3.2 INFORMATION GOVERNANCE AND DATA PROTECTION STRATEGY NNPC recognises the need for an appropriate balance between openness and confidentiality in the management and use of information. Information Governance requires the organisation to set a high standard for the handling of information. The aim is to demonstrate that we can be trusted to maintain the confidentiality and security of personal information, by helping individuals to practice good information governance. NNPC’s Data Security and Protection Toolkit overall score for 2021/22 was ‘standards met’ . NNPC has appointed an external Data Protection Officer (DPO) and the information Governance Lead and SIRO meet every other month to discuss IG risks and how these are managed. The fair processing, privacy notices and systems access lists are reviewed annually and approved by the Data Protection Officer.
The NPPC Senior Information Risk Officer (SIRO):
• leads and fosters a culture that values, protects and uses information for the success of the organisation and benefit of its customers. • owns the organisation’s overall information risk policy and risk assessment processes and ensuring they are implemented consistently by Information Asset Owners / Administrators. • Owns the organisation’s information incident management framework. The nominated NNPC Caldicott Guardian is a member of the Board, alongside with the SIRO and the DPO, is committed to the privacy of its patients, staff, and the public. In the year 2021/22 there has been no data security or data protection incidents reported. The annual data security audit did not highlight any issues. This was validated by the DPO.
NNPC Information Governance Framework
NNPC Quality Account 2021/22
12|Page
Made with FlippingBook - Online Brochure Maker