Data protection protects people's rights in relation to how their personal information is used. The Data Protection Act 1998 is the UK law which sets out the requirements of data protection.
NHS National Services Scotland takes its duties under the Data Protection Act seriously, and in a number of ways. Some of these are listed below:
NSS Privacy Notice
We have developed a 5-page leaflet which describes the many different ways we use personal information [583 Kb].
NSS entry in the Information Commissioner's Register of Data Controllers
To comply with the law, NSS has registered with the Information Commissioner's office. Our register entry can be viewed at the Information Commissioner website. Search using 'NHS National Services Scotland' in the 'Name' field.
Access to Your Personal Information
You can find out if we hold any personal information about you by making a 'subject access request' under the Data Protection Act 1998.
If you would like to do this please complete a 'Subject Access Request form' . Our form asks for proof of identity and also for a £10 fee to cover administrative costs. Once we have received your completed form and fee, we must respond to you within 40 days.
National Fraud Initiative
Together with other Scottish public sector organisations, we are required to participate in the National Fraud Initiative. As part of this, we provide staff payroll information for data matching. Data matching involves comparing sets of data, such as the payroll or benefits records of a body, against other records held by the same or another body. Further information about the National Fraud Initiative is available from Audit Scotland.
Visitors to our website
Information about how we use information about you when you use our website is available in our Privacy Statement.
Data Protection Advisor
NSS has a Data Protection Advisor who is responsible for advising on and monitoring data protection practice on how we use personal information across the organisation. You can e-mail queries about Data Protection in NSS to our Data Protection mailbox at email@example.com.
Our Caldicott Guardian leads NSS in protecting the confidentiality of patient information. The Caldicott Guardian is responsible for advising on, agreeing and reviewing protocols governing the protection, use and disclosure of information about, or that identifies, patients. You can e-mail queries about patient confidentiality in NSS to our Caldicott mailbox at firstname.lastname@example.org.