beta

You're viewing our new website - find out more

Publication - Report

Work Able Scotland: privacy impact assessment

Published: 13 Oct 2017

Privacy impact assessment for our Work Able Scotland programme, which will provide employability support for people at risk of long term unemployment as a result of a health condition.

16 page PDF

326.1kB

16 page PDF

326.1kB

Contents
Work Able Scotland: privacy impact assessment
7. Risks identified and appropriate solutions or mitigation actions proposed

16 page PDF

326.1kB

7. Risks identified and appropriate solutions or mitigation actions proposed

Is the risk eliminated, reduced or accepted?

Risk Ref Solution or mitigation Result
Mismanagement by DWP staff – eg claimants who are not eligible for WAS are referred in error and therefore data shared inappropriately DPA 06
  • A programme of awareness raising activity ahead of go-live will make JCP Work Coaches aware of WAS eligibility criteria.
  • JCP Work Coaches will be provided with a decision tree and other materials on their intranet to help them make referrals correctly.
  • An SG/ DWP Operational Delivery Group will monitor the quality of referrals and take steps to address any issues identified.
As a result, this risk is reduced, but not eliminated. It can be accepted on the grounds that monitoring referrals will be a central role of the Operational Delivery Group.
Personal data is mis-managed by WAS contracted providers DPA 07
  • Expectations of WAS contracted providers as data processor set out with the Work Able Scotland programme Rules (Part Three, Section D, Para 7)
  • WAS contracted provider security plans reviewed and approved by SDS Skills Investment Advisors.
  • Regular contract management site visits
  • Process in place in relation to any complaint or request made in respect of any personal data.
  • Mitigation of risk embedded in WAS Programme Rules and monitored via SDS WAS contract management.
Accept – risk is low
Personal data is mis-managed by SDS staff DPA 08
  • Personal data transferred via secure routes to a limited number of authorised personnel
  • Secure storage for electronic and hard-copy data
  • Regular review of SDS security arrangements
  • Mitigation of risk embedded in WAS Programme Rules and monitored via SDS WAS contract management.
Accept – risk is low
General Data Protection Regulation – Fair Processing Notices do not meet new standard. DPA 09
  • This PIA will be reviewed after 6 months at which time any necessary amendments will be made to align with the new standard.
Accept – risk is low
Transfer of referral form via clerical process introduces the risk of personal data being inappropriately shared DPA 10
  • Established practices in place between DWP and SDS to safeguard the transfer of information, mirroring the existing process for Employability Fund.
  • Experience of similar arrangements (eg for Employability Fund) indicates low risk.
  • Mitigation of risk embedded in WAS Programme Rules and monitored via SDS WAS contract management.
Accept – risk is low

Contact