Skip to content
Purpose
Where a sets out to find and support people with a particular vulnerability.
@Lead Organisation
Getting Started
The Lead Organisation
The SAVVI Process starts when an organisation decides to take the lead in finding people or households with a vulnerability, so that they can be offered support. We call this the as they will have to take decisions about how the process will run, and coordinate how partner organisations will share intelligence and provide support.
@Lead Organisation
Setting a Purpose
The Lead Organisation will need to be precise about the vulnerabilities that it is looking to address; this is the SAVVI . Many of the arrangements that cover data sharing and re-use, will rely on this definition. , who control access to data, will expect a clear undertaking about how and why their data is to be used before they are likely to share it.
@Purpose
@Information Governance
@Source Organisations
SAVVI has initially looked at purposes of
... and we intend to explore other purposes such as
A will have a title and one or two paragraphs as a description. Some have a definition based in law, in which case it can be helpful to refer to a section of an Act.
@Purpose
@Purposes
SAVVI is building a , and how various have gone about addressing them.
@Lead organisations
Defining a Risk Stratification Policy
The is where the lays out the purpose of the initiative, and the that it will use to decide if and how a or should be contacted, to find out what support they might need. SAVVI has .
@Risk Stratification Policy
@Lead Organisation
@Risk Categories
@Person
@Household
This need not be a long document. It should capture the key points listed below. For transparency, we recommend that the document is published.
Purpose
The definition of the .
@Purpose
Jurisdiction
The geographic area that the initiative covers. This is typically the area covered by a Local Authority.
See defining geographic areas for advice on reference schemes that list geographic areas.
Risk Categories
The will attempt to find people or households at risk by analyzing what we know about them, and grouping them by which will determine how how they will be contacted to understand their actual needs.
@Lead Organisation
@Risk Category
We have seen such as Red/Amber/Green, or perhaps there is only one category so that people are considered to be either, at risk, or not.
@Risk Categories
Categories might also group people by other factors such as family type, or locality.
Vulnerability Attributes
The Lead Organisation will want to collect data about people or households from various . Even where the data is held by the itself, it should treat themselves as if the data was being requested externally. Examples of might include
@Source Organisations
@Lead Organisation
@Vulnerability Attributes
For data minimisation purposes, only the presence of the attribute is required.
SAVVI allows four types of , namely
@Vulnerability Attribute
See the for examples of the vulnerability attributes that have been used, against a defined, specific purpose.
Data Sources
For each , there needs to be at least one , who has the data.
@Vulnerability Attribute
@Source Organisation
The lists the typical types of organisations that have certain attributes and the service they provide that allows them to collect that data.
At this stage, the need only record if the data sharing is in place. Each data share will need agreements, security, data formats, and so on, which we will come on to.
@Risk Stratification Policy
Algorithms
A description of the rules that will be applied to the to place a person or household into each .
@Vulnerability Attributes
@Risk Category
Requesting Data from Source Organisations.
Data Sharing Request
The will request data from each . Some considerations at this stage include
@Lead Organisation
@Information Governance
@Source Organisation
The request should cover the key points listed below. If the request is accepted, this information will be the basis of various steps.
@Information Governance
Purpose
The purpose that the data will be used for. This will already have been established in the step.
The Requested Data
The data will include information about
@Person
@Household
@Vulnerability Attribute
@Risk Stratification Policy
@Provenance
The data items that could be requested are described in the SAVVI Standards. See Defining the Data to be Requested.
Pseudonymised?
To indicate if a pseudonymised version of the data is required and the arrangements to achieve that.
Periodicity
The can specify how often they would like the data to be refreshed. This may be
@Lead Organisation
Legal Basis
The legal basis that the proposes is relevant to the nature of the data, and the purpose of the vulnerability initiative.
@Lead Organisation
See Defining the Legal Basis for Data Sharing.
The has examples where a Legal Basis has been proposed to access certain vulnerability attributes for a purpose.
Data Format
The will prefer to receive information from many in the same, or similar, format, to reduce the amount of transformation necessary and to ease data matching.
@Lead Organisation
@Source Organisations
Safeguards
The can propose the safeguards that they intend to put in place to protect the data, such as where it will be stored, how access will be controlled and monitored, when data will be destroyed.
@Lead Organisation
However, these are points for negotiation and will be determined by the as a part of a later data sharing agreement. There may already be an overarching data sharing agreement that sets behaviours and mechanisms for specifying controls.
@Source Organisation
Pseudonymisation
are , and may require further protection if they contain sensitive information such as health conditions or criminality.
@Vulnerability Attributes
A may only allow their data to be shared where a vulnerability has already been established.
@Source Organisations
is a technique that allows a to send attributes that cannot be linked to a person or household, but CAN be matched to other data from other sources, about the same household.
@Pseudonymisation
@Source Organisation
A first pass to put pseudonymised households into can then be done. This tells the that there are vulnerable households, but does not reveal names or addresses. The can subsequently ask the to provide person-identifiable data for the selected households, by passing back the pseudonymised identifier for the .
@Risk Categories
@Lead Organisation
@Lead Organisation
@Source Organisation
@Household
This is an optional step in the SAVVI , but may help to get access to data that would otherwise be denied.
Information Governance
Before the handles information provided by the (even when they are both the same organisation ) , there are some routine Information Governance steps to complete.
@Lead Organisation
@Source Organisation
The and s should
@Lead Organisation
@Source Organisation
Although these are not different to any other data sharing scenario, SAVVI has some advice about the steps to take, and points to guidance from authoritative sources such as the Information Commissioners Office (ICO).
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.