Home » Guidelines & Policy » Consultation response: Review of data security, consent and opt-outs

Consultation response: Review of data security, consent and opt-outs

This consultation seeks views on the proposed data security standards and the consent/opt-outs model as set out in the independent review by the national data guardian, Dame Fiona Caldicott.

The independent review of data security, consent and opt-outs includes 10 new data security standards, a method of testing compliance with these standards, and a new consent model for data sharing in health and social care.


  • The RCP welcomes the proposed security standards and the balance between individual privacy and public benefit.
  • The RCP recommends that the 10 data security standards should be complementary to the information governance toolkit in order to fully encompass data governance issues, however recognises the need to review and update it.
  • There is the concern that smaller organisations may struggle with Cyber Essentials, making it difficult to share information for integrated patient care.
  • The review should note the impact that increased opportunities for individuals to manage their data will have in future.
  • The opt-out model differentiates between the use of data for running the NHS and social care system and for research, however this is not a clear choice as these purposes can overlap, for example in local clinical audit.
  • Progress towards a simplified system or data sharing would be welcomed.


For more information please email Methela Haque, RCP public affairs adviser: methela.haque@rcplondon.ac.uk.