Carers (Scotland) Act 2016: privacy impact assessment
Updated privacy impact assessment (PIA) conducted for the Carers (Scotland) Act 2016.
Annex
Risk Register
Reviewed and Updated for Commencement on 1 April 2018
| Risk |
Solution or mitigation |
Result |
Relevant laws or frameworks |
|
|---|---|---|---|---|
| Adult Carer Support Plan ( ACSP) |
||||
| 1 |
Information may be collected, handled and stored inappropriately when the responsible authority prepares the ACSP. |
The responsible authority is required to carry out their functions under the Carers (Scotland) Act 2016 ("the Act") in a manner that respects both the common law duty of confidentiality, legal requirements, and the right to private and family life under Article 8 of the European Convention on Human Rights ( ECHR). The Scottish Government's view is that the Act does itself not impose obstacles to, or make any provision which threatens or undermines, or has the potential to threaten or undermine, respect for these rights. If the responsible authority uses an agent to process personal data for them, they must ensure that a controller-processer contract is in place. |
Reduced |
These apply to most of the solutions or mitigations. Additional laws and frameworks are provided where relevant. |
| 2 |
Information may be shared inappropriately when the responsible authority shares the ACSP with any other person the adult carer requests. |
As above. |
Reduced |
|
| 3 |
Provisions for the preparation of ACSPs may not comply with the rights of the cared-for person under article 8 of the ECHR. |
Article 8 of the ECHR is not an absolute right. It is possible, in individual circumstances, for a public authority to interfere with the right to respect for private and family life if the interference is in accordance with the law, is in pursuit of one of the legitimate objectives listed in article 8.2 and is proportionate. The Act provides safeguarding for privacy by providing for the responsible authority to disapply the requirement to share the information contained within the ACSP to the extent that the responsible authority considers that the provision of information would not be appropriate. As a public authority (within the meaning of the Human Rights Act), the authority will have to exercise this discretion in a manner which is compatible with the cared-for person's article 8 rights. |
Reduced |
|
| Young Carer Statement ( YCS) |
||||
| 4 |
The responsible authority must notify the named person if a YCS is prepared. This may be against the wishes of the young carer. |
The named person was introduced by the Children and Young People (Scotland) Act 2014 (" CYP Act"). It provides for a service of making available an individual who carries out the functions of the CYP Act in order to promote, support or safeguard the wellbeing of the child or young person. They will do this through a number of activities, including: advising, informing or supporting the child or young person or their parent; helping them to access a service or support; or discussing or raising a matter about that child or young person with a service provider or relevant authority. Section 12(6) of the Carers Act requires the responsible authority to notify the young carer's named person when the responsible authority offers a YCS under subsections (2) and (3) or a young carer requests a YCS under subsection (4). This provision is to ensure a more holistic approach to supporting a young carer's identified needs and health and wellbeing. The information to be shared with the named person is only relating to the fact that a young carer has either been offered or has requested a YCS. No sensitive personal information relating to the young carer should be disclosed under section 12(6). |
Reduced |
|
| 5 |
Information may be collected, handled and stored inappropriately when the responsible authority prepares the YCS. |
Solution or mitigation for risk 1 above applies. |
Reduced |
|
| 6 |
Information may be shared inappropriately with the named person under the provision to provide the young carer with the information contained within the YCS. |
Solution or mitigation for risk 1 above applies. The information will be treated in confidence and only relevant information may be shared. The information sharing provisions in section 26 of the CYP Act provide a number of tests to be considered in deciding whether sharing information with the named person is appropriate. Furthermore, the obligation is to share the information contained within the YCS, rather than the YCS itself. Furthermore, as with the ACSP, to safeguard that only the relevant information from the YCS may be shared, section 17(3) of the Carers Act disapplies the requirement to provide the information contained within the YCS to those persons identified in the Act to the extent that the responsible authority considers that the information would not be appropriate. |
Reduced |
|
| 7 |
Provisions for the preparation of YCSs may not comply with the rights of the cared-for person under article 8 of the ECHR. |
Solution or mitigation for risk 3 above applies. |
Reduced |
|
| Duty to provide support to carers |
||||
| 8 |
Information about the carer/young carer/cared-for person may be shared inappropriately with service providers under the duty to provide support to carers. |
Solution or mitigation for risk 1 above applies. Statutory guidance to accompany the Act will cover this issue. |
Reduced |
|
| 9 |
Information may be shared inappropriately under the duty to involve carers in carer services |
As above. |
Reduced |
|
| Carer involvement |
||||
| 10 |
Information relating to the cared-for person may be shared inappropriately if information sharing procedures and protocols are not followed. |
Solution or mitigation for risk 1 above applies. The responsible authority will also be expected to process any information collected in accordance with their data management and handling procedures. With regard to carer involvement in the hospital discharge of the cared-for person, pilots have been established to test the provision on carer involvement in the hospital discharge of cared-for persons. Feedback and evaluation from these pilots will help to inform implementation of the Act, and to identify any gaps or issues in information sharing procedures and protocols. |
Reduced |
|
| 11 |
Information from the ACSP or YCS is used to inform care for the cared-for person without the consent of the carer. |
Provisions in the Act state that this information must only be sought where it is reasonable and practicable to do so. This will allow the views of the carer to be sought before the ACSP or YCS is used. Statutory guidance to accompany the Act will cover this issue. |
Reduced |
|
| 12 |
Information relating to the cared-for person may be shared inappropriately with the carer and subsequently the carers views may be shared with the cared-for person, even though the carer does not wish that they be shared. |
As above. |
Reduced |
|
| Local Carer Strategies |
||||
| 13 |
In preparing the local carer strategy, the local authority will need to use data on carers and young carers within their area. This will allow the authority to determine demand for support and the level of unmet need. There may be a concern that this data could include personal details of individual carers and young carers. |
The data to be used for local carer strategies is likely to comprise of datasets derived from personal data, rather than the personal data itself (e.g. the number of carers accessing support in a local authority area, or what types of support are being accessed). |
Reduced |
|
Contact
There is a problem
Thanks for your feedback