The Department of Health response to the Caldicott 2 Review contains an expectation that organisations across health and social care strengthen their leadership on information governance through ensuring that Caldicott Guardians, Senior Information Risk Owners and appropriate information governance staff are in place, trained and have time to focus on information governance.  Under the approved arrangements, the IG Lead is accountable for ensuring effective management, accountability, compliance and assurance for all aspects of IG.

The key tasks of an IG Lead include:

• Developing and maintaining the currency of comprehensive and appropriate documentation that demonstrates commitment to and ownership of IG responsibilities, e.g. an overarching high-level strategy document supported by corporate and/or directorate policies and procedures
• Ensuring that there is top level awareness and support for IG resourcing and implementation of improvements
• Providing direction in formulating, establishing and promoting IG policies
• Establishing working groups, if necessary, to co-ordinate the activities of staff given IG responsibilities and progress initiatives
• Ensuring annual assessments using the DSPT and audits of DSPT policies and arrangements are carried out, documented and reported, in line with the requirements of the NHS Standard Contract;
• Ensuring that the annual assessment and improvement plans are prepared for approval by the senior level of management, e.g. the board or senior management team, in a timely manner. For example, for NHS Trusts, sign off may be scheduled in advance of the end of financial year submission on the 31 March each year
• Ensuring that the approach to information handling is communicated to all staff and made available to the public
• Ensuring that information governance staff understand the need to support the safe sharing of personal confidential data for direct care, as well as the need to protect individuals’ confidentiality
• Ensuring that appropriate training is made available to all staff and completed as necessary to support their duties. For NHS organisations, this will need to be in line with the mandate for all staff to be trained annually and should take into account the findings of The National Data Guardian review: “Recommendations to improve security of health and care information and ensure people can make informed choices about how their data is used”, and the government’s response to the review. 
• Liaising with other committees, working groups and programme boards in order to promote and integrate IG standards
• Monitoring information handling activities to ensure compliance with law and guidance
• Providing a focal point for the resolution and/or discussion of IG issues