Error message

Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2405 of /homepages/3/d274688683/htdocs/devdrupalseven/includes/

The Privacy Advisory Committee

The Privacy Advisory Committee (PAC) advises on the correct balance between protecting personal data and making data avalible for research, audit and other important uses, and monitors and advises that any releases of information are carefully controlled.

For example, permission to use data held by NHS National Services Scotland, NHS Central Records and National Records of Scotland (NRS, formerly GROS and NAS) is obtained under PAC scrutiny.

PAC takes a proportional approach to governance by considering four key issues:

  1. Identifying what is at stake? The Good Governance Framework is a living instrument that reflects the core purposes of SHIP, sets high standards for the workings of SHIP, and provides a template to identify the core issues that should be taken into account when deciding on appropriate data linkages and associated downstream terms and conditions.
  2. Who is involved and who is responsible? SHIP provides detailed guidance to data controllers and data stewards (such as Caldicott Guardians) on their primary responsibilities and also offers a streamlined and supported mechanism to receive one-stop advice on requests for data use and linkage.
  3. What are the beliefs, burdens and risk involved with each application? PAC's decision-making systems ensure that core considerations are taken into account, together with robust privacy impact assessment, which helps to identify the particular governance issues related to each application.
  4. What is an appropriate research pathway for each application? This is about engaging the right people and principles and directing applications down the right governance pathway. Under the SHIP model, applications which are given a privacy risk category of 0 or 1 will not have to be reviewed routeinely by PAC, applications which are given a category of 2 will go through a 'fast-track' PAC review process and applications which are 3 must go through the full PAC review process. A data controller can request at any time that a given application be subject to full PAC review.

For more information please see the PAC website.