2.3 Caldicott Guardian


Caldicott Guardians were introduced in 1997 following concerns about the use of patient identifiable information in health agencies. In particular, the government felt that despite the introduction of the Data Protection Act in 1984, patient information was not sufficiently secure. Caldicott Guardians have responsibility to ensure that patient identifiable information is safeguarded. Given the increasing partnership working between health and social care, the Caldicott Guardian arrangements were also implemented in local authorities with social care responsibilities, several years later.


A Caldicott Guardian is therefore appointed in each NHS or social care organisation and has specific responsibilities to oversee information sharing in the organisation in relation to patient and service user identifiable information - to ensure that it takes place in accordance with the data protection principles as set out in this chapter.


The six Caldicott principles are:

  1. Justify the purpose of every proposed use or transfer;
  2. Don't do it unless it is absolutely necessary;
  3. Use the minimum necessary;
  4. Access to the information should be on a strict need to know basis;
  5. Everyone with access to it should be aware of their responsibilities;
  6. Understand and comply with the law.

The Caldicott Guardian is not there to prevent information sharing between health and social care organisations, but is there to make sure that this is done in a way which safeguards people's rights to privacy and confidentiality, and in accordance with data protection principles.

lscb-logo 01273 481544
wsscb-logo 0330 222 5296
bhlscb-logo 01273 292379

This page is correct as printed on Friday 20th of July 2018 02:28:24 PM please refer back to this website ( for updates.