The checklist was published in January and can be accessed here. The checklist defines an IG SUI as “any incident involving the actual or potential loss of personal information that could lead to identity fraud or have other significant impact on individuals should be considered as serious”. It includes the loss of both electronic and paper records. The checklist should be read in conjunction with previously released national guidance on the management of SUIs as well as local guidance.
The checklist includes the following advice:
- staff should be encouraged to report IG SUI “near misses”;
- all staff should know to whom they should report suspected or actual IG SUIS;
- the checklist should be incorporated into the incident response plan which each organisation should already have in place; and
- PCTs are responsible for performance managing the investigation of SUIs in their main providers.
The checklist provides a useful list of steps to be taken into account when investigating IG SUIs.