Information Legislation and BU Committees Policy and Committees (Student and Academic Services) and Legal Services July 2011.

Slides:



Advertisements
Similar presentations
IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
Advertisements

The Data Protection Act - an absolute right to ask but a qualified right to receive Maureen H Falconer Senior Policy Officer, ICO CELCIS, Scottish University.
Data Protection Information Management / Jody McKenzie.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
FERPA 102 Helpful Guide for Administrators, Security Contacts and Support Staff Prepared by the Office of the Registrar Student Records: Institutional.
Data Protection.
INDIANA UNIVERSITY OFFICE OF THE VICE PRESIDENT AND GENERAL COUNSEL Indiana Access to Public Records Act (APRA) Training.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Transparency in Public Administration – FOI and EIR
FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of the Registrar.
INTERNET and CODE OF CONDUCT
Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.
Data Protection and Freedom of Information The Warwick Network 12 August 2015 Natalie Snodgrass – Administrative Officer, University Secretary’s Office.
A Clerk’s Guide to Confidential Minutes Ordinary MinutesConfidential Minutes Those present and the person clerking is recorded at the top of the minutes.
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
1 OVERVIEW PRESENTATION FREEDOM OF INFORMATION (SCOTLAND) ACT 2002.
Data Protection for Church of Scotland Congregations
Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.
Practical Information Management
NHS England & Customer Contact Centre FOI Introduction 2013.
1 Freedom of Information (Scotland) Act 2002 A strategic view.
Public rights of access to information Grisilda Ponniah, Corporate Information Governance Manager Mary Elliott, FOI Officer Legal & Democratic Services.
The Freedom of Information and Data Protection Legislation An Overview Ann McKeon November 2014.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Managing Risks Associated With Privacy Alison Baker- Senior Associate Hall & Wilcox 24 November
FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of Academic.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
OPEN UP! Introduction to handling Freedom of Information requests.
Internal Review under the Freedom of Information Law 2007 Carole Excell, FOI Coordinator.
IM NETWORK MEETING 20 TH JULY, 2010 CONSULTATION WITH 3 RD PARTIES.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
ANONYMISATION Research Data Management. c Research Data Management Sensitive Data Sensitive Data is information covering: The racial or ethnic origin.
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.
Awareness Training Seminar Freedom of Information 20 th September 2004.
University Retention Schedule Training. Introduction to the University Retention Schedule.
FREEDOM OF INFORMATION Getting to grips with the Act.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.
Data protection—training materials [Name and details of speaker]
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.
Freedom of Information Act ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.
Freedom of Information Requests. Information Management Framework Access to Information Access to Information Environmental Information Regulations 2004.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Understanding Privacy An Overview of our Responsibilities.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Understanding Privacy An Overview of our Responsibilities.
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
New Data Protection Legislation
ScHARR Bite Size Research Ethics and GDPR: legal requirements for research - what you need to know.
Data Protection and GDPR – An introduction for Baptist Churches
Data Protection principles
Data Protection and You
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Data Protection in a Tutorial Context
Official Information Act 1982 (OIA)
GDPR – General Data Protection Regulation
Understanding Data Protection
The Freedom of Information and Data Protection Legislation An Overview
“Seven-minute Staff Meeting”
ScHARR Bite Size Research Ethics and GDPR: legal requirements for research - what you need to know.
Presentation transcript:

Information Legislation and BU Committees Policy and Committees (Student and Academic Services) and Legal Services July 2011

Introduction Under the terms of the Data Protection Act 1998, the Freedom of Information Act 2000, and the Environmental Information Regulations individuals have legal rights in regard to obtaining information held by the University. The legislation also brings with it certain legal responsibilities and expectations in terms of the publication of information and the protection and processing of personal data.

Warning The seriousness of breaching information legislation cannot be underestimated, and there are reputational and financial consequences, including fines. If in doubt: err on the side of caution and ASK.

Routine Publication of Committee Documentation at BU As detailed within the terms of reference of each committee.

Exempt Committees Rationale: the likely content of the exempt committees relates to individuals and third parties. The principles of good document and records management in terms of information legislation should still be applied and all committee documentation is available on request (exempt information would be removed).

Agendas Is there reserved business (a meeting with students present where there will be discussion of individual students or appointment/employment of individual staff?): –Yes: list reserved business at the end of the agenda. –No: prepare agenda as normal.

Papers Using the committees paper cover sheet each paper should indicate if there are any restrictions on who should see the paper. Papers are not routinely published (apart from for Senate). If an information request is made they will be considered on an individual basis.

Minutes There may be different versions depending on the audience. Name clearly and save accordingly (ensuring appropriate access).

Confirmation of Minutes Minutes are confirmed at the next meeting. The Chair is responsible for deciding the status of information (with guidance from the Clerk/Secretary). Where confirmed non-confidential minutes are routinely published, upon confirmation of the minutes, the Chair should make the following statement “In line with University policy, the confirmed non-confidential minutes will be made publicly available on the portal”. If any member objects to the publication of the confirmed non-confidential minutes, the Policy and Committees Manager should be consulted prior to publication (Legal Services can also advise further).

Publication of Minutes Confirmed non-confidential minutes only as per the terms of reference. In PDF format. On the appropriate page of the portal Contact IT for assistance with the portal.

What is Redaction? Redaction means to remove by cutting out. Information Commissioner’s Office (ICO) guidance on best practice: –Deletions in MS Word can be reversed if a document is sent electronically so always PDF documents (using Adobe Acrobat writer). –Or scan and save as an image file. –Note: if text is blacked out with marker pen it can remain legible when photocopied.

How to Redact Information 3.Project Update 3.1The Head of Department informed the Committee that the project was progressing well. 3.2[Confidential minute] To be used where the whole paragraph is redacted 3.3The Project Sponsor will provide a report on progress at the next meeting. 4. Update on the IT Strategy 4.1The Head of IT reported that the amount budgeted for new equipment for academic session 2010/11 is £[confidential minute]. Further information will be presented at the next meeting of the committee. To be used where small amounts of text are redacted

What should be Redacted? The FOI Publication Scheme allows us to remove “material that is properly considered to be private”. There are more than twenty exemptions in the Freedom of Information Act. Six exemptions are highlighted in the University context.

1. Personal Data Personal data means information about any identifiable living individual. It includes factual information but also any expression of opinion about the person and any indications of the intentions of the University or anyone else in relation to that person. General rule - personal data about staff, students or third parties should NOT appear in minutes for publication on the portal. If in doubt leave it out and seek further advice.

Personal Data - Practical Application This does not prevent the minutes from recording a list of attendees at a meeting or action points of attendees, or (if necessary) their views provided that it has been made clear that the minutes will be published to the world. “Sensitive personal data” must be handled with caution and should never appear in minutes, that is information about an individual’s: –racial/ethnic origins; –political opinions; –religious beliefs or other beliefs of a similar nature; –trade union membership; –physical/mental health or condition; –sexual life; –commission/alleged commission of an offence; and –proceedings relating to offences/alleged offences.

2. Prejudice to Commercial Interests This exemption applies to information, the release of which would be detrimental to commercial interests. Information is exempt if it constitutes a trade secret or if disclosure is likely to prejudice the commercial interests of the University or any other person. For example: –Would it cause the University to pay a higher price for something? –Would it damage the University’s bargaining position in current negotiations? –There must be a significant risk of harm rather than a remote possibility. –The “public interest” test applies.

3. Information Provided in Confidence Was the information provided by a person or organisation outside the University? If yes, redact if: –The information is not in the public domain; –The University does not have permission to publish; –The originator has told us that it is confidential; or –A reasonable person would assume that permission should be obtained before it is made available.

4. Danger to Health and Safety Cases are likely to be rare. Other universities have applied this to information about researchers involved in animal experiments.

5. Legal Professional Privilege Entitled to redact: –Discussion of legal advice provided to the University.

6. Prejudice to the Effective Conduct of Public Affairs Information is exempt if, in the reasonable opinion of the Vice-Chancellor, disclosure of the information would or would be likely to inhibit: (1) the free and frank provision of advice; or (2) the free and frank exchange of views for the purpose of deliberation; or (3) would otherwise prejudice, or be likely otherwise to prejudice, the effective conduct of public affairs. For (1) and (2) there has to be a real risk of inhibition. An example of (3) may include the ability to protect our IT system from hackers. The “public interest” test applies.

Public Interest Test For information – information should be redacted from minutes as per the exemptions above and the public interest test would be applied by Legal Services should an information request be received. “The public interest test involves considering the circumstances of each case in relation to the exemption that covers the information. You must release the information unless the public interest in maintaining the exemption outweighs the public interest in releasing it.” Information Commissioner’s Office

Confidential Status Just because information is classified as confidential does not mean it will always be regarded as such. If the University receives a Freedom of Information request regarding a particular issue or a subject access request from an individual under the Data Protection Act, it may be required to disclose information in accordance with statutory obligations.

Document Management Principles Retain one final complete record of a committee meeting (delete all previous drafts/versions). Store in an appropriate place in the I drive with a clear naming convention. Keep operational matters separately. Adhere to retention schedules. Be aware that notes (even post-it notes), s, etc. relating to a topic can be subject to an FOI request.

Resources BU Freedom of Information website Information Commissioner’s Office BU Committee Guidance 2010/11

Contacts Legal Services: Michelle Goodbody (Legal Services Support Officer) Committee queries (Policy and Committees, Student and Academic Services): To be confirmed (Policy and Committees Manager) Geoff Rayment (Committee Clerk)