Skip to main content

Current Chapter

Current chapter – Rights and responsibilities


Accounting officer

The Chief Executive is the Accounting Officer of NHS Digital and has overall accountability and responsibility for matters Information Governance of which effective management of records and documents is a part. The Accounting Officer is required to provide assurance, through the Governance Statement, that all risks to the organisation, including those relating to information, including records and documents, are effectively managed and mitigated.


Data Protection Officer

The position of Data Protection Officer is responsible for monitoring NHS Digital’s compliance with Data Protection legislation and its compliance with its own policies in relation to the protection of personal data. 


Senior Information Risk Owner

The Deputy Chief Executive is the Senior Information Risk Officer (SIRO) and has responsibility for ensuring that effective systems and processes are in place to address the Information Governance agenda, including records and document management. The SIRO is responsible for information risk within the organisation and the provision of written advice to the Chief Executive on the content of the Governance Statement in regard to information risk.


Caldicott Guardian

The role of the Caldicott Guardian is advisory. The Caldicott Guardian acts as the conscience of the organisation for patient information, patient confidentiality and information sharing issues and the proper management of patient information.


Service Director of Information Governance

The Service Director of Information Governance has oversight of this Policy, its supporting procedures / process guidance, their implementation and of the Records Management function.


Record and Document Authors, Responsible Owners (including managers, project and programme managers), Information Asset Owners and Information Asset Administrators

It's the responsibility of staff in these positions to ensure this Policy and its supporting procedural/process guidance are implemented effectively. That records and documents are maintained for as long as is necessary, but no longer, in context of NHS Digital’s legal and regulatory obligations; operational business needs and the retention categories and periods established in this policy.

It is also the responsibility of staff in these positions to ensure records and documents are properly disposed of in accordance with this policy and its supporting procedural/process guidance.


Records management function

The corporate records management function is responsible for:

  • the maintenance of this policy, its supporting portfolio of procedural and process guidance and their collaborative implementation working in conjunction with all staff and management across the organisation
  • the provision of advice and guidance in respect of this policy and its supporting portfolio of procedural and process guidance

All staff

This policy applies to all members of staff, at whatever level, working in or on behalf of NHS Digital; this includes:

  • contractors
  • temporary staff
  • apprentices
  • secondees
  • volunteers
  • all permanent employees

All members of staff are responsible for the implementation of this policy and supporting processes, specifically the proactive management of retention and disposal decisions and actions.

All staff have, in addition, the right to expect NHS Digital records and documents to be properly managed, readily located and accessible unless properly deleted or destroyed in accordance with this policy and its supporting procedure / process guidance.


Requests for access to information by the public and members of parliament

Members of the public have a right under legislation and regulations to request access to information held by NHS Digital (unless it has legitimately been deleted or destroyed in accordance with this policy and its supporting processes).

This includes:

  • Access to Health Records Act 1990
  • Data Protection Act May 2018
  • Freedom of Information Act 2000
  • Environmental Information Regulations 2004

Last edited: 23 November 2021 11:49 am