Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Slides:



Advertisements
Similar presentations
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Advertisements

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
The Data Protection Act - an absolute right to ask but a qualified right to receive Maureen H Falconer Senior Policy Officer, ICO CELCIS, Scottish University.
The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child
Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection and Records Management
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The Data Protection Act
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Data Sharing and Good Practice Maureen H Falconer Sr Policy Officer Information Commissioner’s Office.
The Information Commissioner’s Office David Evans.
Bernadette Malone – Chief Executive Perth and Kinross Council and Chair of GIRFEC National Implementation Working Group Alan Small -Information Sharing.
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
The Data Protection Act - Confidentiality and Associated Problems.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
The Data Protection Act 1998
Data Protection – The Essentials Alison Johnston Lead Policy Officer - Scotland Information Commissioner’s Office.
Data Protection and Confidentiality
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Issues of personal data protection in scientific research
Data Protection The Current Regime
General Data Protection Regulation
Museums + Heritage webinar, 30 November 2017
The Data Protection Act 1998
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
Privacy: a work in progress
G.D.P.R General Data Protection Regulations
Data Protection principles
Data Protection and You
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Data Protection for SDS Employers Alison Johnston Lead Policy Officer (Scotland) Information Commissioner’s Office.
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Presentation transcript:

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014

An international act… “We've got a piece of legislation called the Data Protection Act. It's UK legislation but I feel certain that you must have something similar in Scotland.” A high street financial institution

A balancing act… “Whereas data-processing systems are designed to serve man; whereas they must, whatever the nationality or residence of natural persons, respect their fundamental rights and freedoms, notably the right to privacy, and contribute to economic and social progress, trade expansion and the well-being of individuals” Recital 2, European Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data

What is personal data? Personal data relate to a living individual who can be identified from those data and/or other information and includes opinions and intentions of the data controller or any other person in respect of the individual.

What is sensitive personal data? Sensitive personal data relate to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sexual life and criminal activity.

What records are covered? Electronic  Data  Texts  Images  Recordings Manual records  Intention of being automated  Structured filing system  Unstructured records – public bodies

The 8 Data Protection Principles 1.Processed fairly and lawfully 2.Obtained only for one or more specified lawful purposes 3.Adequate, relevant and not excessive 4.Accurate and, where necessary, kept up to date 5.Kept for no longer than is necessary 6.Processed in accordance with individuals’ rights 7.Subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing, or the accidental loss, destruction, or damage to, personal data 8.Only transferred to a country or territory outside the EEA where adequate levels of protection for the rights and freedoms of individuals in relation to the processing of personal data can be ensured Personal information must be…

Lawful – conditions for processing Personal data  Consent  Contract  Legal obligation  Vital interests  Administration of justice  Public function in the public interest  Legitimate interests of the data controller and third party but not prejudicial to individual Sensitive data  Explicit consent  Employment law  Vital interests  Not-for-profit TU/religious/ political/philosophical groups  Put in public domain by the individual  Legal proceedings/advice  Functions under enactment  Anti-fraud activity  Medical purposes  Equal opps monitoring  Substantial public interest (SI 2000/417)

Lawful – conditions for processing Personal data  Consent  Contract  Legal obligation  Vital interests  Administration of justice  Public function in the public interest  Legitimate interests of the data controller and third party but not prejudicial to individual Sensitive data  Explicit consent  Employment law  Vital interests  Not-for-profit TU/religious/ political/philosophical groups  Put in public domain by the individual  Legal proceedings/advice  Functions under enactment  Anti-fraud activity  Medical purposes  Equal opps monitoring  Substantial public interest (SI 2000/417)

Additional conditions (SI 2000/417)  The processing is in the substantial public interest  Must be carried out without explicit consent so as not to prejudice the purpose or function 1.Necessary for the detection or prevention of any unlawful act (or failure to act) 2.Necessary for a function designed to protect the public against a.dishonesty, malpractice, serious improper conduct, incompetence or unfitness of any person, or b.Mismanagement in the administration of, or failures in services provided by, any body or association

Crime and investigations Section 29: Crime and taxation exemption  Purpose: detecting or preventing a crime  Exempt from giving fair processing information and giving information in response to a SAR to the extent to which provision would be likely to prejudice the investigation  You can share intelligence that may help detect or prevent a crime on a need-to-know basis

 ICO required by law to produce  Approved by Secretary of State and UK Parliament  Not following Code is not necessarily a DPA breach  Provides ‘good practice’ advice  Admissible in court proceedings  Poses questions you need to answer Data Sharing Code of Practice

Putting it into practice Clear policies, guidance and procedures Staff training – initial and refresher Clear lines of escalation and decision making Audit trails, and audit the audit trails Work with appropriate people in your organisation – data protection specialists, lawyers, internal audit Take account of professional standards in handling personal information Appropriate contacts in other organisations

Key points  Data protection is a framework, not a barrier  Lawful, proportionate and relevant information sharing only  Right information to the right people at the right time  Be prepared – know the legal basis, and have an audit trail  How would you want your information to be treated?  What harm is likely to result from not sharing?

Scotland Office: 45 Melville Street Edinburgh EH3 7HL T: E: Subscribe to our e-newsletter at or find us Keep in touch /iconews