policy applies to all those employed by the Trust, including students, volunteers, contractors, temporary staff or any individual carrying out work on behalf of the Trust as well as Third Parties and Suppliers (hereafter collectively referred to as “Employees”), who may hold information belonging to the Trust. Suppliers are expected to follow this approach unless specifically excluded or where conditions have been applied within the procurement and contract management process. 3.2. All Employees are expected to comply with this Policy at all times, including outside of regular working hours, to protect the privacy, confidentiality and interests of the Trust, its services, staff, partners and service users. 4. Terminology Term Meaning / Application SHALL This term is used to state a mandatory requirement of this Policy SHOULD This term is used to state a recommended requirement of this Policy MAY This term is used to state an operational requirement of this Policy 5. Policy 5.1. While digital technology continues to evolve, there is an ongoing requirement for the Trust to access and use the data and information held upon its systems and devices, as well as information processed through or held on its behalf by Third Parties. The Trust shall carry out audits to ensure that its digital resources follow principles that, in turn, ensure that digital records are, and remain, trustworthy and accessible against the following criteria: 5.1.1. Authenticity – the Trust shall carry out regular audits to ensure that digital records have not been subject to unauthorised or accidental alteration, corruption or loss; 5.1.2. Integrity – the Trust shall maintain a thorough audit trail of actions that have been carried out through the lifecycle of a digital record; 5.1.3. Reliability – all archival processes and procedures undertaken to preserve digital records shall be fully documented and subject to audit; and 5.1.4. Usability – the Trust shall preserve digital records held in line with best practice and provide sufficient metadata to allow the records to be located, retrieved and interpreted. 5.2. Record creators should consider the preservation of digital content at the point of its creation. This is to ensure

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    9 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us