New Data Protection Qualification Syllabus Receives Endorsement

Act Now Training is pleased to announce that the syllabus for its new Data Protection Practitioner Certificate has been endorsed by the Centre for Information Rights.

DPP FlyerThe Data Protection Practitioner Certificate is a new qualification for those who work with Data Protection and privacy issues on a day-to-day basis. The course syllabus has been designed in consultation with an independent exam board of well-known data protection experts from the public and private sectors in the UK and Europe. It is intended to give candidates a balanced view and understanding of data protection law and everything they need to know to manage the Data Protection Life Cycle. Candidates will also gain a head start in understanding and implementing the proposed EU Data Protection Regulation (expected to be finalised in 2015).

The Centre for Information Rights is one of the University of Winchester’s Research Centres and is established within the Department of Law. It aims to:

  • Provide a focus for research in Information Rights;
  • Contribute to developing policy and practice;
  • Explore ways of exchanging knowledge with subject matter experts, practitioners, students and other academics;
  • Contribute to training and educational activities;
  • Engage with the local and wider community to provide opportunities for information issues to be debated.

Marion Oswald, Solicitor and Head of the Centre, said:

“The Centre for Information Rights is pleased to endorse the syllabus of Act Now’s Data Protection Practitioner Certificate. The syllabus is focused on providing practitioners with a practical understanding of data protection and knowledge of how the law may change in the future.”

The course takes place over four days (one day per week) and involves lectures, assessments and exercises. This is followed by some online training sessions and a written assessment. Candidates are then required to complete a practical project (in their own time) to achieve the certificate. Commenting on the syllabus endorsement, Ibrahim Hasan (Solicitor and Director of Act Now Training) said:

“We are very pleased that the quality of our new course syllabus has been recognised by the Centre for Information Rights. We are confident that by undertaking the course, delegates will achieve a truly practical understanding of data protection law and will be prepared for the big changes on the horizon in the shape of the proposed EU Data Protection Regulation.”

This new course builds on Act Now’s reputation for delivering practical training at an affordable price. We were the first company in the UK to launch a dedicated Freedom of Information qualification for the Scottish public sector. The Act Now Practitioner Certificate in Freedom of Information (Scotland) is endorsed by the Centre for FOI based at the University of Dundee. Professor Kevin Dunion (formerly the Scottish Information Commissioner) is the Executive Director of the Centre for FOI and has recently chaired a review of our first year.

To learn more about the Act Now Practitioner Certificate in Data Protection please see our website or download the flyer.

To Share or not to share, that is the question


As many data protection practitioners are well aware, there is a whole raft of legislation affecting the sharing of personal data. There are laws to tell us we must share. There are laws to tell us we absolutely must not share. There are laws that say we can share specific personal data with specific named bodies. There are laws that suggest implicitly that we can share, maybe, if the wind is blowing in the right direction that day…but we could always be challenged on that sort of sharing. It’s a minefield for your data protection officer who dreads that question “Can we share that data?” The response inevitably, and somewhat unhelpfully, is often “Well, it depends….”. With monetary penalties available to the Information Commissioner of up to £500,000 if your organisation gets it horribly wrong, it’s hardly surprising such organisations are often risk-averse when it comes to data sharing with other third parties.

It seems almost impossible for any one individual to be knowledgeable about all of these different rules, hidden within numerous Acts of Parliament, Regulations, and Statutory Instruments (There is no consistent way of publishing these). Take for example birth and death data. Local authorities need to know where new-born babies are, not only to plan future school places but also to meet statutory Ofsted reach targets which require them to contact the new parent or parents to offer services for the child. It would seem obvious to acquire that information from their local authority registration service. Yet the Office of National Statistics point out that Statistics and Registration Service Act 2007 explicitly prohibits the local registration service from passing that information to its local council, its own employer, except for public health purposes.

The Law Commission, which has been studying this issue for the last year, says that it has only just begun to scratch the surface regarding the huge amount of different pieces of legislation that contain references to data sharing. It looks set to recommend this month to Government that there should be a full review of the law relating to information and personal data sharing.

Government Proposals

The Government has for some time realised that this is a problem and wishes to “develop a better understanding of the economy and society, deliver more targeted and joined-up public services, and save public money lost through fraud, error and debt ” through effective, and legal, information sharing.

Current legislative and cultural barriers have resulted in a cottage industry of data sharing agreements between government departments and other partners, which can take time and resources to put in place. The government is well aware, at a time when Care.Data is the elephant in the room, that trust is a key issue in this process. How can the government ensure sensible data sharing to provide more efficient and less costly services for the public, which complies with all relevant legislation (the Data Protection Act 1998, the Human Rights Act 1998 and the more tricky issue of the unwritten common law duty of confidentially) and maintain the trust of the public? To address this it has decided to launch an open policy making process:

The intention is to embark upon an open policy process that brings together those inside and outside government interested in maximising the benefits and minimising the downsides to citizens of personal data sharing within government.”

The Cabinet Office, in collaboration with other government departments, is leading on the work, driven by Cabinet Minister Francis Maude, who is responsible for the Government’s transparency policy. This work must now dovetail with the Law Commission’s proposals and ultimately the new proposed EU Data Protection Regulation. The process is being coordinated by Involve, a civil society organisation, which has been awarded £20,000 to progress the policy-making process. Initial meetings have been held, a mailing list and website established, and input is now required from anyone interested in helping to shape future data sharing of public sector information.

Organisations are actively being encouraged to become involved. Civil society organisations involved to date include the likes of Big Brother Watch, MedConfidential, No2ID, The Open Rights Group, The Children’s Society, New Philanthropy Capital, Nuffield Foundation, Open Data Institute, Which and the ESRC.

What happens next?

The expected future developments of the process are as follows:

  • The Law Commission will report in April recommending a review of the law relating to data sharing.
  • Proposals will be developed under the new open policy making process until mid-August.
  • A policy document will be produced for mid-September for MPs to consider upon returning from recess.
  • Legal Counsel to produce key draft clauses and a White paper for the Christmas break.
  • Open public consultation Jan – March 2015.
  • The next Government will consider any data sharing proposals in the first session of Parliament after the 2015 General Election.

Clearly there needs to be cross-party support for this project for it to proceed past the next election. It is however very likely that this will be supported by all main parties and should not be a showstopper. The engagement of the organisations mentioned above at this early stage is important. With high profile organisations such as those on board, ensuring that privacy concerns are addressed early, it reduces the chance of problems for the government later in the process… and enables the government to cash in on a potential £16 billion of estimated income from UK data assets.

More importantly for the public though, this more inclusive process will hopefully genuinely address those privacy concerns that appear to have been wilfully ignored during the Care.Data process. This week has seen media reports focussing on HMRC selling our tax records next, and the fact that children’s records are already sold; a fact parents were no doubt unaware of and certainly not consulted upon. It is therefore vitally important that practitioners and organisations on the ground, the ones physically sharing data on a daily basis, can feed into this process in its initial stages to highlight and bottom out real practical issues as well as legislative and cultural ones.

This is no small task, and the timetable is incredibly tight to keep those involved focussed. As Francis Maude said at the last meeting, we don’t even know if we will be able to come up with anything workable; it could simply be too difficult. It is however worth the effort if it simplifies the data sharing process and offers the public a better and cost-effective service, whilst taking into account privacy concerns.

It’s not too late to get involved. If you have experience of information sharing or are a data protection practitioner or privacy expert, you can sign up at the website, or join the mailing list, and help shape the proposed White Paper.

Lynn Wyeth is the Information Governance Manager at Leicester City Council. Follow her on Twitter @LynnFoi.

We will be discussing these developments in our forthcoming information sharing workshops.



I popped into my doctor’s surgery this week for a routine blood test. I was fortunate as I got an appointment quite easily which is unusual. They have a strange system of making appointments. At 8-30 am every weekday they the phone calls from people wanting appointments in the morning surgery then at 9-00 am they take appointments from people wanting to attend evening surgery. At 9-30 am they stop taking phone calls for the day’s appointments as they’ve all been taken. Unfortunately they have more people wanting appointments than there are appointments so the chances of getting through to the receptionists are almost zero (or as Don King once famously said – you’ve got 2 chances son, Slim and none and Slim’s just left town).

Because of this local people have realised that they have a better chance of getting an appointment by turning up in person so at 8-15 am a queue starts and can reach 30 people by half past. At 8-29 am these people are let in and the serendipity between phone callers and real human beings begins its balancing act.

You’re all thinking “Why don’t they let people make appointments for the following day or the one after that?” This is where the care.patient philosophy really kicks in. The answer is they just don’t. You can book a slot next week. There are a lot of disgruntled people signed up with this surgery.

But they have moved into text messaging despite their failure to grasp telephone bookings and electronic diaries. When you make an appointment a week in the future they send you a text message to confirm your appointment. Then 24 hours before your appointment they send you the same message. Then 30 minutes before your appointment (when you’re probably getting on with life) they do absolutely nothing. If you’re outside the range of your smartphone alert system you’re stuffed.

But when you get past the Krypton test style appointment system you meet their 3rd commitment to technology. You can sign in using a machine in reception rather than talk to the receptionists. I did it. Month of birth followed by day of birth and it told me my name was Laura Wilson and my appointment was 11-10am.  No it isn’t. I tried to check in again and this time it told me it could not check me in and directed me to reception. I joined the queue of incorrectly identified patients to tell them their machine wasn’t working we were told in a loud and annoyed voice that the machine was working and the name shown on the screen wasn’t our name but the name of the person our appointment was with. Silly me (and the rest of the people who fell for this simple ruse de medicine). If it had said Doctor Laura Wilson I might have grasped it.

So they can’t do phone, electronic diaries, text and personless check ins. Let’s hope they never get round to databases.

Oh and you’ll be glad to know that I did have some blood in my alcohol.

Practitioner Certificate in FOISA: Review of First Year


Act Now Training is pleased to report that it has completed a very successful first year of delivering the Practitioner Certificate in the Freedom of Information (Scotland) Act 2002. Four courses were delivered in 2013 with very strong candidates from a variety of backgrounds:


The overall pass rate was 94% with over a third of delegates obtaining a distinction (over 80%). 72% of delegates scored above 65% in the final assessment. The delegate feedback has been extremely positive. All said they enjoyed the course and felt that they would be able to apply the skills learnt on the course in the workplace to improve their efficiency in dealing with FOISA requests. (Read a successful candidate’s observations here.)

Commenting on the first year of delivering the course, Tim Turner said:

“I’ve enjoyed writing and delivering this course. The results have been encouraging and also demonstrate clearly the high level of expertise in Scottish Public bodies. I am also pleased that the course project element has enabled individuals to achieve very high marks and well deserved distinctions. I think that this style of qualification is better suited to the way of working within Scottish Public Bodies managing Freedom of Information.”

More of Tim’s views on the course can be read here.

The course is endorsed by the Centre for FOI based at Dundee University. The Chair of the independent Exam Board , Professor Kevin Dunion (formerly the Scottish Information Commissioner and now the Executive Director of the Centre for FOI) says in the course review report:

“I’m pleased to be able to participate in the review of the first year of this groundbreaking new course designed for Scottish FOI practitioners. Having reviewed the syllabus, the examination process and the first year’s results I am happy to continue to endorse Act Now’s Practitioner Certificate in FOISA for another year. The quality of the delegates, as evidenced by the high grades, augurs well for FOI in Scotland. In particular, I am pleased at Act Now’s initiative to include practical elements in the course. This clearly provides direct benefits for  public authorities,  by improving the ability of practitioners to deal with complex information requests.”

With more bodies being made subject to FOISA on 1st April 2014, we are confident that the Act Now Practitioner Certificate in FOISA will soon become the qualification of choice for FOISA professionals in Scotland.

Our next course is in May in Edinburgh. Interested? Have a go at the FOISA test.

%d bloggers like this: