Internal Audit Data Protection

Slides:



Advertisements
Similar presentations
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Advertisements

Data Protection Information Management / Jody McKenzie.
Getting data sharing right for every child
BC Freedom of Information and Protection of Privacy Act
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
National Smartcard Project Work Package 8 – Information Law Report.
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
2010 Case Study – A Pig of a Day Document Risk Management.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.
The Data Protection Act 1998 The Eight Principles.
Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Sharing Pupil Data North Yorkshire County Council Schools Conference Robert Beane and Louise Jackson.
What is personal data? Personal data is data about an individual which they consider to be private.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
STUDENT JUDICIAL AFFAIRS Balancing the Principals of Natural Justice with Requirements of Privacy Legislation CCSJA March 23, 2006 Harry Davis Deborah.
What Institutional Researchers Should Know about the IRB Susan Thompson Senior Research Analyst Office of Institutional Research Presented at the Texas.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.
Data Protection and research Rachael Maguire Records Manager.
The Freedom of Information Act and UCL Compliance Rosamund Cummings UCL FOI Officer
Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Data protection—training materials [Name and details of speaker]
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
Data protection and data sharing
Data Protection Regulation
Data Protection : A Practical Guide
Data Protection The Current Regime
General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
GDPR Overview Gydeline – October 2017
GDPR Overview GDPR - General Data Protection Regulations
GDPR Overview Gydeline – October 2017
Data Protection & Freedom of Information- An Introduction
Data Protection Reform in Local Government
General Data Protection Regulation
A Gift of Fire Third edition Sara Baase
Appropriate Data Sharing in Health and Social Care
G.D.P.R General Data Protection Regulations
Data Protection principles
A Gift of Fire Third edition Sara Baase
Preparing for the GDPR - What do we need to do if we process children’s personal data? Data Protection Practitioners’ Conference 2018 #DPPC2018.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
GDPR (General Data Protection Regulation)
How we’ll prepare for the General Data Protection Regulation (GDPR)
Data protection and data sharing
Data Protection and Audit
General Data Protection Regulations 2018
The General Data Protection Regulation: Are You Ready?
PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG
GDPR Workshop – Partnerships for Jewish Schools
Presentation transcript:

Internal Audit Data Protection St Helens Council Internal Audit Data Protection

Data Protection The Principles It’s as broad as it can get Act is huge - it is underpinned by 8 guiding principles These are: Our customers should know what information is being collected and why We cant collect data “just in case” - We have a Retention Schedule which ensures we comply with required timescales for both retention and destruction of info We don’t pass on without permission or legislation, someone has the right (for a small fee) to see all the information we hold on them Covered in more detail later It’s not legal to transfer personal data outside the EU without taking appropriate steps to protect it (ie Dropbox, Google docs)

The three most important aspects when sharing data are: Data Protection The three most important aspects when sharing data are: • Making sure you are allowed to share it • Ensuring adequate security (taking into account the nature of the information) is in place to protect it • Providing an outline in a fair processing notice of who receives personal information from the school

Data Protection Important!!!! HM Guidance March 2015 – The DPA is not a barrier to sharing information where the failure to do so would result in a child being placed at risk of harm Outcomes from Rotherham child exploitation Information sharing - Advice for practitioners providing safeguarding services to children, young people, parents and carers March 2015

When Can/should you share Data Protection When Can/should you share Schedule 2 Conditions Consent Functions of a public nature exercised in the public interest (Legislation) Protect the vital interests of the data subject The administration of justice Implied consent Not necessarily under legislation Safeguarding Police/Courts etc but they should request in writing

When Can/should you share Data Protection When Can/should you share Schedule 3 Conditions (Sensitive data) Consent Function conferred under enactment (Legislation) Protect the vital interests of the data subject The administration of justice Explicit consent Requires legislation Safeguarding Police/Courts etc but they should request in writing

Data Protection Secure Sharing Email – When is it secure Post – Recorded or more secure depending on content Fax – Last resort, ensure number/recipient Microsoft 365 to Transport Layered Security Postal system not infallible, be careful with confidential info Faxes being removed from the Council unless no other option. Fax to email options

Fair Processing Notice (Privacy Notice) Data Protection Fair Processing Notice (Privacy Notice) The important thing is what personal information you are collecting and why Control access to personal information mentions the purpose and use of any CCTV and the use you may make of photos of staff and pupils Previously supplied by Council however now responsibility of each School Guidance on ICO website for schools on all matters Be clear/transparent about how you will use the personal information you collect to comply with the first and second principles. Important thing is to tell parents and pupils what personal information you are collecting and why. Mentions purpose and use, unless properly managed, issues can arise from putting identifiable images of pupils on a website/school publication – a form of processing personal data. Fair processing and avoiding unauthorised processing requires you control access, giving it only to people (staff and governors) who need particular information to do their jobs, and only when they need it. This covers access to written/electronic staff and pupil records and recorded CCTV images. Need systems and procedures in place to control access to paper and electronic records containing personal information.

Other Issues to consider Data Protection Other Issues to consider CCTV Freedom of Information/Environmental Information Regulations Subject Access Requests CCTV – Have you got any, are their signs (contact details, purpose), retention periods FOI/EIR – Understand your responsibilities SAR – Process for handling

Data Protection Any Questions ???

Data Protection Andy Paton Extn 3474 andrewpaton@sthelens.gov.uk

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.