National Data Guardian publishes new guidance about the appointment of Caldicott Guardians

Press release

The National Data Guardian has published guidance under her statutory powers about the appointment, role and responsibilities of Caldicott Guardians, expanding the types of organisations expected to have one.

Illustration of two Caldicott guardians, a seated man behind a computer and standing woman at his side. There is a list of the Caldicott Principles on the wall behind them.

The National Data Guardian (NDG) has today published guidance under her statutory powers about the appointment, role and responsibilities of Caldicott Guardians in respect of data processing activities undertaken within their organisations.

Caldicott Guardians are senior people within an organisation who protect the confidentiality of people’s information by considering the ethical and legal aspects of data sharing. Previously only NHS organisations and local authorities were required to have one, but this guidance introduces a requirement that widens the type and number of organisations that are expected to have a Caldicott Guardian, whether by appointing a member of their own staff or through other arrangements.

The guidance applies to all public bodies within the health service, adult social care or adult carer support sectors in England that handle confidential information about patients or service users. This also includes organisations contracted by public bodies to deliver health or adult social care services that handle such information.

As this guidance is published under the National Data Guardian’s power to issue guidance described within the Health and Social Care (National Data Guardian) Act 2018, those organisations it applies to must have regard to it, and are encouraged to become compliant by 30 June 2023.

This change has been introduced in response to a public consultation held by the NDG in 2020 about the Caldicott Principles and Caldicott Guardians. People who responded to the consultation felt the role needed stronger emphasis across the whole of health and social care, and so the NDG’s proposal to expand the types of organisations that are expected to have a Caldicott Guardian received strong support.

National Data Guardian Dr Nicola Byrne said:

“My past experience as a Caldicott Guardian gives me a deep understanding of the vital role that they play in ensuring that health and social care data is used responsibly and ethically to support the delivery of better care. Caldicott Guardians are central to ensuring that confidentiality is protected and that wise decisions are made about the information their organisations hold. For this reason, introducing Caldicott Guardians into more settings is an important step in the right direction when it comes to maintaining people’s trust in a confidential health and social care system. We are very pleased to be sharing this guidance today and will be working with partners and colleagues over the coming weeks to ensure that those who need to take action are aware of what is required of them.”

Note to editor

Help and resources for those in scope is available on the UK Caldicott Guardian Council (UKCGC) website. The UKCGC provide support for Caldicott Guardians and others fulfilling the Caldicott function within their organisation.

Published 27 August 2021