Data Protection What You Need To Know New College Telford, 23 October 2013.

Slides:



Advertisements
Similar presentations
Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.
Advertisements

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Using Information at the University University Secretarys Office
IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.
Introduction to Information Governance (IG)
Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: What You Need to Know.
Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.
Slide 1 Friday, 15 March 2013 Confident in Data Protection Compliance Ayrshire College.
Slide 1 of 16 An Overview of Legal Issues Relating to BCE and pointers to specific legal resources Supporting Professional Development for Engagement:
Confidentiality & Records Management. What is Information Governance? What is Records Management?
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Getting data sharing right for every child
Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.
Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Act. Lesson Objectives To understand the data protection act.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Data Protection webinar: Overview of Data Protection & Confidentiality 22 nd April 2015 Welcome. We’re just making the last few preparations for the webinar.
Practical Information Management
Handling information 14 Standard.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Public rights of access to information Grisilda Ponniah, Corporate Information Governance Manager Mary Elliott, FOI Officer Legal & Democratic Services.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Information Systems Unit 3.
Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.
Data Protection and research Rachael Maguire Records Manager.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
The EU General Data Protection Regulation Frank Rankin.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Data protection—training materials [Name and details of speaker]
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 7 EMPLOYMENT CONTRACTS & CODES OF CONDUCT.
Understanding Privacy An Overview of our Responsibilities.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
Information Governance A refresher for all staff who have previously gone through the full course.
Data protection and data sharing
Data Protection The Current Regime
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
GDPR Overview Gydeline – October 2017
GDPR Overview Gydeline – October 2017
New Data Protection Legislation
GDPR and Health and Safety
G.D.P.R General Data Protection Regulations
Data Protection and GDPR – An introduction for Baptist Churches
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Information management and communication
Data protection and data sharing
General Data Protection Regulations 2018
The Freedom of Information and Data Protection Legislation An Overview
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

Data Protection What You Need To Know New College Telford, 23 October 2013

2 Hello! Jason Miles-Campbell JISC Legal Service Manager

3 About JISC Legal Role: to avoid legal issues becoming a barrier to the use of technology in tertiary education Information service: we cannot take decisions for you when you are faced with a risk

Slide 3 of 28

Law, ICT and Data Protection jiscleg.al/DataProtection

Common Scenarios A parent requests information on son’s progress Police request information on one of your students A tutor asks to see a reference supplied by her supervisor An employer requests information on an employee’s attendance Personal details of a student disclosed in confidence appear on FB A staff mobile phone containing sensitive data is lost Internal sharing of data amongst staff External sharing of data - ALL have DP compliance implications

Why Comply? 1.It’s the law 2.Good business practice 3.Sets a good example 4.Confidence 5.Risk (ID theft)

When it comes to data protection... 1.I’m confident 2.I’ve a fair idea 3.I dabble 4.I ask others 5.I hide in the toilet

Recent Headlines Serious Data Protection Risks for App Users Unencrypted Devices Pose ‘Unnecessary Risk’ for Sensitive Data Think Before You Tweet or Risk Arrest Teacher in FB Meltdown University Sends Personal Data to Wrong Recipient University Breaches DPA by Disclosing Personal Data on Website Negligent Employees and Contractors Cause 36% of UK Data Breaches Duplicate Password Use by School Leads to data breach FB Comments Result in sacking

10 Data Protection Law Data Protection Act 1998 Information Commissioner ( Other relevant law: Freedom of Information Act 2000 Privacy and Electronic Communications Regs 2003 Protection of Freedoms Act 2012

11 Data Protection Essentials “Data protection..regimes…do not seek to protect data itself,... they seek to provide the individual with a degree of control over the use of their personal data” “data privacy regimes do not seek to cut off the flow of data, merely to see that it is collected and used in a responsible and, above all, accountable, fashion” Source: DP Code of Practice for FE and HE i.e. Data Protection law does not prevent using and sharing personal data but.. ICO power to impose fines direct for serious security breaches

Understanding Your Duties Data Subject Data Controller Data Processor Processing

NCT contracts with Help4U to produce pay slips. Unfortunately, Help4U send the payslips to the wrong recipients. Who is liable? 1.The college as data controller 2.The processor as they caused the error 3.Both the data controller and the processor 4.Neither

What is Personal Data? Any information which relates to an identified or identifiable person Living persons Must be significant biographical information which affects privacy Sensitive personal data

Which of the following is likely to be covered by the DPA? 1.a deceased staff member’s account 2.numerals to identify students in a VLE 3.documents relating to a disciplinary matter 4.‘John Smith’ on a post it on a monitor

The 8 Data Protection Principles – key to compliance 1.fair and lawful 2.limited purposes 3.adequate, relevant and not excessive 4.accurate and current 5.not kept longer than necessary 6.respect the rights of the individual 7.appropriate security 8.transfer outside EEA needs adequate protection

17 Fair Processing… and Lawful Processing A processing notice – transparency Weighing up interests v privacy Would you be happy?

Lawful Processing and Lawful Processing To process, a Schedule 2 condition must be met: Consent Legitimate interest of the data controller Fulfilment of a contractual obligation More stringent conditions for ‘sensitive’ personal data 18

One of these is fair and lawful. Which? 19 1.The college releases details on student attendance to a parent 2.The college collects name and contact details of all students 3.A tutor puts personal details of a student on his Facebook account

A college keeps all s for 10 years. Is this in line with the DPA? 20 1.Yes 2.No 3.Might be 4.Not sure

New College Telford should give out information about students and staff to other organisations 21 1.Never 2.Rarely 3.Freely upon request 4.Only when the person gives permission 5.Only when a senior manager authorises it

Information can be shared freely internally (between staff) within your organisation 1.True 2.False 3.Not sure 22

When handling personal data in your role consider: 1.Purpose: what data do you hold and why are you collecting personal data? 2.Fairness: is the reason fair to the data subject? 3.Transparency: does the data subject know about it? 4.Security: is there an appropriate level of security? Important Points…

Some Scenarios…….. Over to you

1.Supply it - nothing wrong in doing this 2.Supply it – learner is under 18 3.Withhold it as he should never access it 4.Withhold it until you have consent A father asks for information on his son’s progress. Do you…

1.Supply it because it’s the police 2.Supply it only when you know what it’s for and think it is relevant information to the investigation 3.Never supply it The police arrive at reception asking for a student’s address, his record of attendance and whether he is currently in class. What should you do?

1.Password protection and encryption 2.None as kept on campus 3.It depends on the type of information What security should be on devices holding personal data?

1.Copy them on to a USB memory stick to take with you 2.Use your own laptop or tablet after consulting IT, checking policy and ensuring security 3. them to your webmail 4.Log into and save to the college network from home You want to finish student profile reports at home. What do you do?

1.The College is liable for the breach 2.There is no liability, it was an accident, not deliberate 3.The member of staff is liable not the college A member of staff clicks the wrong group and sends personal info about a student’s health to other students instead of relevant tutors. Who is liable?

Where the DP policy is, how to access it and its contents Have awareness of DP and how it may affect students, staff etc. That what you’re doing is covered by the data protection notice to students, staff etc. How to store/share personal information on and off campus How to keep personal information secure (mobiles, social networking) Where to get help What should you know?

Sources of Help Your institution’s DP officer Your institutional policies and procedures and (code of

Questions? ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.