Data protection for commissioners Vicky Cetinkaya, Senior Policy Officer, Strategic Liaison Katie Hanrahan, Lead Auditor, Good Practice 2 July 2015.

Slides:



Advertisements
Similar presentations
Vetting and Barring and the Independent Safeguarding Authority scheme UCET seminar 9 June 2008 Presented by: Peter Swift.
Advertisements

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.
Supporting the education of looked after learners Rob Mills LAC Education Coordinator.
The Post Adoption Support Challenge Hugh Thornbery CEO Adoption UK and Chair of the Adoption Support Fund Expert Advisory Group.
PRIVATE FOSTERING IN BOURNEMOUTH: A MULTI AGENCY APPROACH Presentation to Bournemouth 2026 Sarah Stewart, Team Manager Private Fostering 10 December 2013.
1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.
Data Protection.
BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Data Protection Recruitment Process
Audiences NI Data Protection Workshop
Data Protection for Church of Scotland Congregations
The Heart of the Matter: supporting family contact for fostered children.
Practical Information Management
Handling information 14 Standard.
Early Intervention EYFS Framework Guide. Early intervention The emphasis placed on early intervention strategies – addressing issues early on in a child’s.
Senior Management Team : Children’s Safeguarding and Child Protection Briefing This briefing will cover: What is safeguarding and child protection Policy.
Safeguarding and looked after children Survey of children’s social work practitioners Results for Dudley Metropolitan Borough Council 2010 (Dud ’10) (No.
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
Sharing Pupil Data North Yorkshire County Council Schools Conference Robert Beane and Louise Jackson.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
The Government Recordkeeping Survey 2008 Natalie Dewson, Senior Advisor, Government Recordkeeping Programme, Archives New Zealand.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Information sharing: the view from the ICO Vicky Cetinkaya, Senior Policy Officer, ICO One Staffordshire Information Sharing Protocol launch event Stafford,
SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.
November 2015 Common weaknesses in local authorities judged inadequate under the single inspection framework – a summary.
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
Sharon Hubber (AMA) Linda Richardson Allegations Management Adviser (AMA) Supporting a Safer Workforce 17 th October 2008.
Early Childhood Transition: Effective Approaches for Building and Sustaining State Infrastructure Indiana’s Transition Initiative for Young Children and.
Managing Allegations: The Role of the Local Authority Designated Officer.
Blaenau Gwent County Borough Council Social Services CSSIW Performance Evaluation Report 2014–15.
Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.
Partners in improving local health Slide 1 Information Governance & IT Security in the NHS Ian Davison, Director of Business Information Services Alison.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
“Whole Family Working: Making it Real for Young Carers” The legal rights of young carers: building on our knowledge in the light of new regulations and.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Devon LMC workshop Kai Winterbottom, Group Manager, Good Practice Jonathan Kay, Lead Auditor, Good Practice Maria Dominey, Team Manager, Good Practice.
To Learn & Develop Christine Johnson Lead Nurse Safeguarding (named nurse) - STFT Health Visitors Roles and Responsibilities in Domestic Abuse.
Quality Assurance Lincolnshire County Council Provider Forum Handout 2010.
Managing allegations against adults who work with children Presentation by Steve Tee, LADO - City Elaine Newcombe - Service Manager, Rutland Mark Goddard,
Lone Working – Good Practice Marie Foster Early Years Safeguarding Officer.
Roles and Responsibilities of the IRO. Role and Responsibilities of IRO When consulted about the guidance, children and young people were clear what they.
Child Safe Standards How effective is your leadership team in promoting a child safe culture in your organisation? 2 June 2016.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
Records management for the public sector 8 September 2016 Judith Jones - Group Manager Sue Markey - Senior Policy Officer Government and Society.
Data protection and data sharing
3-MINUTE READ WORKING TOGETHER TO SAFEGUARD CHILDREN.
Data protection for law firms Wednesday 13 July 12pm
Data Protection : A Practical Guide
Data Protection Session
3-MINUTE READ WORKING TOGETHER TO SAFEGUARD CHILDREN.
SEFTON MASH The Decision Making Process of MASH and how the current restructure will affect MASH.
The role of the Designated Safeguarding Lead (DSL)
New Data Protection Legislation
GDPR and Health and Safety
 Introduction Permanency Planning Meetings (PPMs) are held in addition to the Child’s Looked After Review to establish a child’s permanency pathway and.
G.D.P.R General Data Protection Regulations
Data Protection principles
Information for Patients Please return to reception
GDPR (General Data Protection Regulation)
Data protection and data sharing
General Data Protection Regulations 2018
Understanding Data Protection
Presentation transcript:

Data protection for commissioners Vicky Cetinkaya, Senior Policy Officer, Strategic Liaison Katie Hanrahan, Lead Auditor, Good Practice 2 July 2015

The Information Commissioner’s Office

What does the DPA cover? The DPA is concerned with the processing of ‘personal data’. Obligation to comply with the DPA rests with the ‘data controller’. Provides a framework that data controllers processing personal data must comply with.

The eight data protection principles

Background Sector chosen due to significant volumes of SPD - high risk Project initially designed to identify and highlight common problems, themes and issues as well as good practice 20 agencies invited, mainly in NW & London - 10 took part Organisations identified via Consortium for Voluntary Adoption Agencies/BAAF websites or previous ICO contact Follow-up survey of 100 LAs – 17 took part

Typical information & processing Organisations process and retain sensitive personal data relating to foster carers, adoptive parents, looked after children & their families and third parties Information used to assess suitability to foster / adopt Other personal information also used by local authorities and agencies to match carers with children, facilitate placements and assess the success of placements

IFP key findings/issues Insecure exchange of personal data Highly sensitive unencrypted personal information routinely ed between IFPs and local authorities and vice versa. Contributing factors: Local authorities reluctant to deal with encrypted s due to technical concerns. IFPs often send foster carer information without encryption to prevent delays that might jeopardise their commercial relationship with local authorities.

IFP key findings/issues (cont…) Mobile device encryption – Extensive use of unencrypted mobile devices to store / process / transport sensitive personal data. Carer reports/diaries - Processing of information by carers about looked after children on home computers and in the ‘cloud’. Homeworking – Staff using home computers for business purposes and lack of suitable controls. Training - Data protection/information security training is often lacking.

Other findings Passwords controls are not robust Secure printing procedures not widely adopted Endpoint restrictions often not in place Majority did not have data protection/information security policies Only a few had security incident/breach reporting and management procedures Retention and disposal procedures/schedules are not in place or not operating effectively

47% LA survey results Said their employer either didn’t record whether DP/IG policies had been read or they didn’t know

31% LA survey results Received DP/IG refresher training less frequently than every two years – 17% never received it

59% LA survey results Didn’t receive any role-specific DP training

57% LA survey results Never checked manual records out or in

50% LA survey results Potentially hold sensitive personal data of parents deemed unsuitable for placements for longer than necessary 28% retain it indefinitely!

31% LA survey results Either could not accept encrypted s or did not know if they could

Recommendations for LA fostering & adoption teams Encrypt s/attachments containing SPD Anonymise children’s data initially when matching Maintain DP/IG policies; ensure staff read & understand them DP training is timely, monitored, refreshed & role specific Records removed from office are tracked and monitored Retention & disposal schedules for manual & electronic files

£90, Telford & Wrekin Council Foster Care Assessment provided to the wrong family member. Names and address of foster carers provided to mother in Placement Information record.

£70, Norwood Ravenswood Ltd Background reports regarding children in care left on prospective adopter’s door step. Reports disappeared and were not recovered

£90, Devon County Council Social worker printed wrong adoption panel report and sent to a family with no connection to the case Report contained highly SPD concerning a disabled couple whose child was being considered for adoption.

£70, Halton Borough Council Clerical officer sent letter to birth mother containing the name and address of birth parents. Birth grandparents contacted adoptive parents

Undertaking Moray Council Detailed reports relating to adoption of two children plus less detailed reports on other children left in café.

Local authority Enforcement case - no further action Letter containing adoptive parents’ address sent to birth family in error – resulted in family having to be rehoused

Local authority Enforcement case - no further action Adoption report sent to incorrect address as an attachment – it wasn’t encrypted.

Organisational Measures Technical measures Awareness HUMAN ERROR

Summary Consistent findings Support our concerns Improvements necessary Advice and support

How the ICO can help The Guide to data protection Subject access code of practice Data sharing code of practice and checklists Advisory visit outcomes reports

ICO advice and guidance -ICO guidance – -ICO helpline – ICO –

@iconews Keep in touch Subscribe to our e-newsletter at or find us on… /iconews

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.