search
githubEdit

2.2 Personal data

circle-info

This assessment is for onsite access. Suitability for online access is assessed separately.

hashtag
Notes and explanations

  1. Identifiable individuals: information that distinguishes an individual from other members of a group. As well as written information, a person can be identified from their body, most commonly their face, but possibly also other distinguishing body features such as tattoos or birthmarks. Voices are also considered identifying information.

  2. Data has been made public as a result of steps deliberately taken by the individual: in the absence of documented consent, we use our judgement to decide whether they have deliberately participated in making their data public, the circumstances around this and thus whether the information can be made available by us. We consider the extent to which the information has previously been made public and whether circumstances have since changed, which might suggest that disclosure could have a detrimental effect on the individual.

  3. Material was created for and distributed to a professional/specific audience: was the material intended for or distributed to a wide general audience (e.g. a public information film designed to encourage public uptake of TB testing), or was it created for a specific, limited audience (e.g. a recording of an operation made as a surgical training aid)?

  4. Content that could be distressing or offensive to the viewer: written description, imagery or audio that a viewer may find distressing, uncomfortable or harmful.

  5. Vulnerable people and people in a vulnerable position: this can include, but is not limited to:

    • Being associated with a something that carries stigma and/or is controversial (i.e. mental health problems, STIs, abortion, learning difficulties)

    • Nudity

    • Children

    • Being in severe pain or distress

    • Being in restraints or being restrained

    • Engaging in animal experimentation

  6. Manual filing system: a set of records that are held in a sufficiently structured way as to allow ready access to specific information about individuals

  7. Special category personal data: types of personal information that are considered more sensitive under data protection law and which therefore require more protection. This can include information about an individual’s: health; sex life; sexual orientation; race; ethnic origin; genetics; biometrics (where used for ID purposes); political view; and trade union membership. All such information should be considered more carefully when reviewing material.

  8. Additional information in the surrounding files to increase sensitivity: information can be extracted from surrounding records or catalogue metadata to increase the sensitivity of the file. For instance, a photograph of workshop participants with a catalogue description identifying the location as a psychiatric hospital.

hashtag
Additional pages for more detail

Further guidance on the personal data flowchartchevron-rightAccess Status Optionschevron-rightRestriction and closure periodschevron-right

Fig.2 Risk assessment for records containing personal data without permission (for onsite access)
https://wellcomecloud.sharepoint.com/:u:/r/sites/wc2/cr/cm/Access%20Management/Access%20Policy%20%26%20Procedures%20post-2017/C%20Procedures%20Review/2023%20Review/Fig%202%20Risk%20assessment%20for%20records%20containing%20personal%20data%20-%20RevisedOct2023.vsdx?csf=1&d=w7457b3f35b98499d88f94c4e5c9300f7&e=Rghe8w&web=1wellcomecloud.sharepoint.comchevron-right
Previous2.1 Due diligenceNext2.3 Business sensitivity

Last updated

Was this helpful?