Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council.

Slides:

Advertisements

Similar presentations

Auditing, Assurance and Governance in Local Government

Advertisements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.

Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.

Outcomes focused regulation and compliance in practice Peter Scott Peter Scott Consulting

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

Wales Accord on the Sharing of Personal Information (WASPI)

Aust. AM Collaborative Group (AAMCOG) An introduction to ISO “What to do” guide 20th October 2014.

Challenge Questions What outcomes have we achieved?

The Value in Conducting a Privacy Impact Assessment

PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Internal Auditing and Outsourcing

Effectively applying ISO9001:2000 clauses 5 and 8

Safeguarding Adults at Risk in the new commissioning landscape Stephan Brusch Professional Safeguarding Adult Advisor.

G17: Recordkeeping for Business Activities Carried out by Contractors Patrick Power, Manager Government Recordkeeping Programme Archives New Zealand.

Ship Recycling Facility Management System IMO Guideline A.962

Equality and Diversity through Procurement Policy Nick Sullivan Head of Policy and Capability Value Wales.

Commissioning for Sufficiency and Affordability Katy Burch, Commissioning Support Programme.

Privacy Impact Assessment Workshop Maureen H Falconer Sr Guidance & Promotions Manager Scotstat Public Sector Analysts Network 30 September 2010.

Information Sharing December Conwy and Denbighshire Local Service Board Betsi Cadwaladr University Local Health Board Community & Voluntary Support.

Privacy Impact Assessments Iain Bourne, Group Manager, Policy Delivery Information Commissioner’s Office, UK Workshop on data protection and the internet:

Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Guide - Recordkeeping for business activities carried out by contractors Natalie Dewson Senior Advisor Government Recordkeeping Programme Archives New.

SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.

S3: Understanding the Business. Session objective To explain why understanding of the business of the entity is important for the auditor To explain why.

STANDARDS CONFERENCE WALES 2015 WHISTLEBLOWING WORKSHOP Sioned Wyn Davies, Deputy Monitoring Officer, Wrexham County Borough Council Kumi Ariyadasa, Solicitor,

Linking the learning to the National Standards for Safer Better Healthcare Joan Heffernan Inspector Manager Regulation – Healthcare Health Information.

‘A Different Way of Working’ Chairs Presentation 1.

Privacy Act United States Army (Managerial Training)

Blaenau Gwent County Borough Council Social Services CSSIW Performance Evaluation Report 2014–15.

PROTECTING THE INTERESTS OF CONSUMERS OF FINANCIAL SERVICES Role of Supervisory Authorities Keynote Address to the FinCoNet Open Meeting 22 April 2016.

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.

The EU General Data Protection Regulation Frank Rankin.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.

Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.

Information Sharing for Integrated Care A 5 Step Blueprint.

Sharing Personal Information Programme Wales Accord on the Sharing of Personal Information (WASPI) for organisations involved in the protection, safety,

Shared Services and Third Party Assurance: Panel May 19, 2016.

Overview Training for Nottingham’s Commissioning Framework Liz Jones Head of Partnership Policy, NCC Nick Weatherall, Commissioning Officer, NCVS.

Sharing Personal Information Programme Health and Social Care Joint Conference February 2011 David Middleton SPI Branch.

Understanding Privacy An Overview of our Responsibilities.

Tony Sheppard Mobile Guardian

Data Protection Officer’s Overview of the GDPR

Accountability & Structured Privacy Management

Equality and Human Rights Exchange Network

Preparing for a data protection audit 28 September 2017

WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.

Privacy Impact Assessments (PIAs)

GDPR Awareness and Training Workshop

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

INTRODUCTION TO GDPR 19/09/2018.

GDPR - New Data Protection Regulation

The Audit Function.

The Public Sector Equality Duty

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

General Data Protection Regulations 2018

Mandatory Breach Reporting (isn’t *that* bad)

The Public Sector Equality Duty

About EverydayComply A Solution designed to:

Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.

What Governors need to know about GDPR

The ICO: New Powers and Penalties

LCR Local Authority and Merseytravel Apprenticeship Levy Group

General Data Protection Regulation Community Councils

Presentation transcript:

Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council

Myths…….

Key dates…… Criminal Justice and Immigration Act 2008 introduced changes which enabled powers to the Information Commissioner to fine for breaches of the Data Protection Act A report into the “horrifying death” of Baby P in August 2007 was the result of the incompetence of authority staff and serious failures of sharing simple records 2011 The Information Commissioner’s Office published a new statutory code of practice on the sharing of personal data. The code of practice covers best practices for both routine and one-off data sharing activities

Wales Accord Sets out: The process for sharing personal information The relevant legislative powers The information that is shared and with whom The conditions for processing Allowing us to: Comply with the 8 Data Protection principles Comply with the Data Sharing Code

What are the challenges? No single approach to Data Protection governance: -Multiple systems -Different standards for secure electronic sharing -Private sector security Financial pressures -Increased different ways of working, almost inevitably in involving processing of PI -Services focused on savings and not necessarily understanding data security risks -Drive to work in collaborative and shared service arrangements

Governance Appropriate governance structures are an essential element of embedding the WASPI framework within organisations Good Governance: Ownership Boards Reporting Mitigating risks

What are Privacy Impact Assessments A PIA helps assess the risks around the privacy of individuals in the collection, use and disclosure of information and foresee any problems and assist in bringing forward solutions. A PIA will also identify risks to individuals’ privacy together with DP compliance liabilities for the Council.

Scope of Privacy Impact Assessments New projects, programmes or changes to business practices, involving personal data, present a risk to organisations; the use of personal data in new or different ways needs to be assessed to ensure it is compliant with the Data Protection Act.

What is the purpose of a PIA? Identifies data being processed Who will have access to it? - This includes both internally and externally Describe any sharing arrangements Identifies any gaps in any data sharing and enables controls to be effectively put in place to help manage risk

The Cardiff Approach……… PIA Guidance/Template – PIA Board Mandated in project documentation Mandated in procurement contract award processes Reported to Information Security Board Training

The Future General Data Protection Regulation (GDPR) Regional models Increased challenge -Reorganisation -Collaborations -Joined up services

‘Sharing personal information effectively is central to the provision of some of the Council’s key services. Corporate oversight of information sharing developments, particularly in large organisations like ours, is challenging and the measures we have introduced bring controls in this area. We also understood the need to keep trained ISP facilitators engaged and our Information Security Board provides a link to these key individuals and decision makers.’ Dave Parsons Information Governance Manager Cardiff Council