What we do

The Information Governance and Data Security Team are responsible for ensuring the Trust meets its legal obligations with regards to information and associated legislation including the Data Protection Act 2018, Freedom of Information Act 2000 and the Computer Misuse Act 1990. 

Our responsibilities include:

  • ensuring that employees are fully informed of their own legal responsibilities and that the public, including employees, are informed of their rights under the Act;
  • maintaining the accuracy and currency of the Trust’s Data Protection Notification;
  • ensuring organisational compliance and conformance with the Data Protection Principles;
  • ensuring completion of Data Protection Act compliance audits.
  • ensuring investigations into incidents or complaints about breaches of the Act are undertaken with reporting/remedial action taken as required;
  • ensuring an annual review of the Trust’s Registers for Databases, Dataflows, Caldicott and Information sharing protocols.
  • providing comprehensive reports to the Information Governance Strategy Group on the Trust’s compliance with Data Protection, Confidentiality and disclosure related provisions.
  •  ensuring that the Data Security and Protection Toolkit is completed on an annual basis.

Where are we based

  • South Tyneside - Harton Wing, South Tyneside District Hospital, Harton Lane, South Shields, Tyne and Wear, NE34 0PL

Who are we and how you can contact us?

James Carroll – Head of Information Governance and Trust, Data Protection Officer
South Tyneside Tel No 0191 4041000 Ext 3436
Mobile 07825 035985
Email: jim.carroll@nhs.net

Gillian Ronaldson - Information Governance Officer
South Tyneside Tel No 0191 4041000 Ext 3435
Email: gillian.ronaldson@nhs.net

Stacey Harn - Information Governance Officer
South Tyneside Tel No 0191 4041000 Ext 3437
Email: stacey.harn@nhs.net

Dr Paul McAndrew FRCA FFICM - Caldicott Guardian
Deputy Medical Director & Caldicott Guardian
Consultant in Anaesthetics & Intensive Care Medicine
Deputy Medical Director  – 42586/42907
Anaesthetics / ICCU Extension – 42446/7
Switchboard - 0191 565 6256
Bleep 51377
Email: paul.mcandrew@nhs.net

Dr Lawrence Gnanaraj – Deputy Caldicott Guardian
Assoc Medical Director | South Tyneside and Sunderland NHS Foundation Trust
Consultant Ophthalmologist | Sunderland Eye Infirmary, Sunderland, SR2 9HP
Chair | ICS – Eye Care Alliance, North East and North Cumbria
Assoc Medical Director  – 0191 5410036 (Internal: 40036/42037)  
Ophthalmology  – 0191 5699963 (Internal:49963)
Email: lawrence.gnanaraj@nhs.net

Cyber Security

Handwashing is something so routine to us all that it is carried out as a matter of habit and viewed as an essential part of keeping people safe. We all need to routinely display the same levels of care towards cyber security, to keep our patients - and ourselves - safe.

Good data and cyber security is our shared responsibility. Individual health and care organisations are accountable for their own cyber security, and all staff across the NHS have a role to play. Falling victim to cyber and security threats, inclulding phishing, password theft, tailgating and social engineering will have a direct impact on our patients.

NHS Digital's cyber security campaign, Keep IT Confidential, aims to drive cultural change by increasing the perceived importance and level of attention paid to data and cyber security by all staff in the NHS.

Whether you work directly with patients or in a vital support role, there are some simple effective steps that eveyone can take to protect patient data and create a safe culture of good cyber practices. Please see below links to the NHS Digital campaign posters and a leaflet which managers are encouraged to use in their staff areas.

Some key risks and areas to think about are:

  • weak passwords

Weak passwords risk breaches in patient confidentiality. The easiest way to protect yourself from cyber threats is by having a strong and varied password. Passwords are the best form of defence that we have to prevent unauthorised access, so make sure you keep them private and out of sight of others. The longer and more complex your password, the more difficult it is to crack.

  • phishing

Phishing is when hackers and criminals send unsolicited emails that contain attachments or links to try to trick people into providing access to information such as patient data, health care records or details of IT systems . If an email looks untrustworthy, forward it to spamreports@nhs.net and delete it.

Click here to watch an information video

  • tailgating

Tailgating is when unauthorised people gain entry to a building by following a staff member through physical security facilities (doors, barriers, gates, etc) to avoid detection. By letting people follow you, or swiping unauthorised people in, you could risk someone stealing patient data. Don't let unauthorised people follow you into restricted areas.

Click here to watch an information video

  • unlocked screens

Unlocked screens are an open invitation to patient data theft. Locking screens and logging out of systems help prevent people from accessing sensitive or confidential information. Keep your screens and devices locked when they're not in use.

  • social engineering

Social engineering involves criminals using tricks or decption to manipulate people into giving access to information such as patient data, health care records or details of IT systems. A social engineer might call and pretend to be a fellow employee, ask you to hold the door for them, or pose as a "friend" on social media channels. Challenge everyone who is unauthorised before giving out information or giving them access to secure areas.

Click here to watch an information video

Useful materials

NHS Digital have produced posters and a leaflet which teams can access and use in their areas. 

Generic poster

Generic A5 leaflet

Specific posters x 5

 

 

 

 

 

 

Return to Corporate