Human Tissue (Authorisation) (Scotland) Bill: DPIA

The Data Protection Impact Assessment (DPIA) for the Human Tissue (Authorisation) (Scotland) Bill explores how the Bill impacts on personal data and privacy.

5. Questions to identify privacy issues

5.1 Involvement of multiple organisations

External Partners – Allow individuals to join the ODR

GP Surgeries / NHS Digital
Scottish Organ Donation Website

External partners – Subcontractors

APS Group ( GI Solutions) – Mailing Service, providing confirmation letters to registrants
Teleperformance – Organ Donor Helpline, checking and amending registrations, providing advice on Organ Donation to callers
NHS National Services Scotland – Scottish CH1 number batch tracing service
Automated Document Solutions – Manual input of paper registration forms
Northgate – IT development and maintenance contract for the bespoke ODR system

5.2 Anonymity and pseudonymity

The information held on the register is not anonymous. It is however, only accessible to the appropriate authorised individuals.

5.3 Technology

No personal data is gathered as a by-product of the ODR.

5.4 Identification methods

Unique identifiers are collected as part of an ODR registration. See section 3.2.

5.5 Sensitive/Special Category personal data

Special category data is sometimes collected as part of an ODR registration ( e.g. where the person provides their ethnic origin or religion). See section 3.2

5.6 Changes to data handling procedures

Paper ODR Registration Forms
Sent directly to the ODR Team via pre-marked envelope (in most cases)
Stored in lockable cabinets
When mailed in bulk, sent via courier service.
Retained for one week after processing and then destroyed via NHSBT confidential waste procedures. An exception applies for a sample of forms used for sample checking purposes. These will be retained for up to four weeks before being destroyed.

Electronic records
Sent via sFTP using XML files. Mailing files sent to GI Solutions are sent in CSV format. Occasionally sent via secure e-mail (business continuity when sFTP unavailable).

ODR Database
Records are stored on the Microsoft Azure Cloud ( NHSBT subscription)
Read only and write access processes in place and limited to a need to know basis
Role-based access catering for multiple different user groups.

5.7 Statutory exemptions/protection


5.8 Justification


5.9 Other risks

System testing

Currently the test environment is a copy of the live environment. Future ambitions are to continue to utilise real data but to 'scramble' and anonymise the personal identifiable information within the test environments.


Back to top