Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Slides:



Advertisements
Similar presentations
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Advertisements

The data retention directive: data protection aspects Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040.
Confidentiality & Records Management. What is Information Governance? What is Records Management?
The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child
Data Protection.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection and Records Management
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
IS Audit Function Knowledge
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
Data Protection for Church of Scotland Congregations
The Information Commissioner’s Office David Evans.
Copyright of SFMKeddie - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M Keddie - the Data Compliance Centre
Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
L, E & P ISSUES1 Follow up on PSP: The PSP is about QUALITY - numerous measures are used - with the obvious commitments to data collection. One of the.
The Data Protection Act 1998 The Eight Principles.
Information Governance Policies. Business Support and Corporate Information Resources Team… Working to create a knowledge led organisation Information.
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
ISO/IEC 27001:2013 Annex A.8 Asset management
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Data protection—training materials [Name and details of speaker]
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998
Accountability & Structured Privacy Management
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Level 2 Diploma in Customer Service
Issues of personal data protection in scientific research
Presentation to GTMC on GDPR
General Data Protection Regulation
Data Protection Act.
GDPR Overview Gydeline – October 2017
The Data Protection Act 1998
Data Protection Legislation
GDPR Overview GDPR - General Data Protection Regulations
GDPR Overview Gydeline – October 2017
GENERAL DATA PROTECTION REGULATION (GDPR)
6 Principles of the GDPR and SQL Provision
The General Data Protection Regulation (GDPR)
Move this to online module slides 11-56
G.D.P.R General Data Protection Regulations
The Public Sector Equality Duty
Current Privacy Issues That May Affect Your Credit Union
General Data Protection Regulation
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
The Public Sector Equality Duty
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Presentation transcript:

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M Keddie

Property of Common Sense Privacy - all rights reserved THE ROLE OF IT AND THE IT PROFESSIONAL IN DATA PROTECTION 1987 Data Protection manager IT security manager/administrator 1980’s onwards shift in management of system development Business area orientated responsibilities User role in Project management Service Level Agreements 2005 Data Processor

Property of Common Sense Privacy - all rights reserved British Computer Society Code of Conduct [Extracts] The Public Interest 1. You shall carry out work with due care and diligence in accordance with the relevant authority’s requirements, and the interests of system users. If your professional judgement is overruled, you shall indicate the likely risks and consequences. 3. You shall have regard to the legitimate rights of third parties …includes..members of the ‘public’ who might be affected by an IS project without their being directly aware of its existence. 4. You shall ensure that within your professional field/s you have knowledge and understanding of relevant legislation, regulations and standards and that you comply with such requirements.

Property of Common Sense Privacy - all rights reserved POLICY GUIDELINES PROCESSES ORGANISATION EDUCATION AND TRAINING MANAGING DATA PROTECTION INVENTORY

Property of Common Sense Privacy - all rights reserved WHAT DOES GOOD DP PRACTICE LOOK LIKE? A clear, complete and relevant policy An inventory of personal data Controls to ensure that data are collected legally Only relevant data and sufficient data are collected Controls to ensure that data are only used in accordance with how they were collected

Property of Common Sense Privacy - all rights reserved WHAT DOES GOOD DP PRACTICE LOOK LIKE? A clear, complete and relevant policy An inventory of personal data Controls to ensure that data are collected legally Only relevant data and sufficient data are collected Controls to ensure that data are only used in accordance with how they were collected Procedures to correct inaccurate data Procedures to delete data when the purpose is completed Procedures to meet requests from individuals to see their data within the legal time limit Staff understand their responsibilities and meet them

Property of Common Sense Privacy - all rights reserved DATA PROTECTION POLICY Access rules reflect lawful use chinese walls within data controller reflecting different purposes compartmentalised access v. hierarchical more than one logical id for some users clear policy on monitoring usage users rights to private use of s, Internet, IT facilities, telephones monitoring usage v content automated monitoring v human surveillance authorisation of specific investigations

Property of Common Sense Privacy - all rights reserved INVENTORY OF PERSONAL DATA Broader base for inventory all automated personal data not just ‘processed by reference’ includes back-ups includes s includes word-processing documents reflects logical business purposes not necessarily technical data relationships - logical map underpinned by technical map reflects business ownership of personal data is not limited to automated data

Property of Common Sense Privacy - all rights reserved CONTROLS - BUILDING COMPLIANT SYSTEMS Project initiation and specification Fair collection - Principle 1 specify which condition[s] in schedules 2 and 3 are being met eg the exact wording if consent is being sought in document in telephone script on web-site the legal obligation which necessitates collection the public function which necessitates the collection

Property of Common Sense Privacy - all rights reserved CONTROLS - BUILDING COMPLIANT SYSTEMS Project initiation and specification Lawful use - Principle 2 ensure internal use reflects the information given to the data subject ensure any intended disclosures to any other legal entity also reflect this information Principle 2 - only obtained for specified and lawful purposes and not further processed in an incompatible manner [ including by an employee or a third-party recipient]

Property of Common Sense Privacy - all rights reserved STORE COLLECT legal entity purposesconsent/objections USE CONTROLS - BUILDING COMPLIANT SYSTEMS

Property of Common Sense Privacy - all rights reserved CONTROLS - BUILDING COMPLIANT SYSTEMS Systems design CRM or discrete data sets controls to reflect multiple purposes and multiple legal entities maintain accuracy record dissent support retention policies

Property of Common Sense Privacy - all rights reserved CONTROLS - BUILDING COMPLIANT SYSTEMS Systems specification and design include reports to produce accessible copies of an individual’s data per legal entity per person explain codes omit clearly exempt material includes - s, archives, back-up, possibly telephone calls don’t give me - screen prints, multiple copies of call logs and e- mails, coded actions

Property of Common Sense Privacy - all rights reserved CONTROLS - BUILDING SECURE SYSTEMS Establish necessary, effective security controls Carry out and document impact assessments - likely harm to an individual of a security breach add control assessments - risk reduction establish joint ownership with business users of control strategy Principle 7 - secured against unauthorised or unlawful processing, accidental loss or destruction, damage

Property of Common Sense Privacy - all rights reserved CONTROLS - MANAGING THE DATA PROCESSOR RELATIONSHIP Data Processor Written statement regarding security controls policy staff training physical, procedural and technical controls Data Controller Part of the procurement process part of the management and audit processes clear documented instructions on processing of personal data

Property of Common Sense Privacy - all rights reserved No covert collection mechanisms place collection information before collection action eg above the submit button in online forms get positive consent eg tick that you have read and accept the privacy information don’t bundle consent to various purposes enable choices to be made on-line opt -in via opt-out shun the passive opt-in - boxes already ticked remember placing personal data on the Internet is world-wide disclosure/ transfer COLLECTION AND DISCLOSURE VIA WEB-SITES

Property of Common Sense Privacy - all rights reserved Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.