🔏
Sensitivity and access procedures
  • Access to personal and sensitive information: Internal Procedural Manual
  • Sensitivity Criteria
    • Overview of workflow
    • 2.1 Due diligence
    • 2.2 Personal data
    • 2.3 Business sensitivity
      • 2.3.1 Identifying business sensitive information
      • 2.3.2 Determining the appropriate access status
    • 2.4 Cultural sensitivity
    • 2.5 Distressing or offensive content
    • 2.6 Child sexual abuse material
      • 2.6.1 What is child sexual abuse material?
        • 2.6.1.1 What is an 'indecent' image?
      • 2.6.2 Who are we safeguarding?
      • 2.6.3 Relevant legislation
        • 2.6.3.1 Wellcome's position
      • 2.6.4 Staff welfare and safeguarding
      • 2.6.5 How to flag CSAM or potential CSAM
      • 2.6.6 Cataloguing
      • 2.6.7 Requests for access
        • 2.6.7.1 Facilitation of onsite access
      • 2.6.8 Digitisation and take down
  • Managing Access
    • Undertaking sensitivity review
      • Further guidance on the personal data flowchart
      • Restriction and closure periods
      • Redaction
      • Catalogue titles and descriptions
      • CALM fields
        • Assigning OrderingCodes
      • Sierra fields
        • Sierra Access Status+Conditions
      • Documenting decisions
      • Packaging physical material
    • Access Status Options
      • Safeguarded access
      • Access conditions statements
      • Changes to the access status
        • Temporary changes to the access status
        • Permanent changes to the access status
        • January openings
      • Missing & Withdrawn Items
    • Access Exceptions
    • Access to Uncatalogued Collections
    • Access to NHS Records
  • Access and Copying Conditions
    • Access and copying conditions
  • Online Access
    • Assessment for online access
  • Access Appeals
    • Access appeals process
  • Collections, Access, Diversity and Inclusion forum (CADI)
    • About the forum
    • Resources
    • Topics
      • Child Sexual Abuse Material
      • Working with communities and academics
      • Content Advisories
      • By Appointment
      • Participatory cataloguing
Powered by GitBook
On this page
  • Notes and explanations
  • Additional pages for more detail

Was this helpful?

Edit on GitHub
  1. Sensitivity Criteria

2.2 Personal data

This assessment is for onsite access. Suitability for online access is assessed separately.

Notes and explanations

  1. Identifiable individuals: information that distinguishes an individual from other members of a group. As well as written information, a person can be identified from their body, most commonly their face, but possibly also other distinguishing body features such as tattoos or birthmarks. Voices are also considered identifying information.

  2. Data has been made public as a result of steps deliberately taken by the individual: in the absence of documented consent, we use our judgement to decide whether they have deliberately participated in making their data public, the circumstances around this and thus whether the information can be made available by us. We consider the extent to which the information has previously been made public and whether circumstances have since changed, which might suggest that disclosure could have a detrimental effect on the individual.

  3. Material was created for and distributed to a professional/specific audience: was the material intended for or distributed to a wide general audience (e.g. a public information film designed to encourage public uptake of TB testing), or was it created for a specific, limited audience (e.g. a recording of an operation made as a surgical training aid)?

  4. Content that could be distressing or offensive to the viewer: written description, imagery or audio that a viewer may find distressing, uncomfortable or harmful.

  5. Vulnerable people and people in a vulnerable position: this can include, but is not limited to:

    • Being associated with a something that carries stigma and/or is controversial (i.e. mental health problems, STIs, abortion, learning difficulties)

    • Nudity

    • Children

    • Being in severe pain or distress

    • Being in restraints or being restrained

    • Engaging in animal experimentation

  6. Manual filing system: a set of records that are held in a sufficiently structured way as to allow ready access to specific information about individuals

  7. Special category personal data: types of personal information that are considered more sensitive under data protection law and which therefore require more protection. This can include information about an individual’s: health; sex life; sexual orientation; race; ethnic origin; genetics; biometrics (where used for ID purposes); political view; and trade union membership. All such information should be considered more carefully when reviewing material.

  8. Additional information in the surrounding files to increase sensitivity: information can be extracted from surrounding records or catalogue metadata to increase the sensitivity of the file. For instance, a photograph of workshop participants with a catalogue description identifying the location as a psychiatric hospital.

Additional pages for more detail

Previous2.1 Due diligenceNext2.3 Business sensitivity

Last updated 1 year ago

Was this helpful?

Further guidance on the personal data flowchart
Access Status Options
Restriction and closure periods
https://wellcomecloud.sharepoint.com/:u:/r/sites/wc2/cr/cm/Access%20Management/Access%20Policy%20%26%20Procedures%20post-2017/C%20Procedures%20Review/2023%20Review/Fig%202%20Risk%20assessment%20for%20records%20containing%20personal%20data%20-%20RevisedOct2023.vsdx?csf=1&d=w7457b3f35b98499d88f94c4e5c9300f7&e=Rghe8w&web=1wellcomecloud.sharepoint.com
Fig.2 Risk assessment for records containing personal data without permission (for onsite access)