SAVVI is about using data to find and support vulnerable people. This SAVVI Information Governance Framework picks out the steps to ensure that the use of personal data, in the UK, is lawful, ethical and transparent.
, there are activities which refer to the reuse and sharing or personal data. The details of how to handle these activities then point into this Framework.
We have written this Framework to
inform non IG professionals about the steps that they should be taking as they use data for a vulnerability initiative
support IG professionals to engage, and take part.
We hope that it encourages an early dialogue about IG issues and opportunities.
We’ll keep this Framework up to date as Information Governance guidance and legislation in the UK evolves.
How to use the SAVVI Information Governance Framework
In this video, Paul Davidson, SAVVI Product Owner presents the SAVVI Information Governance.
Applying Information Governance to the SAVVI Process
SAVVI is about the smart use of data to find, assess and support vulnerable people. Throughout each of these phases, we need to handle data lawfully, ethically, and transparently.
phase, existing personal data from many sources is reused and matched, to generate a prioritised Cohort of people with potential Needs. The original data may have been collected for a different Purpose, and we can't ask for people's consent to use their data until we have found them.
phase collects new data from those at risk, and other professionals, and combines that with existing operational data to give a 'single-view' and arrive at a set of assessed Needs and Circumstances.
phase engages with support services across partner organisations. Here, necessary data is shared with partners, and Actions and Outcomes can be tracked.
Data protection law is an enabler for fair and proportionate data sharing, rather than a blocker.
The accountability principle means that Controllers / Processors are responsible for compliance, and must be able to demonstrate that compliance.
Controllers / Processors must share personal data fairly and transparently.
Controllers / Processor must identify at least one lawful basis for sharing data before they start any sharing
Controllers must process personal data securely, with appropriate organisational and technical measures in place
A Consistent Approach
We've built this framework by referring to definitive sources from authoritative organisations. For each step, we give a link to where we found the guidance, and where you can find out more.