Caldicott Guardian

Find out more about the role of Caldicott Guardian

The purpose of the Caldicott Guardian originated from the 1997 Report produced by the Caldicott Committee and chaired by Fiona Caldicott which dealt with the use of Patient Identifiable Information held by NHS organisations. 

The idea of a Guardian was to have in each NHS organisation a senior person responsible for the oversight of the arrangements in that organisation for the use and sharing of clinical information.

Subsequent work extended the requirement in 2002 to appoint Guardians into Councils with Social Services responsibilities (Local Authority Circular LAC 2002/2).

In 2005, an elected body was created made up of Caldicott Guardians from organisations involved in the provision of health and social care services in the United Kingdom.

It was set up to facilitate the sharing of good confidentiality practice and the promotion of a national approach to confidentiality and information sharing.

A Caldicott Guardian Manual first published in 1999 (revised in 2006, 2010, and 2017) provides further details of the role and function.


Seven principles relating to data handling and use were established on which the role was to be based:

  • Justify the purpose(s)
  • Don't use personal confidential data unless it is absolutely necessary
  • Use the minimum necessary personal confidential data
  • Access to personal confidential data should be on a strict need to know basis
  • Everyone with access to personal confidential data should be made aware of their responsibilities
  • Comply with the law
  • The duty to share information can be as important as the duty to protect confidentiality 

Who Should Perform the Role?

The person best equipped to be the Caldicott Guardian should fit one or more of these requirements:

  • Be a senior person within the Councils social care management team,
  • Be a senior social care professional
  • Have the responsibility for promoting information governance within the organisation

The current Caldicott Guardian can be contacted by email.

The Role of the Caldicott Guardian

The Caldicott Guardian acts as a conscience in matters of data confidentiality and sharing. They work as part of a broader Information Governance function within the Council.

The key responsibilities of the Caldicott Guardian are:

Strategy and Governance:

To act as a champion for data confidentiality at Directorate Management level and as part of an organisations Information Governance Board.

To provide confidentiality and data protection expertise:

To develop a knowledge of confidentiality and data protection matters including links with external sources of advice and guidance.

Internal Information Processing:

To ensure that confidentiality issues are appropriately reflected in organisational strategies, policies and working procedures for staff.

Information Sharing:

To oversee all arrangements, protocols and procedures where confidential social care information may be shared with external bodies including disclosur​es to other public sector agencies and other outside interests.