Practical Information Management

Slides:



Advertisements
Similar presentations
Introduction to Information Governance (IG)
Advertisements

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training
Confidentiality & Records Management. What is Information Governance? What is Records Management?
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
FERPA 102 Helpful Guide for Administrators, Security Contacts and Support Staff Prepared by the Office of the Registrar Student Records: Institutional.
Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Information Governance
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
FERPA The Family Educational Rights and Privacy Act.
Data Protection Recruitment Process
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
Data Protection Act. Lesson Objectives To understand the data protection act.
Data Protection for Church of Scotland Congregations
Implementation of Security and Confidentiality in GP Practices.
Health & Social Care Apprenticeships & Diploma
HIPAA PRIVACY AND SECURITY AWARENESS.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Data Protection, Freedom of Information and Information/Records Management.
Privacy and Information Management ICT Guidelines.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
OPEN UP! Introduction to handling Freedom of Information requests.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.
Introduction to Information Governance (IG) Mark Scallan – Head of IG/Data Protection Officer Angela Kaye – IG Officer.
INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.
Data Protection and research Rachael Maguire Records Manager.
Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
HIPAA Training. What information is considered PHI (Protected Health Information)  Dates- Birthdays, Dates of Admission and Discharge, Date of Death.
Understanding Privacy An Overview of our Responsibilities.
HIPAA Privacy What Every Staff Member Needs to Know.
Information Governance A refresher for all staff who have previously gone through the full course.
Data Protection and Confidentiality
Data Protection Session
GENERAL DATA PROTECTION REGULATION (GDPR)
GDPR and Health and Safety
G.D.P.R General Data Protection Regulations
The new data protection rules
Data Protection principles
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
D3 Confidentiality.
Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit
Information management and communication
HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.
Understanding Data Protection
Move this to online module slides 11-56
Handling Information Securely
GDPR what do we need to do?
Privacy and Security Basics Training
Presentation transcript:

Practical Information Management Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to http://www.microsoft.com/smallbusiness/resources/technology/business-software/presenting-with-powerpoint-10-dos-and-donts.aspx#PresentingwithPowerPointdosanddonts

Privacy Notice (Principle 1 & 2) In general terms, a privacy notice should state: the purpose or purposes for which you intend to process the information; and any extra information you need to give individuals in the circumstances to enable you to process the information fairly.

Information Security (Principle 7) Policy Statement: Northamptonshire County Council will ensure its information assets are protected and that the personal data we process is secured at all times Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to http://www.microsoft.com/smallbusiness/resources/technology/business-software/presenting-with-powerpoint-10-dos-and-donts.aspx#PresentingwithPowerPointdosanddonts

Protective Marking Scheme Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to http://www.microsoft.com/smallbusiness/resources/technology/business-software/presenting-with-powerpoint-10-dos-and-donts.aspx#PresentingwithPowerPointdosanddonts

Why is information security important?- Some examples Croydon Council has been handed a penalty of £100,000 after a bag containing papers relating to the care of a child sex abuse victim was stolen from a London pub. The Information Commissioner's Office (ICO) fined Midlothian Council £140,000 for disclosing sensitive personal data about children and their carers to the wrong people on five separate occasions Norfolk County Council has been served with an £80,000 penalty for disclosing information about allegations against a parent and the welfare of their child to the wrong recipient The ICO fined Worcestershire County Council £80,000 for an incident in March 2011 in which a member of staff inadvertently emailed data on a large number of vulnerable individuals to 23 people on the wrong contact list Scottish Borders Council employed an outside company to digitise their pension records, but failed to seek appropriate guarantees on how the personal data would be kept secure. The ICO issued a fine of £250,000 when personal data was found in a supermarket paper recycle bank.

While we have to accept that some incidents will always occur, it is not acceptable where adherence to our policies and guidelines would have prevented the breach

Information Disclosure What is disclosure? Verbally – over the phone or in face to face conversation E-mail Letter Suggestion Loss of devices Mislaid paperwork Before disclosing you should ask yourself: Am I authorised to disclose this information Is the person requesting it entitled to receive it Are there any specific processes for disclosure e.g. redaction of 3rd party data

IT security and the AUP If you are required to use a computer for your job then you will need to comply with the acceptable use policy. If you don’t agree with the policy your access to IT system and services will be withdrawn. You must also comply with the Portable Storage and Devices Policy

Paper files... Should be kept secure Should not be taken out of the office without permission and appropriate risk assessment Should be stored in an appropriate filing system Must not be left unattended if taken off site Should not be kept longer than are necessary

Managing paper files and records (Principle 5) Records created or stored by the Council must be managed in accordance with Council’s Records Management Retention and Disposal schedule. This means that we will not waste valuable space and money in storing information that we no longer need, and will also mean we are not in breach of the Data Protection Act. All filing systems should be designed to ensure that they are accessible and understandable in an emergency situation and relevant information can be located without the need of specialist knowledge Records are therefore those documents that: 1. Ensure the availability of credible, reliable and authoritative evidence to protect the rights of the organisation, its staff, its customers and anyone else affected by its activities; 2. Provide corporate memory so that lapse of time does not affect access to and availability of information; 3. Demonstrate accountability by providing the evidence and information required for any possible internal or external audit or to enable or defend legal challenge; and 4. Demonstrate the delivery of the Council's statutory obligations

Data Protection Act & Information Sharing (principle 1&2) DPA does not prevent the sharing of information but sets some controls over how information should be shared. SORP 7 States: Within the parameters of the law and good practice, we will always share our information where there is a clearly defined purpose for doing so. You colelct infornation for a purpose and tell your clients when you collect what you will use it for through a privacy notice. Often things happend that mean you may want to share that informatioj – the DAP does not prevent this happen – but requires you consider issues before you do so .

Data Protection Act & Information Sharing – The Caldicott Principles Justify the purpose(s) for using patient data Don't use patient-identifiable information unless it is absolutely necessary Use the minimum necessary patient-identifiable information Access to patient-identifiable information should be on a strict need to know basis Everyone should be aware of their responsibilities to maintain confidentiality Understand and comply with the law, in particular the Data Protection Act You colelct infornation for a purpose and tell your clients when you collect what you will use it for through a privacy notice. Often things happend that mean you may want to share that informatioj – the DAP does not prevent this happen – but requires you consider issues before you do so .

Disposal Paper documents containing personal information must be disposed of securely – using the secure bins or shredded You colelct infornation for a purpose and tell your clients when you collect what you will use it for through a privacy notice. Often things happend that mean you may want to share that informatioj – the DAP does not prevent this happen – but requires you consider issues before you do so .

Practical tips to aid compliance (1) Complete the on line training Read the Information Security Policy and seek clarification if you need it. Read SORP 7 Ensure you use strong Passwords – and know the rules around passwords Ensure any personal data you hold is relevant and up to date. Archive properly – know and apply the correct retention periods and destroy when the retention period has passed Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to http://www.microsoft.com/smallbusiness/resources/technology/business-software/presenting-with-powerpoint-10-dos-and-donts.aspx#PresentingwithPowerPointdosanddonts

Practical tips to aid compliance (2) 7. Identify FOIs and SARs and send them to the DP/FOI Team , but be prepared to deal with certain requests under “business as usual” 8. Never give out personal data without verifying the caller is entitled to it. Know what information you have, where it is and how secure it is. Remember – it can be OK to share data- if you are in a receipt of an appropriate request - but seek advice first Be aware of information security in everything you do – would you want your information treated the same way? Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to http://www.microsoft.com/smallbusiness/resources/technology/business-software/presenting-with-powerpoint-10-dos-and-donts.aspx#PresentingwithPowerPointdosanddonts

Any Questions? Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to http://www.microsoft.com/smallbusiness/resources/technology/business-software/presenting-with-powerpoint-10-dos-and-donts.aspx#PresentingwithPowerPointdosanddonts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.