This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.

The CAG precedent set review pathway

Last updated on 20 Oct 2020

The Confidentiality Advisory Group precedent set review pathway has been developed to enable a more timely review process for applications that share the same issues as previous applications that have been reviewed by CAG.

If your application falls into one of the agreed precedent set categories your application will be processed under this pathway. The categories describe commonly-arising situations which have been identified and discussed at meetings of the CAG, where the expertise of a broad range of members is applied to the establishment of precedent advice.  

To apply under the pathway you will need to:

  • Read the guidance on this page carefully
  • Call the Confidentiality Advice Team (CAT) via 0207 104 8100 to book your slot at the next available precedent set meeting.
  • Refer to the precedent set categories and state the relevant category for your application at the time of booking.
  • Apply using the standard CAG application form

The Confidentiality Advice Team will screen the application to ensure that it is suitable for the precedent review pathway, and may ask for further information before confirming the review pathway.

If your application falls outside of the scope of the precedent set sub-committee, it will be directed to the standard review pathway (a meeting of the CAG).

Applications are reviewed in correspondence within 30 days of the date that an application is confirmed valid, on or after the submission date for the meeting. (The 30 day review period only begins on the submission date, regardless of whether a valid application was submitted prior to this date). Our customer charter sets out the standards you can expect from us in more detail. 


To be reviewed through the precedent set pathway your application should:

  • Fit within one of the precedent categories and should not raise any new or significant concerns or risks related to confidentiality, scope, purpose, methodology or governance.
  • Have a clearly defined exit strategy: a plan to remove the need for ongoing Section 251 support.
  • Have REC approval.
  • Provide security assurances – these are always required for any organisation processing identifiable data. Specific guidance is provided within the categories to help you to determine which organisation should provide the assurance.
  • Where the category specifies that data should be anonymised, this cannot include the following information: date of birth, date of death, postcode. See the ICO guidance on anonymisation for further information.
  • Not fall within any of the exclusion criteria.

Exclusion Criteria

Applications meeting any of the following criteria will be excluded from review by the precedent set sub-committee and considered at a full CAG meeting:

  1. Access to information about mental health, sexual health, learning disabilities, potential abuse, social care data and/or prison populations.
  2. Applications involving access to free text, except for the following categories where an exception can be applied:

    a) Applications submitted under precedent set category 3 (‘where applicants are accessing data onsite to extract anonymised data), where the data in question will be extracted from medical notes at a GP surgery. or

    b) Applications submitted under precedent set category 10 (incidental disclosure made to an applicant who is observing practices and procedures in health and social care’). 

    These exceptions will only apply where access to free text is time-limited, and no free text will be removed from the site.

  3. The establishment of a national database or one with a higher risk due to the quantity of information to be held and/or the information security arrangements to be implemented.
  4. Prospective data collections where consent is not intended to be sought.
  5. Seeking access to, or linkage with, the Human Fertilisation and Embryology Authority research register, genetic information or non-health data.
  6. The transfer of confidential patient information outside of the European Economic Area (EEA), or to organisations who intend to use the information for commercial purposes
  7. Projects where support is requested indefinitely without a specified exit strategy.


The potential outcomes are the same as for the standard review process, with the exception of the following:

  • Escalation to meeting of the CAG – this will occur if it becomes clear to the sub-committee that one of the exclusion criteria is met (if not immediately apparent at initial assessment stage), or that the application involves more complex issues than those initially identified. Applicants will be kept informed of the reasons for escalation and given the opportunity to provide more information before the application is considered at the meeting.

Precedent Set Review Pathway

Once a category is added to the precedent set pathway, responsibility for the review of applications falling within that category is delegated to the precedent set sub-committee of the CAG. The sub-committee consists of two members and one CAG official (chair, vice chair or alternate vice chair). 


Back to confidentiality advisory group