The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

Slides:



Advertisements
Similar presentations
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Advertisements

Data Protection Information Management / Jody McKenzie.
The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child
Data Protection and Records Management
National Smartcard Project Work Package 8 – Information Law Report.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
1 OVERVIEW PRESENTATION FREEDOM OF INFORMATION (SCOTLAND) ACT 2002.
Data Protection for Church of Scotland Congregations
Data Sharing and Good Practice Maureen H Falconer Sr Policy Officer Information Commissioner’s Office.
The Information Commissioner’s Office David Evans.
Bernadette Malone – Chief Executive Perth and Kinross Council and Chair of GIRFEC National Implementation Working Group Alan Small -Information Sharing.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Public rights of access to information Grisilda Ponniah, Corporate Information Governance Manager Mary Elliott, FOI Officer Legal & Democratic Services.
The Data Protection Act 1998 The Eight Principles.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Local Government Reform: Incorporating Planning Functions Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
Sharing Pupil Data North Yorkshire County Council Schools Conference Robert Beane and Louise Jackson.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
Information Sharing Workshop Maureen H Falconer Sr Guidance & Promotions Manager MIS Event Glasgow 13 August 2009.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Data Sharing – Back to Basics Ken Macdonald Assistant Commissioner Information Commissioner’s Office National Community Safety Convention 10 September.
Data Protection for Church of Scotland Congregations.
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
Data Protection and research Rachael Maguire Records Manager.
What is the Data Protection Act (DPA)? 1998 The Data Protection Act 1998 seeks to strike a balance between the rights of individuals and the sometimes.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Data protection—training materials [Name and details of speaker]
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Practical implications of the Data Protection Bill By John Robinson Data Protection Co-Ordinator South Bucks NHS Trust.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Data Protection : A Practical Guide
Data Protection The Current Regime
General Data Protection Regulation
Data Protection Update – GDPR or bust
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
General Data Protection Regulation
Privacy: a work in progress
G.D.P.R General Data Protection Regulations
General Data Protection Regulation
Data Protection principles
Data Protection and You
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulations 2018
Data Protection for SDS Employers Alison Johnston Lead Policy Officer (Scotland) Information Commissioner’s Office.
Presentation transcript:

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010

Contents The Information Commissioner The Data Protection Act The Commissioner’s Powers

The Information Commissioner Appointed by the Crown Independent, but sponsored by the MoJ Period of Office is 5 years Current Commissioner is Christopher Graham (appointed 2009)

The ICO – our organisation Head Office: Wilmslow, Cheshire Regional Offices: Belfast, Cardiff, Edinburgh C 350 Staff (4 in Edinburgh !!)

The ICO – what we regulate Data Protection Act 1998 Privacy & Electronic Communications Regs 2003 Freedom of Information Act 2000 Environmental Information Regulations 2004

The ICO – what we don’t regulate Freedom of Information (Scotland) Act 2002 Environmental Information (Scotland) Regulations 2004 Kevin Dunion The Scottish Information Commissioner

The ICO – what we do Promote the legislation Influence public policy Resolve complaints Maintain the register of data controllers Prosecute offenders

Personal data must be: fairly and lawfully processed processed for specified purposes adequate, relevant and not excessive accurate and up-to-date not kept for longer than is necessary processed in line with individual rights kept secure not transferred to countries without adequate protection The Data Protection Act

Fair and Lawful Processing (1) Vires For example: Local Government (Scotland) Act 1973 Local Government in Scotland Act 2003 Fair Processing Transparency Code of Practice on Privacy Notices (June 2009)

Fair and Lawful Processing (2) Personal Data: Consent Contract Legal obligation Vital interests Public function Legitimate interest of data controller Sensitive Personal Data: Explicit consent Employment law Vital interests Membership of various not-for- profit groups Already in public domain Legal proceedings/advice Public functions Medical purposes Equal Opps Monitoring Substantial public interest (SI2000/417)

S33 - The Research Exemption (1) In this section— “research purposes” includes statistical or historical purposes; “the relevant conditions”, in relation to any processing of personal data, means the conditions— (a) that the data are not processed to support measures or decisions with respect to particular individuals, and (b) that the data are not processed in such a way that substantial damage or substantial distress is, or is likely to be, caused to any data subject.

S33 - The Research Exemption (2) For the purposes of the second data protection principle, the further processing of personal data only for research purposes in compliance with the relevant conditions is not to be regarded as incompatible with the purposes for which they were obtained. (3) Personal data which are processed only for research purposes in compliance with the relevant conditions may, notwithstanding the fifth data protection principle, be kept indefinitely.

S33 - The Research Exemption ( 4) Personal data which are processed only for research purposes are exempt from section 7 if— (a)they are processed in compliance with the relevant conditions, and (b)the results of the research or any resulting statistics are not made available in a form which identifies data subjects or any of them.

S33 - The Research Exemption (5) For the purposes of subsections (2) to (4) personal data are not to be treated as processed otherwise than for research purposes merely because the data are disclosed— (a)to any person, for research purposes only, (b)to the data subject or a person acting on his behalf, (c)at the request, or with the consent, of the data subject or a person acting on his behalf, or (d)in circumstances in which the person making the disclosure has reasonable grounds for believing that the disclosure falls within paragraph (a), (b) or (c).

The DPA – Breaches Failure to comply with the Principles May lead to an investigation by the ICO Serious breaches may result in enforcement action

The DPA – Offences Unlawfully obtaining or disclosing personal data Selling of personal data Failure to notify / notify changes Failure to comply with a Notice from the Commissioner Reckless breach of the data protection principles

How to get it right Speak to your DPO Read the ICO guidance Consult with the ICO Treat others’ personal data as you would your own

Contact details The Information Commissioner’s Office Hanover St EDINBURGH EH2 1DJ

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.