DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,

Slides:



Advertisements
Similar presentations
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Advertisements

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
MAKING SENSE OF IT:- WHAT IS DATA PROTECTION? Presented by the Data Protection Commissioner (Mrs D. Madhub) To the Truth and Justice Commission on
Data Protection Information Management / Jody McKenzie.
The Data Protection (Jersey) Law 2005.
Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection and Records Management
Training at Ministry of Industry, Commerce and Consumer Protection Presented By: Mrs Dodah Pravina Mr Dookee Padaruth Date : 11 September 2014 Explaining.
Data Protection Act Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
The Information Commissioner’s Office David Evans.
Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.
The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
The Data Protection Act - Confidentiality and Associated Problems.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
BTEC ICT Legal Issues Data Protection Act (1998) Computer Misuse Act (1990) Freedom of Information Act (2000)
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
DATA PROTECTION ACT 2002 The Basics Balance the rights of an individual with an organisation’s legitimate need to process personal data Promote openness.
DATA PROTECTION ACT (DPA). WHAT IS THE DATA PROTECTION ACT?  The Data Protection Act The Data Protection Act (DPA) gives individuals the right.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Data protection—training materials [Name and details of speaker]
Practical implications of the Data Protection Bill By John Robinson Data Protection Co-Ordinator South Bucks NHS Trust.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Understanding Privacy An Overview of our Responsibilities.
Data Protection and Freedom of Information. Objectives Describe the main points of the Data Protection Act 1998 and Freedom of Information Act 2000 Illustrate.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Understanding Privacy An Overview of our Responsibilities.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
The Data Protection Act 1998
The Data Protection Act 1998
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Level 2 Diploma in Customer Service
Data Protection The Current Regime
General Data Protection Regulation
The Data Protection Act 1998
Data Protection Legislation
GDPR Overview GDPR - General Data Protection Regulations
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
The General Data Protection Regulation (GDPR)
G.D.P.R General Data Protection Regulations
Data Protection principles
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Presentation transcript:

DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual, the data subject, and which Is being processed by computer or other automatic equipment; or is recorded with the intention that it should be so processed; Forms part of a relevant filing system or accessible record. Based upon 8 Principles for processing personal data

DATA PROTECTION PRINCIPLES Conditions for processing – Schedule 2 Consent. Contractual. Legal obligations. Person’s vital interests. Administration of justice. Functions of Crown or Government Dept. In the public interest. Legitimate interests of the University. 1.PERSONAL DATA SHALL BE PROCESSED FAIRLY AND LAWFULLY. Fair Processing Code Identity of the data controller Identity of any nominated representative Purposes for which the data are to be processed Any further information necessary to enable the processing to be fair; e.g. likely recipients, retention period.

DATA PROTECTION PRINCIPLES Sensitive Personal Data racial or ethnic origin political opinions, religious or other beliefs, trade union membership, physical or mental health, sexual life, offences, or alleged offences Criminal offences / previous convictions Conditions for processing – Schedule 3  Explicit consent  Employment law obligations  Vital interests of the data subject  Some not for profit organisations  Information made public by the data subject  Legal Rights of the data subject  Public functions (admin of justice)  Medical purposes  Racial equality monitoring 1.PERSONAL DATA SHALL BE PROCESSED FAIRLY AND LAWFULLY.

DATA PROTECTION PRINCIPLES 2.Personal data shall be obtained only for specified and lawful purposes, and shall not be further processed in any manner incompatible with those purposes.

DATA PROTECTION PRINCIPLES 3.Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed.

DATA PROTECTION PRINCIPLES 4.Personal data shall be accurate, and where necessary, kept up to date.

DATA PROTECTION PRINCIPLES 5.Personal data shall not be kept for longer than is necessary, for the purposes for which it is being processed.

DATA PROTECTION PRINCIPLES 6.Personal data shall be processed in accordance with the rights of data subjects under this Act.

DATA PROTECTION PRINCIPLES 7.Appropriate security measures shall be taken against the unauthorised or unlawful processing, accidental loss, destruction, or damage of personal data.

DATA PROTECTION PRINCIPLES 8.Personal data shall not be transferred outside the EEA unless that country / territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

INDIVIDUALS RIGHTS 1.Right of subject access 2.Right to prevent processing likely to cause damage or distress 3.Right to prevent processing for the purposes of direct marketing 4.Rights in relation to automated decision-taking 5.Right to take action for compensation if the individual suffers damage by any contravention of the Act by the university 6.Right to take action to rectify, block, erase or destroy inaccurate data 7.Right to make a request to the Commissioner for an assessment to be made as to whether any provision of the Act has been contravened

EXEMPTIONS Confidential references given by the University Management forecasts/management planning Negotiations Examination scripts Examination marks Research, History and Statistics Special purposes exemption  the purposes of journalism,  artistic purposes,  literary purposes

OFFENCES UNDER THE ACT Processing without notification Failure to notify Commissioner of changes to a register entry Failure to comply with written request for particulars Failure to comply with Commissioner Notices Making a false statement in compliance with a notice Intentional obstruction / failure to give reasonable assistance in the execution of a warrant Unlawful obtaining of personal data Unlawful selling of personal data Enforced subject access

DISCLOSURE Data may be legitimately disclosed only i)where the individual has given their consent, ii) where the disclosure is in the legitimate interests of the institution, iii) where the institution is legally obliged to disclose the data, iv) where the disclosure of data is required for the performance of a contract, v) where specific exemptions for disclosure without consent apply

DISCLOSURE WITHOUT CONSENT Certain disclosures are permitted under the Data Protection Act 1998 provided one or more of the following criteria are met: For the purpose of safeguarding national security, For the purpose of preventing or detecting crime For the assessment or collection of tax or duty, To discharge regulatory functions, For the purpose of preventing serious harm to a third party For the purpose of protecting the vital interests of the individual Requests relating to disclosure without consent (including enquiries from the police) should be supported by the appropriate paperwork and referred to the Data Protection Co-ordinator)

DISCLOSURE Telephone Requests. Requests for information from within the University. Requests for information from outside the University. Action when disclosure is refused. Siting of Computer Terminals Clear Desk Policy

DISCLOSURE - SUMMARY Treat all personal data with care Ensure consent has been provided, unless consent is not required If in doubt do not disclose, always ask for advice Do not provide information over the telephone Ask that requests for information are submitted in writing/by fax Keep notes of what has been disclosed and to whom Wilful disclosure of personal information will treated as a disciplinary offence

IMPLEMENTING THE DPA Departmental Responsibilities

All personal data being processed within the department complies with the Data Protection Act 1998, the University’s Data Protection Policy and is included in the University’s official Data Protection Notification. An annual audit of the personal data within the department is carried out and recorded. All contractor’s, agents and other non-permanent university staff used by the department, are aware of and comply with, the Data Protection Act 1998 and the University’s Data Protection Policy.

Departmental Responsibilities That all forms and correspondence used by the department to request personal data, clearly state –the purposes for which the information is to be used, –the period of time it is to retained, and –to whom it is likely to be disclosed. All personal data held within the department is kept securely and is disposed off in a safe and secure manner when no longer needed.

IMPLEMENTING THE DPA Staff Responsibilities

Personal data which they provide in connection with their employment is accurate and up-to-date, and that they inform the University of any errors, corrections or changes, for example, change of address, marital status, etc. That personal data relating to living individuals is processed in accordance with the Data Protection Act 1998 & the University’s data protection policy. Personal data relating to living individuals is not disclosed either orally or in writing, accidentally or otherwise, to any unauthorised third party. Unauthorised disclosure may be considered a disciplinary matter. When supervising students who are processing personal data, that those students are aware of the Data Protection Principles, and the University’s Data Protection Policy.

UNIVERSITY’S RESPONSE Create post of Data Protection Co-ordinator Establish Taskforce –Produce a personal information strategy –Conduct an Audit of Personal Information Systems –Create policies and procedures to ensure compliance with the 1998 Act –Create a Data Protection Web Site

Queen’s University Draft Data Protection Policy Introduction –Compliance Commitment / Policy Statement –Data Protection Principles –Definitions Notification –Notification Process –Subject access to the University ’ s official notification –Updating of official notification

Queen’s University Draft Data Protection Policy Security –General Principles –Responsibilities School / Departmental Responsibilities Staff Responsibilities Student Responsibilities –Disposal Policy For Personal Data –Retention Policy For Personal Data –Processing & Disclosure of Personal Data & Sensitive Data –Incoming and Internal Mail –Contractors, Short-Term And Voluntary Staff –Transfer Of Data Overseas

Queen’s University Draft Data Protection Policy Data Subject Rights & Access To Personal Data –How to make a subject access request, Subject Access Fee Transitional Provisions –Implications of Transitional Provisions on access to personal data Good Practice –Guidelines On Going Revision –On going evaluation –Staff training –Web Site

Queen’s Draft Data Protection Policy Appendices 1.Official University Data Protection Notification 2.University Key Post Holders 3.University Information Security Policy and Related Procedures 4.Disposal Policy – Required Procedures 5.Retention Policy – Retention Periods 6.Good Practice Guidelines ResearchReferences Exam Marks / ScriptsAlumni sWorld Wide Web

FURTHER INFORMATION University data protection web pages On line version of Data Protection Act Data Protection Commissioner’s web site Code of Practice for Higher Education General Briefing Paper for Higher Education on 1998 Act

QUESTIONS