6.2. Data Security and Protection Toolkit staff awareness questions

This list of questions can be used in local training materials or incorporated into local e-learning solutions.

Health and care organisations are encouraged to conduct staff awareness surveys to gauge staff understanding of data security.  

The following statements can be incorporated into training programmes as "agree" or "disagree" questions.  Not all of these statements are seeking an 'agree' response.


Question 1, Leadership: I feel data security and protection are important for my organisation.

Question 2, Polices: I know the rules about who I share data with and how.

Question 3, Policies: I know who to ask questions about data security in my organisation.

Question 4, Use of Data: I am happy data is used legally and securely in my organisation.

Question 5, Sharing data securely: I know how to use and transmit data securely.

Question 6, Using data legally and securely: I feel that patient confidentiality is more important than sharing information for individual care.

Question 7, Processes: The tools and processes used by my organisation make it easy to use and transmit data securely.

Question 8, Raising concern: I can raise concerns about unsecure or unlawful uses of data, and I know that these will be acted on without personal recrimination.

Question 9, Laws and principles: I understand the important laws and principles on data sharing, and when I should and should not share data.

Question 10, Data sharing questions: If I have a question about sharing data lawfully and securely I know where to seek help.

Question 11, Personal responsibility: I take personal responsibility for handling data securely.

Question 12, Training: The data security training offered by my organisation supports me in understanding how to use data lawfully and securely.

Question 13, Access to information: The level of access I have to IT systems holding sensitive information, is appropriate.

Question 14, Reporting: I know how to report a data security breach.

Question 15, Incidents: When there is a data security incident my organisation works quickly to address it.

Question 16, Learning Lessons: When there is a data security incident, or near miss, my organisation learns lessons and makes changes to prevent it happening again.

Question 17 Contingency plan: If a data security incident was to prevent technology from working in my organisation, I know how to continue doing the critical parts of my job.