The December 1997 Caldicott Report (named for its author Dame Fiona Caldicott) identified weaknesses in the way parts of NHS handled confidential patient data. The report made several recommendations, one of which was the appointment of Caldicott guardians, members of staff with a responsibility to ensure patient data is kept secure:
Recommendation 3: A senior person should be nominated in each NHS organisation, including the Department of Health and associated agencies, to act as a "guardian". The "guardian" should normally be a senior health professional or be closely supported by such a person. The NHS IM&T Security Manual (Section 18.4) requires each organisation to designate a senior medical officer to oversee all procedures affecting access to person-identifiable health data. This role and that of the "guardian" may be combined, providing there is no conflict of interest. The Department of Health should take the development of this role forward in partnership with interested parties.
It is now a requirement for every NHS organisation to have a Caldicott guardian. The Guardians are responsible for ensuring that their organisation adheres to the Caldicott principles.