Information governance – CQC have now included a new kloe/prompt under well-led

W2.8 How does the service assure itself that it has robust arrangements (including appropriate internal and external validation) to ensure the security, availability, sharing and integrity of confidential data, and records and data management systems, in line with data security standards? Are lessons learned when there are data security breaches?