1. The National Data Guardian’s Review of Data Security, Consent and Opt-Outs IGA Conference 2016 Dame Fiona Caldicott 16 March 2016 N ational D ata G uardian

2. N ational D ata G uardian Earning public trust for the use of data Trust has always underpinned the health and social care system. Previous reviews emphasised the need for transparency – no surprises Lessons of the recent past tell us that much more needs to be done to earn trust Technological developments have outstripped public understanding as anxiety has increased Body of evidence about public attitudes is growing, with consistent themes emerging Opportunity to make progress

3. N ational D ata G uardian Public attitudes: consistent themes Timely studies looking at public attitudes: NICE, Wellcome Trust, ICO/University of Manchester. All echo current and previous reviews Low levels of public understanding Assumption that data is shared for direct care Generally people will support use of data for secondary purposes - if benefits are clear and opt-out available Increased understanding can mean increased willingness to share Privacy is important, but so is the greater good Controls and data security must be in place People want to be informed and given a choice

4. Review of data security and consent September 2015: Secretary of State commissioned review Care Quality Commission (CQC) to review current approaches to data security across the NHS The National Data Guardian asked to propose -a set of data security standards applicable across the NHS and social care system and method to assess compliance with CQC -new model of consent /opt outs N ational D ata G uardian

5. Review engagement Proposals developed iteratively with input from wide range of stakeholders, including: Patient and service user groups - focus groups with members and online survey of 400 patients Clinicians, Medical Royal Colleges, BMA Information Commissioner's Office (ICO) Service providers Commissioners Research community Civil society Providers of IT systems Data security experts N ational D ata G uardian

6. Review: data security Examples of good practice and most organisations are concerned about data security…but still issues with people, processes and technology. Need for simple, consistent standards Feedback on standards will be important N ational D ata G uardian

7. Review: consent/opt-out Low levels of understanding among public about how data is collected and used for purposes beyond direct care Most people trust NHS to do the right thing and want to see the benefits of data sharing Transparency and controls are important Complex to define an opt-out to apply across the health and care system More to be done to engage and inform the public about data sharing, its benefits and their choices N ational D ata G uardian

8. Next steps Publication of the Review is the first step Time needed for proposals to be further discussed and tested Public consultation recommended “The public” in England comprises 53 million individuals Engagement should be ongoing and two-way – a conversation Public, clinicians, commissioners, researchers and others must be involved N ational D ata G uardian