Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Slides:



Advertisements
Similar presentations
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Advertisements

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
The Data Protection (Jersey) Law 2005.
Data Protection.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Training at Ministry of Industry, Commerce and Consumer Protection Presented By: Mrs Dodah Pravina Mr Dookee Padaruth Date : 11 September 2014 Explaining.
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
Data Protection Act. Lesson Objectives To understand the data protection act.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Legal Framework Can you work out which slide each bullet point should go on?!
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
The Information Commissioner’s Office David Evans.
Research Paper Presentation Software Engineering in agent systems.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.
The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
The Data Protection Act [1998]
The Data Protection Act - Confidentiality and Associated Problems.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Information Systems Unit 3.
Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
What is the Data Protection Act (DPA)? 1998 The Data Protection Act 1998 seeks to strike a balance between the rights of individuals and the sometimes.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
DATA PROTECTION ACT DATA PROTECTION ACT  Gives rights to data subjects (i.e. people who have data stored about them on a computer)  Information.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Data protection—training materials [Name and details of speaker]
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Data Protection and Freedom of Information. Objectives Describe the main points of the Data Protection Act 1998 and Freedom of Information Act 2000 Illustrate.
Data protection act. During the second half of the 20th century, businesses, organisations and the government began using computers to store information.
The Data Protection Act 1998
The Data Protection Act 1998
Making the Connection ISO Master Class An Overview.
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Level 2 Diploma in Customer Service
General Data Protection Regulation
Data Protection Act.
The Data Protection Act 1998
Data Protection Legislation
Data Protection & Freedom of Information- An Introduction
G.D.P.R General Data Protection Regulations
Data Protection principles
Legal and Ethical Issues
General Data Protection Regulations 2018
What is the Data Protection Act (DPA)? 1998
Handling information 14 Standard.
Presentation transcript:

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal Compliance) Information Security

Is about ISO Websites Data Protection Act Freedom of Information Act Case studies What does this mean for you?

Information Security is about: Confidentiality: protecting information from unauthorised access and disclosure Integrity: safeguarding the accuracy and completeness of information and processing methods Availability: ensuring that information and associated services are available to authorised users when required

ISO In addition, the Deputy Registrar’s Office is consulting on the Information Security Policy 2008/2009 which contains procedures/guidance on areas such as : –Data retention –Anti-virus protection –Password best practice This is due to be considered by the Information Policy and Strategy Committee (IPSC) in June 2009

Websites – or go/infosecurity – or go/governance

Data Protection The Data Protection Act 1998 “An Act to make new provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.” Personal Data Includes “any personal information about an individual from whom you are collecting or utilising..data, the compromise, loss or theft of which could cause distress or harm to that individual” (DWP) How it should be processed 1.Personal data shall be processed fairly and lawfully 2.Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3.Personal data shall be adequate, relevant and not excessive 4.Personal data shall be accurate and, where necessary, kept up to date. 5.Personal data processed shall not be kept for longer than is necessary 6.Personal data shall be processed in accordance with the rights of data subjects 7.Appropriate technical and organisational measures shall be taken to ensure the security of the information 8.Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Ref: go/governance

Freedom of Information Act The Freedom of Information Act 2000 gives the general right to request any information held by public authorities Freedom of Information (FOI) requests must be in writing, with contact details, but a request does not need to state that it falls under the FOI Act The University of Warwick is obliged to respond within 20 working days, once the nature of the request is established, unless an exemption applies University will have general duty to advise and assist, but can refuse on certain grounds, e.g. commercial sensitivity, breach of security, vexatious etc FOI requests should be referred to the Deputy Registrar’s Office for action Ref: go/governance

Case Studies In December 2007 Norwich Union Life was fined £1.26 million by the FSA for ‘not having effective systems and controls in place to protect customers’ confidential information’ HM Government ‘Managing Information Risk’ In May 2008 the Information Commissioners' Office was given powers to fine organisations that lose personal data. In the worse case scenario the fines could run into millions. The Guardian In March 2007 TK Maxx had 45.7 million credit and debit cards details stolen over an18 month period. As well as financial data, thieves were able to copy customer's personal information including names, addresses driving licence and other identification data. If PCI DSS had been in force they would have lost their ability to process debit/credit information. BBC

What does this mean for you ? Our network and the Internet were designed to share not protect information Greater awareness of how data should be stored, processed and transmitted (in paper and electronic form). Understand the DPA and PCI DSS Know how to deal with FOI and DPA requests Be aware of the consequences of non-compliance Information Security is everyone’s responsibility. Please take ownership of the data you collect.

Contacts Duncan Woodhouse Tel: ext Web:go/infosecurity Helen Wollerton Tel: ext Web: go/governance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.