Skip Navigation
Search site

The NHS.UK blog has moved home. You can now find us at

Can you help us improve the NHS Digital site?
Please take this short survey.

Consultation on Privacy Impact Assessment for the workforce Minimum Data Set collection

As part of the new workforce minimum data set collection (wMDS) and following consultation with stakeholders, the HSCIC has developed a privacy impact assessment (PIA) which considers and highlights the risks raised by stakeholders and proposes factors to mitigate these risks.

What is a Privacy Impact Assessment?

Privacy impact assessments (PIAs) were launched in the UK by the Information Commissioner in December 2007, and mandated by the Cabinet Office for Information and Communications Technology (ICT) projects following the Data Handling Review of June 2008.

In his letter to the NHS, dated September 2008, David Nicholson NHS Chief Executive mandated the use of privacy impact assessments for all new projects in the NHS.

The Senior Information Risk Owner for the Programme / Project will approve and sign-off the completed privacy impact assessment, in line with NHS and Cabinet Office policies.

Privacy impact assessments identify and assess privacy risks and detail the policies and actions that are in place to mitigate or avoid the risks. It aims to promote confidence in the way information is collected, processed, analysed, stored and published.

Why we held a consultation?

We asked stakeholders what they considered to be the risks of the workforce minimum data set collection. The Privacy Impact Assessment looks at the risks raised by this process and sets out mitigating factors for all of them. We then consulted with all NHS providers involved in the wMDS so as to gain their feedback on the PIA and whether we had satisfactorily mitigated all risk factors.

Results of the consultation

The pdf icon wMDS PIA consultation response [408kb] were published in March 2015.

Close iCM Form