We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Impact assessment

Work First Scotland: privacy impact assessment

Published
13 October 2017
Part of
Equality and rights, Work and skills
ISBN
9781788511483

Privacy impact assessment for our Work First Scotland programme, which will provide employability support for disabled people under the terms of the Scotland Act 2016.

View supporting documents Supporting documents

8. Incorporating Privacy Risks into planning

Explain how the risks and solutions or mitigation actions will be incorporated into the project/business plan, and how they will be monitored. There must be a named official responsible for addressing and monitoring each risk.

Risk Ref How risk will be incorporated into planning Owner

Mismanagement by DWP staff – eg claimants who are not eligible for WFS are referred in error and therefore data shared inappropriately

DPF 01
  • Risk will be monitored by the DWP/ SG Joint Operational Performance Group

JCP Integration Team Leader

Personal data is mis-managed by SG service providers

DPF 02
  • Risk will be monitored by CPOT team as part of regular compliance checks and Contract Performance Meetings.

Service Delivery Team Leader

Personal data is mis-managed by SG staff

DPF 03
  • Risk will be monitored by CPOT team leader

Service Delivery Team Leader

Systems: there is the potential for systems to be hacked, giving access to personal data.

DPF 04
  • Risk will be monitored by the DWP/ SG Joint Operational Performance Group?

JCP Integration Team Leader

General Data Protection Regulation – Fair Processing Notices do not meet new standard.

DPF 05
  • Fair Processing Notices have been reviewed and amended to meet new standards.
  • This PIA report will be reviewed in 6 months’ time at which time compliance with the new standard will be considered.

Service Delivery Team Leader

The SRO referral process introduces additional risk that personal data will become accessible.

DPF 06
  • Risk will be monitored by CPOT team as part of regular compliance checks and Contract Performance Meetings.

Service Delivery Team Leader

Contact

Back to top