This site is currently in beta. We welcome feedback.

Data protection

  1. How we use personal information
  2. How to access your personal information
  3. Ask us a question
  4. National Fraud Initiative
  5. Report a concern

How we use personal information

The Data Protection Act protects your rights in relation to how your personal information is used. Our staff have a duty to keep your personal information secure.

Personal information is any details that identify you, including your:

  • name
  • address
  • date of birth
  • postcode.

We use and share it to run our services.

We have an 5-page privacy notice leaflet which has a summary of how we use personal information across NSS.

Some of our services also publish more detailed information about this on their web pages.

More information about how NHS Scotland uses personal information is in the national factsheet - Confidentiality. How the NHS protects your personal health information.


NSS entry in the Information Commissioner's Register of Data Controllers

To comply with the law, NSS has registered with the Information Commissioner's Office (ICO). Our register entry can be viewed at the Information Commissioner's website.

Search using 'NHS National Services Scotland' in the 'Name' field.


How to access your personal information

You've a right to know whether we hold any information about you and the right to:

  • a copy of it
  • know the reason why we keep it
  • know how we use it
  • know who gave it to us
  • know who we might share it with.

You can access your information, or someone else’s on their behalf.

What you’ll need

To access information you’ll need to submit:

  • copies of 2 documents providing proof of identification and your current address.

These can be your:

  • passport
  • driving licence
  • concessionary travel pass
  • recent utility bill
  • recent bank statement.

The Subject Access Request form has full information on proof of identity documents.

When you’ll get a response

We’ll respond to all requests within 40 days.

If you want to access personal information held about you by other NHS Scotland organisations eg hospitals and GP practices, you need to make a request to them.

More information can be found in the national factsheet - How to see your health records.

Ask us a question

Within NSS, we’ve 2 representatives who make sure we use and share your information safely and who you can contact if you have a question.

They're our Privacy Advisor, who monitor how we use it - and our Caldicott Guardian, a senior person who oversees our policies on the use and sharing of patient information.

Contact our Privacy Advisor

Patricia Ruddy, Privacy Advisor

Phone: 0131 275 6744


Contact our Caldicott Guardian

Professor Marion Bain, Caldicott Guardian

Phone: 0131 275 6325


National Fraud Initiative

Together with other Scottish public sector organisations, we're required to participate in the National Fraud Initiative.

As part of this, we provide staff payroll information for data matching. Data matching involves comparing sets of data, such as the payroll or benefits records of a body against other records held by the same or another body.

Further information about the National Fraud Initiative is available from Audit Scotland.

Report a concern

Got a concern about how we're handling your personal information? Here are your choices on how to report it:

Write to:

NSS Privacy Advisor
Gyle Square
1 South Gyle Crescent
EH12 9EB


If you're unhappy with our response, you can report it to the Information Commissioner's Office.

Information Commissioner’s Office Helpline

Phone: 0303 123 1113

You can also get full details on how to report a concern.