Data Protection Session This Presentation provides guidance on existing policies that outline the council’s current position in regard to information security and data handling

Background – why this session? As an organisation Information Security is something that is taken seriously On a day to day basis social care services deal with highly sensitive and confidential information, this puts you at more risk of a possible data breach, due to the nature of your work

Data Breaches A neighbouring authority have previously had occurrences where personal and sensitive data has been shared inappropriately and illegally One of these incurred a fine from the ICO of £80,000, with subsequent fines being anywhere up to £500,000 ICO - Information Commissioners Office and it is the UK’s independent authority set up to uphold information rights in the public interest promoting openness by public bodies and data privacy for individuals

Printer mistake led to information being sent to wrong recipient Plymouth City Council fined £60,000 by the ICO The information included “highly sensitive” personal information about two parents and four children A social worker used a printer which lead to papers being mixed up and the information being sent to another family An independent audit determined human error as the cause, as well as a failure in the “levels of checks in order to ensure the documents were being sent to the correct recipient”

ICO Verdict “It would be too easy to consider this is a simple human error. The reality is that this incident happened because not enough care was being taken within the organisation when handling vulnerable people’s sensitive information. The distress this incident will have caused the people involved is obvious, and the penalty we have issued today reflects that.” As well as fines, people have been dismissed from placements for data breaches involving inappropriate disclosure and access of information

What steps can you take to reduce the risk of breach? Follow any action plans/processes that have been put in place by your team, e.g: Address checking. Private and confidential Protective Marking. Checking content of email / letter are correct. If you are sending any High Risk Information double check the details are correct.

Steps to Take, continued Do not store anything on your laptop, i.e. My Documents or Desktop – If you need to use the desktop to save a document for a visit make sure that it is deleted as soon as possible and make the documents anonymous until saved onto the network. Only look up information on Mosaic for cases relevant to you. You will be challenged on any inappropriate access.

Steps to Take, continued Keep your desk clear of any sensitive or confidential information when you are not using it. Carry out one task at a time, if you try to complete multiple tasks, involving sending letters to different families / organisations these can get mixed up. If you are in any doubt that something is not right do not send the information, until you have checked it is correct.

Follow the action plans put in place by your team. Keep data secure. Summary Follow the action plans put in place by your team. Keep data secure. Double check any High Risk information before sending. Do not store data on your desktop. Carry out one task at a time. If you have any doubts over accuracy, check them. If you are unsure, seek advice. Disciplinary action may be taken if users fail to observe core Data Security guidelines.

IT’S OUR RESPONSIBILITY We need customer and employee personal data to run our business successfully. We are trusted to look after this essential information. Each and every student social worker has a responsibility to comply with the appropriate Data Protection Laws. Think Privacy.