beta

You're viewing our new website - find out more

Publication - Report

Work First Scotland: privacy impact assessment

Published: 13 Oct 2017
Part of:
Equality and rights, Work and skills
ISBN:
9781788511483

Privacy impact assessment for our Work First Scotland programme, which will provide employability support for disabled people under the terms of the Scotland Act 2016.

26 page PDF

361.8kB

26 page PDF

361.8kB

Contents
Work First Scotland: privacy impact assessment
8. Incorporating Privacy Risks into planning

26 page PDF

361.8kB

8. Incorporating Privacy Risks into planning

Explain how the risks and solutions or mitigation actions will be incorporated into the project/business plan, and how they will be monitored. There must be a named official responsible for addressing and monitoring each risk.

Risk Ref How risk will be incorporated into planning Owner

Mismanagement by DWP staff – eg claimants who are not eligible for WFS are referred in error and therefore data shared inappropriately

DPF 01

  • Risk will be monitored by the DWP/ SG Joint Operational Performance Group

JCP Integration Team Leader

Personal data is mis-managed by SG service providers

DPF 02

  • Risk will be monitored by CPOT team as part of regular compliance checks and Contract Performance Meetings.

Service Delivery Team Leader

Personal data is mis-managed by SG staff

DPF 03

  • Risk will be monitored by CPOT team leader

Service Delivery Team Leader

Systems: there is the potential for systems to be hacked, giving access to personal data.

DPF 04

  • Risk will be monitored by the DWP/ SG Joint Operational Performance Group?

JCP Integration Team Leader

General Data Protection Regulation – Fair Processing Notices do not meet new standard.

DPF 05

  • Fair Processing Notices have been reviewed and amended to meet new standards.
  • This PIA report will be reviewed in 6 months’ time at which time compliance with the new standard will be considered.

Service Delivery Team Leader

The SRO referral process introduces additional risk that personal data will become accessible.

DPF 06

  • Risk will be monitored by CPOT team as part of regular compliance checks and Contract Performance Meetings.

Service Delivery Team Leader


Contact