Data Protection Act 1998 Presentation for Redbridge LSCB Board & Sub Group Members, 2017 provided by LB Redbridge Information Governance.

Slides:



Advertisements
Similar presentations
Data Protection Information Management / Jody McKenzie.
Advertisements

The Data Protection (Jersey) Law 2005.
Data Protection.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Practical Information Management
Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.
The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.
Data Protection for Church of Scotland Congregations.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
DATA PROTECTION ACT (DPA). WHAT IS THE DATA PROTECTION ACT?  The Data Protection Act The Data Protection Act (DPA) gives individuals the right.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Data protection act. During the second half of the 20th century, businesses, organisations and the government began using computers to store information.
General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998
Education Update Data Protection
The Data Protection Act 1998
Making the Connection ISO Master Class An Overview.
Data Protection and Confidentiality
Level 2 Diploma in Customer Service
Issues of personal data protection in scientific research
IT Applications Theory Slideshows
Data Protection The Current Regime
General Data Protection Regulation
The Data Protection Act 1998
Data Protection Legislation
GDPR Road map to Compliance.
Understanding the issues related to the use of information
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
The General Data Protection Regulation (GDPR)
New Data Protection Legislation
G.D.P.R General Data Protection Regulations
Data Protection and Running a Compliant Pub Watch SCHeme
General Data Protection Regulation
Data Protection principles
Data Protection and You
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
General Data Protection Regulations 2018
Understanding Data Protection
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Handling information 14 Standard.
Presentation transcript:

Data Protection Act 1998 Presentation for Redbridge LSCB Board & Sub Group Members, 2017 provided by LB Redbridge Information Governance

Presentation overview If you handle personal data in your job it is essential that you are aware of the Data Protection Act and the impact this has on how you carry out your job. This requirement also applies to any information that you may be provided with in relation to your role as partner agency representative on the LSCB or one of its Sub Groups. This presentation for Board and Sub Group members outlines: Good practice in handling data Your obligations under the Data Protection Act How to avoid breaches of the Data Protection Act This presentation does not replace any mandatory training provided by your employing organisation. It should be viewed as part of your induction into the Board or a Sub Group and then revisited as necessary.

Why do we need to protect personal data? It is the law. Good information handling supports compliance with the Data Protection Act and we all have a duty of care to ensure that we handle service users data appropriately. Examples of prosecutions under the Act: Norfolk County Council were fined £60,000 after social work case files were discovered in a cabinet purchased by a member of the public from a second hand shop. The case files included information relating to seven children. Greater Manchester Police was find £150,000 after three DVDs containing footage of interviews with victims of violent got lost in the post. A former NHS administrator was personally fined for unlawfully accessing two patient’s medical records, causing them distress.

Why do we need to protect personal data? Organisations that have lost personal data have been fined by the Information Commissioner. The Information Commissioner's Office (ICO) can currently impose a monetary penalty of up to £500,000 for data breaches. EU data protection regulations propose increased penalties to come into force in the not too distant future. Under the new General Data Protection legislation coming into force next year the fines will increase to £20 million or 4% of a company's global annual turnover.  A data breach can cause individuals whose data has been compromised distress and can lead to loss of trust in an organisation and can be expensive to put right. 

The Data Protection Act The purposes of the Data Protection Act are: To ensure that there are controls on the way information is handled To give rights to those who have information stored about them. The Data Protection Act: Sets out rules that people have to follow regarding protecting data Outlines the powers of the Information Commissioner in order to enforce the rules.

The Data Protection Act Personal data is any information that can be linked to a living person and/or that can be used to identify them, such as a national insurance number.  It also includes information provided by customers in application or claims forms.  Opinions, as well as facts, about people can be personal information too.  Some personal data is regarded as 'sensitive', for example ethnic origin, health data. Sensitive personal data must be processed more carefully with respect to the purposes for which it is collected and who will have access to that information. 

The Data Protection Act Processing What the Act covers The Data Protection Act covers all processing of personal data and sensitive personal data by a data controller. Personal Data Sensitive Personal Data Data Controller

The Data Protection Act Processing Processing includes: The purpose of processing must be made clear and specific to the data subject. Obtaining Disclosing Organising Merging Recording Deleting Holding Destroying Altering Retrieving Using information. Personal Data Sensitive Personal Data Data Controller

The Data Protection Act Processing Personal data means data which relates to a living individual (the data subject) who can be identified from those data or from those data and other information which is in the possession of the Council. It also includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Information provided to LSCB members is usually statistical and/or anonymized. Personal data should not be included in any reports presented to the LSCB. Personal Data Sensitive Personal Data Data Controller

The Data Protection Act Sensitive personal data is personal data relating to: A person's racial or ethnic origin Their political opinion Their religious beliefs or other beliefs of a similar nature Their membership of a trade union Their physical or mental health or condition Their sexual life Their commission or alleged commission of an offence and any proceedings for an offence. Information provided to LSCB members is usually statistical and/or anonymized. Sensitive personal data should not be included in any reports presented to the LSCB. Processing Personal Data Sensitive Personal Data Data Controller

The Data Protection Act Processing Data Controller means the person or organisation who determines how information will be used and for what purpose. If you do not already know who your Data Controller is, you should take the opportunity to find this out. Personal Data Sensitive Personal Data Data Controller

Data Protection Principles The way that personal information is held and used is set out in the eight Data Protection Principles which are summarised below. 1st Principle Data should be processed fairly & lawfully 2nd Principle Data should be used only for specified and lawful purposes 3rd Principle Data should be adequate, relevant and not excessive 4th Principle Data should be accurate and up to date 5th Principle Data should not be kept for longer than necessary 6th Principle Data should be processed in accordance with the data subject's rights 7th Principle Data must be kept securely 8th Principle Data should not be transferred to another country without adequate protection

Data Protection Principles Main principles to be aware of: There are three main principles that you need to be particularly aware of - these are the 4th, 6th & 7th. The numbers on the right reveal a summary of what each principle requires you to do. Remember, if you have any questions, ask your Line Manager or the Information Governance Manager Data should be accurate and up to date The Fourth Principle states that personal data should be accurate and kept up to date. This will require out of date and inaccurate information to be removed and or updated. It is necessary to ensure that incorrect information is not recorded about a data subject. An individual may ask for incorrect information about them to be amended, in which case, considered and appropriate action should be taken.

Data Protection Principles Main principles to be aware of: There are three main principles that you need to be particularly aware of - these are the 4th, 6th & 7th. The numbers on the right reveal a summary of what each principle requires you to do. Remember, if you have any questions, ask your Line Manager or the Information Governance Manager. Data should be processed in accordance with the data subject's rights The Sixth Principle states that personal data must be processed in accordance with the data subjects rights. An Individual has a right to access information that is held about them. This is called a Subject Access request. This will also enable him or her to check that the information held about them is accurate. The Council have Guidance and a Procedure in place for dealing with Subject Access Requests. Speak to your line manager promptly if you receive a Subject Access Request or a request to amend personal data.

Data Protection Principles Main principles to be aware of There are three main principles that you need to be particularly aware of - these are the 4th, 6th & 7th. The numbers on the right reveal a summary of what each principle requires you to do. Remember, if you have any questions, ask your Line Manager or the Information Governance Manager. Data must be kept securely The Seventh Principle states that personal data must be kept secure. This means….. Measures appropriate to the nature of the data, must be taken to safeguard against the unauthorised or unlawful processing of personal data. Measures must be taken against the accidental loss, destruction or damage to personal data. Any loss of data or Council devices (phones, tablets, USB/CDs) MUST be PROMPTLY reported to your line Manager or the Information Governance Manager!

Disclosures of Information There are a number of situations where you may need to disclose information to another organisation. The 4 text boxes below to see examples of where you may disclose information: Consent Where the data subject has given their consent Where one of the exemptions within the Data Protection Act applies that allow a data controller to disclose information for certain purposes. Exemptions Court Order or statutory requirements Where we are ordered by a Court to disclose information, under other legislation. Section 115 allows relevant authorities (including local authorities) to disclose information where necessary for the purposes prevention and reduction of crime/anti-social behavior. . Crime and Disorder Act

Disclosures of Information Disclosure checks Prior to disclosing personal data you should: Check that the person asking for the information is who they say they are Seek proof of identity Remember access to personal information is always on a 'need to know' basis.. Relatives, police officers, Councillors, MPs and solicitors do not have an automatic right of access to any personal data. If the information is to be given to a third party, the person giving the information must be sure that the third party is properly identified, and authorised to receive the data. If you have any doubts regarding disclosure, contact your Line Manager or your organisations Information Governance Manager. NB: Individuals to have a right to see data held by an organisation about them via a Subject Access Request (SAR).

Your duties Responsibilities: The Data Protection Principles require individuals to be responsible for ensuring that: All personal data held in any form is kept securely at all times, especially when out and about Personal data is not disclosed improperly or accidentally Personal data is disposed of in a secure manner All personal data is processed in accordance with Data Protection principles. Remember that information can be transferred in a number of ways, including electronically or verbally.

Your duties The Data Protection Act affects every Board & Sub Group member The table below outlines the responsibilities that staff have when dealing with data. Check personal data is used for an authorised purpose A person may be prosecuted for knowingly and recklessly disclosing personal data unlawfully. Ask why the personal data is required if requested by someone else other than the data subject or their representative. Always ask those requesting personal data Store documents and equipment containing personal data securely Ensure that equipment and data is stored securely

Your duties The Data Protection Act affects everyone The table below outlines the responsibilities that staff have when dealing with data: Information Security breaches Ensure that any loss of personal data or equipment are reported to your line manager promptly. Confidential paperwork Ensure that all confidential paperwork you deal with while carrying out your job is stored securely and disposed of in accordance to your organisation’s procedures.

Unlawful Obtaining of Personal Data Sanctions Offences under the Data Protection Act Unlawful Obtaining of Personal Data It is important that you realise that you could be criminally liable for a breach of the Data Protection Act if you knowingly or recklessly disclose personal information. It is an offence if you: Obtain or disclose personal data without consent of the data controller Obtain data that you are not authorised to have Share personal data with unauthorised persons Sell or offer to sell personal data which has been unlawfully obtained or disclosed.

Summary & Further Information Compliance is largely a combination of good practice and common sense. Data handling can always be improved. Your suggestions for improvements are as valuable as anyone else's so do share. As a partner agency representative on the LSCB, you will have been asked to sign a Partner Agency Agreement which has specific requirements in relation to confidentiality. If you have any queries relating to information provided in your role as a member of the LSCB, contact the LSCB Business Manager. If you are concerned about a possible breach of data protection, contact the LSCB Independent Chair via e-mail with a copy to the LSCB Business Manager. For further information and guidance, refer to your employing organisations policies and procedures relating to information governance and security or view the Government’s Data Protection Act website. For guidance on Information Sharing, see the LSCB website.