The Three Acts Of Data Protection Information Technology Essay

This assignment will identify and discuss the three acts relevant to the use of Information Technology in a Social Work setting: Data Protection Act (DPA) 1998; Freedom of Information Act (FIA) 2000; and the Computer Mis-use Act 1990. I will discuss how records are stored, retrieved and shared, as well as the advantages and disadvantages of using IT in social work. I will also discuss how the organisation I was placed in collect, analyse and evaluate information to enhance the delivery of their services, as well as any implications for the service users in the use of IT. Discussion will end with the role IT plays in contemporary social work.

There are three important pieces of legislation governing the issues of confidentiality, access to records/reports, and their security.

The DPA 1998 defines UK law on the processing of information for identifiable persons living within the UK, and is the main piece of legislation governing the protection of personal data. In practice, it provides a way for individuals to control the use of information about themselves, by providing the opportunity to view any information held by agencies, and to have anything which is factually incorrect corrected. Although the Act is intended for information stored or intended to be stored on computers or a ‘relevant filing system’, in some cases even a paper address book or diary can be classified as a ‘relevant filing system’. It is right to assume, therefore, that the Act would also cover any information which might be held in a Social Worker’s hand written diary.

The DPA 1998: Guidance to Social Services came into force in March 2000. Its purpose is to provide guidance to local authority social services in the application of the DPA when giving access to social work records. It also provides “guidance on good practice in compiling and maintaining records; advice on the need for policies covering the retention and disposal of other records as well as guidance on confidentiality and social services records”. The Act also ensures that social care agencies manage personal information in a responsible way, in that it is kept accurate and up to date, is kept only for as long as is necessary and for a specified purpose, and is kept securely.

Another important piece of legislation that protects individuals is the FIA 2000. This Act gives the individual the right to view data and information about them held by the social service and government agencies, and also the health authorities. A significant aspect of the Act is that it allows individuals to not only view database entries but also e-mails and other electronic material pertinent to them. For example, if derogatory or defamatory information about a service user were included in an e-mail, and the service user in question were to exercise their right to access the information, it could then enter the public domain. For this reason, it is a powerful Act that could, if ignored, have a detrimental effect on a social worker’s career prospects. However, the legislation does also offer some protection, as access to case records does remain subject to agreement from Senior Managers. Information can still legally be withheld if it is not deemed to be in the service user’s best interests to view it (Brammer, 2003). This should not, however, be relied upon as a way out, and prevention is so much better than resorting to damage limitation.

The Computer Mis-use Act 1990 is the third piece of important legislation in the delivery of services in the social sector. This Act identifies three specific offences: unauthorised access to computer material; unauthorised access to a computer system with intent to commit or facilitate the commission of a serious crime; and unauthorised modification of computer material. An example of what might constitute an offence would be to use a device, such as a USB stick, on the computer system with the intent of introducing a virus or other unauthorised software into the system or network. Network Managers guard against this by having USB ports on Computers disabled, thereby reducing the risk. This method also limits the ability to download confidential information from the network that is subject to law under the DPA 1998. Another scenario which might constitute an offence under the Computer Mis-use Act 1990 is the use of someone else’s log-in details without proper authority, with the intent of using or altering data contained within the system. To mitigate this risk, organisations in both the commercial and social sectors often have randomly-generated and time-limited passwords, making it more difficult for unauthorised users to guess. Organisations will also develop and implement a policy governing use and misuse of their computer systems, which each Employee will be expected to sign and adhere to.

Every organisation will have their own way of working within the confines of these three Acts. My 30-day placement was at Grovelands Residential Home, part of the Somerset Care Group. Their central office is in Taunton, and it is here that the IT systems are hosted and disseminated using the CITRIX Networking Interface. In this example, CITRIX operates across a number of different platforms, and is used to provide secure remote access to centrally-held systems and data. Users within the care homes and regional offices log-in to CITRIX, and CITRIX controls access to the relevant systems and data from the central office. The database in which the service users’ details are held is called SATURN, and is protected with a separate login and password. Information held on SATURN is personal information about the service users: medications; care plans; and even financial data.

Each individual work place and user is given ‘permissions’ relating to their own service users, but there are also documents and data that is shared between sites. Network and system provision in this way has the advantage of allowing both strict control over access to data, but also allows data to be stored once, thus reducing storage and maintenance overheads. Information is accessed and used only when and where required, reducing the need for hording. Within Grovelands, the only employees allowed full access to the computer network are the Manager, Deputy Manager, and Administrators. This access includes all applications and information pertaining to the Home, as well as the Microsoft Office application suite. The use of Microsoft Office is restricted and cannot be used by Supervisors or Team Leaders. This again reduces the risk of information being extracted and stored locally, whether for legitimate or illegitimate purposes. This approach can also mitigate some of the potential issues mentioned earlier under the FIA 2000.

The advantages of using IT systems in the social sector are, in many cases, common to those evident in the commercial sector. Long gone are the days where offices would be lined with filing cabinets, each full of personal information. Nowadays, the filing function is computerised, allowing for the use of many functions to manipulate and report data into Management Information. Statistical analysis and reporting over databases containing millions of records can be done in seconds, and this would have been inconceivable a few decades ago. This flexibility and functionality allows the targeting of specific services to the most appropriate individuals. However, to be reliable, the information has to be both accurate and complete, and also must be stored and organised in a way which facilitates easy, flexible reporting (Drew 2009). Failure to achieve this could result in inappropriate provision of services, especially so as service users themselves may be able to identify available services, which may or may not be appropriate to them, through use of the internet.

The Somerset NHS Partnership and Social Care use an IT Client Record system called RiO (CSE-Servelec Ltd 2005) primarily for the Mental Health Service. RiO is a web-based Integrated Care Record System, holding all client information in a central database. Staff can gain access to clinical records from any PC within, or potentially outside, the Trust, allowing them to update on-line records at any point of a service user’s care. If Grovelands were able to access this service, then potentially the problems encountered when a service user goes into hospital for example, i.e. insufficient information about the service user, medications, behaviour patterns etc, could be eradicated. It could be used to provide a more coherent, person-centred service, which is the ethos of Dementia care.

The IT age is well and truly embedded in the world of social care. Social workers have previously written case notes by hand, made their own appointments, and managed their own workload. The introduction of IT systems cannot replace all of these functions, and, as with no longer using support staff to upload case notes, the IT systems can actually increase the social worker’s workload (Postle, 2002). Remote access is already being used across the country (Revans, 2007), and, in Somerset, the Integrated Children’s Systems allows remote access. This can be advantageous in optimising the use of time when, for instance, waiting for meetings to start etc, and also allows for home working. It also allows the social worker to keep in touch with colleagues, reducing the feeling of isolation which can come with being out of the workplace on lots of visits.

Having considered the use of IT at Grovelands and within social work as a whole, it is clear that IT has a key role in contemporary social work. However, technology is an evolutionary process. The important point is how we, as potential social workers, use the IT systems to manage our own time and ensure that our record keeping is accurate and effective, allowing us to strike the appropriate balance between time with service users and colleagues and time maintaining data in a way which protects both ourselves and the service users within the 3 laws described in this assignment.