Gloucestershire Health and Care- NHS Trust logo
with you, for you
Copy of Trust Policy > Policies, Procedure and Guidance Documents – Information Requests

Freedom of Information request Policies, Procedure and Guidance Documents – Information Requests

Response published: 9 June 2026

FOI Request

Dear Freedom of Information Team, Please treat this email as a request under the Freedom of Information Act 2000. I request copies of any current policies, procedures, guidance documents, protocols, frameworks or standard operating procedures used by Gloucestershire Health and Care NHS Foundation Trust relating to: • the handling, assessment and processing of Police DP1 requests • disclosure of personal data to police or law enforcement agencies • proportionality and necessity assessments relating to disclosures to law enforcement bodies • governance or approval processes for disclosures to police forces in relation to misconduct or disciplinary matters • Caldicott Guardian involvement in external disclosures • information governance procedures relating to law-enforcement requests • complaints procedures relating to information governance or data-sharing concerns • staff conduct on social media platforms • online professionalism and online communications involving members of the public • bullying, harassment, dignity at work, or inappropriate staff conduct • and communications or reputational guidance applicable to staff use of social media. Please also provide copies of any guidance, templates, checklists or decision-making frameworks used by staff when assessing requests for disclosure from police forces. If the Trust does not maintain any local policy in respect of the above, please identify any national NHS guidance, NHS England standards, codes of conduct or external frameworks relied upon when assessing complaints relating to staff conduct on social media platforms or online interactions involving members of the public. If any of the requested information is already publicly available, please provide links to the relevant documents. If any part of this request is considered exempt from disclosure, please identify the specific exemption relied upon and provide any disclosable material in redacted form where appropriate. Kind regards,

FOI Response

Freedom of Information Request – Ref: FOI 151-2026

Thank you for your recent Freedom of Information request. Please find our response below.

You asked:

I request copies of any current policies, procedures, guidance documents, protocols, frameworks or standard operating procedures used by Gloucestershire Health and Care NHS Foundation Trust relating to:

1. The handling, assessment and processing of Police DP1 requests

2. Disclosure of personal data to police or law enforcement agencies

3. Proportionality and necessity assessments relating to disclosures to law enforcement bodies

4. Governance or approval processes for disclosures to police forces in relation to misconduct or disciplinary matters

Our response:

All police requests are handled/assessed and processed by the Trust’s Legal Services Department.

The Trust follows the Information Commission’s Office (ICO) guidance on Law Enforcement processing, please click on link for more information: Guide to Law Enforcement Processing | ICO

Internal document – Staff Action Card which advises staff that, if they are approached by the police for patient information, they should refer the request to the Legal Services Team for consideration. The action card does not contain any substantive guidance on disclosure decision-making and is essentially a signposting document.  Please click on link to access document – 3337-Action Card – Police requests

Requests from the police are considered by Legal Services on a case-by-case basis and assessed against the relevant legal framework, national guidance and the Trust’s existing Information Governance and Confidentiality policies. Those policies are publicly available on our website – Policies & Procedures > Glos Health & Care NHS Foundation Trust.

The Trust does not hold any specific policies, procedures, guidance documents, protocols, frameworks, or standard operating procedures dedicated solely to the handling of police DP1 forms or disclosures of personal data to the police/law enforcement agencies.

You asked:

5. Caldicott Guardian involvement in external disclosures

Our response:

The Caldicott Guardian isn’t involved in external requests for disclosures other than external requests that are related to health records.

You asked:

6. Information governance procedures relating to law-enforcement requests

Our response:

The Trust does not hold any specific procedure dedicated solely to the handling of police DP1 forms or disclosures of personal data to the police / law enforcement agencies.  All police requests / law-enforcement requests are handled / assessed and processed by the Trust’s Legal Services Department.

You asked:

7. Complaints procedures relating to information governance or data-sharing concerns

Our response:

All complaints relating to information governance or data sharing concerns are either signposted to the Head of HR, Complaints Department, the Data Protection Officer (DPO) or sign posted to the Information Commissioners Office as appropriate.

You asked:

8. Staff conduct on social media platforms

Our response:

Please click on link to access the Trusts Social Media Policy:  Social media policy – v4

The below is posted on the Trusts internal website for all staff.

Social media advice and reminders

Many of us use social media to keep in touch with friends, colleagues, family members and professional contacts.

Many of us use social media to keep in touch with friends, colleagues, family members and professional contacts.

Social media can be a great way of keeping up to date with the latest news and information. However, at times social media can cause issues for people who work in the public sector, as occasionally people air their grievances online and look at personal profiles, sharing information inappropriately.

The Trust takes action to report posts when appropriate and we also work with other organisations, including the police, when we believe offences may have been committed. However, social media platforms do not always take action to remove posts, so it’s advisable to take steps to maintain your own privacy which may help to minimise any unwelcome attention.

Maintaining your privacy on social media

Some tips for maintaining your privacy include:

  • Consider whether you want to use your full name on social media. You could use your first name and middle name, or a maiden name if this is relevant. Please avoid using fake names, however, as you may fall foul of the platform’s policies.
  • If you want to keep your account more private, be cautious about using a profile photo as this can sometimes appear in internet searches, even when you have privacy settings in place.
  • Check your social media settings. On Facebook you can see how others view your profile by carrying out a privacy check up. Click on your photo, then go into ‘settings’ and ‘privacy’ and you can control who can send friend requests, who can view your posts and who can view other information. Other social media platforms have similar checks in place.

Social Media Policy

If a colleague identifies their association with the Trust or their role in the work of the Trust, it is important to ensure that all personal social media activity is consistent with the Trust’s values and policies and to all relevant standards of behaviour and professional codes of conduct which may apply.

The Trust’s Social Media Policy can be found here: Social Media Policy – Interact (ghc.nhs.uk)

Key points for colleagues to remember are that you must:

  • act in the best interests of service users and carers
  • demonstrate respect and maintain the dignity of colleagues and other organisations that they have contact with in the course of their work-related duties.  Derogatory or negative social media comments about colleagues, even if made outside of work time, may be in breach of the Trust Dignity at Work Policy
  • respect and maintain the confidentiality of service users and carers
  • not post any sensitive or confidential information about a service user, carer or colleague, such as information about their health or personal life
  • keep high standards of personal and ethical conduct
  • avoid making spurious or malicious comments about individuals or organisations
  • Identify your relationship with the Trust when making comments about the Trust
  • not use an alias when discussing the Trust, which can mislead people about their connection with the organisation
  • behave with honesty and integrity and make sure that their behaviour does not damage the public’s confidence in them, their profession or professional colleagues, the Trust or other organisations with which the Trust works
  • clearly state that all opinions are their own
  • abide by all relevant professional codes of conduct
  • notify the Trust Secretary, their line manager, HR Manager or any senior manager of any information that they see in a public forum that raises concerns because it appears to contain sensitive or confidential information
  • ensure that they don’t breach any Trust policies
  • not reveal any information pertaining to Trust systems, processes, internal structures or Intellectual property unless explicitly authorised to do so by a relevant manager and within their professional role.

Professional bodies also publish their own social media guidelines. These are as follows:

For more information about the support provided by the Communications team, visit: Communications – Interact (ghc.nhs.uk)

You asked:

9. Online professionalism and online communications involving members of the public

Our response:

Please click on link to access the Trusts Social Media Policy:  Social media policy – v4

You asked:

10. Bullying, harassment, dignity at work, or inappropriate staff conduct

Our response:

Please click on links below to access the Trusts Respect and Dignity documents held:

Respect and Dignity at Work

Respect and Dignity at Work Action Card

You asked:

11. Communications or reputational guidance applicable to staff use of social media.

Our response:

Please click on link to access the Trusts Social Media Policy:  Social media policy – v4

You asked:

12. Please also provide copies of any guidance, templates, checklists or decision-making frameworks used by staff when assessing requests for disclosure from police forces.

Our response:

The Trust follows the Information Commission’s Office (ICO) guidance on law enforcement processing, please click on the following link for more information: Guide to Law Enforcement Processing | ICO

Next steps:

Should you have any queries in relation to our response, please do not hesitate to contact us. If you are unhappy with the response you have received in relation to your request and wish to ask us to review our response, you should write to:

Louise Moss
Head of Legal Services / Associate Director of Corporate Governance
c/o Gloucestershire Health and Care NHS Foundation Trust
Edward Jenner Court
1010 Pioneer Avenue
Gloucester Business Park
Brockworth, GL3 4AW
E-mail: louise.moss@ghc.nhs.uk

If you are not content with the outcome of any review, you may apply directly to the Information Commissioner’s Office (ICO) for further advice/guidance. Generally, the ICO will not consider your case unless you have exhausted your enquiries with the Trust which should include considering the use of the Trust’s formal complaints procedure. The ICO can be contacted at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.