Presentation is loading. Please wait.

Presentation is loading. Please wait.

Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.

Published byViolet Perkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office."— Presentation transcript:

1 Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office

2 Data Protection Principles Processed fairly and lawfully and must meet appropriate conditions for processing; Obtained only for one or more specified lawful purposes; Adequate, relevant and not excessive; Accurate and, where necessary, kept up to date; Kept for no longer than is necessary; Processed in accordance with individuals’ rights; Subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing, or the accidental loss, destruction, or damage to, personal data; Only transferred to a country or territory outside the EEA where adequate levels of protection for the rights and freedoms of individuals in relation to the processing of personal data can be ensured. Personal information must be…

3 Data Protection Principles Processed fairly and lawfully and must meet appropriate conditions for processing; Obtained only for one or more specified lawful purposes; Adequate, relevant and not excessive; Accurate and, where necessary, kept up to date; Kept for no longer than is necessary; Processed in accordance with individuals’ rights; Subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing, or the accidental loss, destruction, or damage to, personal data; Only transferred to a country or territory outside the EEA where adequate levels of protection for the rights and freedoms of individuals in relation to the processing of personal data can be ensured. Personal information must be…

4 Fair – privacy notices Privacy notices: Passive vs Active Identity of the organisation in control of processing The purpose, or purposes, for processing Any other information necessary, in the specific circumstances, to enable the processing to be fair

5 Lawful – conditions for processing Consent Contract Legal obligation Vital interests Administration of justice Public function/interest Legitimate interests of the data controller and third party but not prejudicial to individual Explicit consent Employment law Vital interests Not-for-profit TU/religious/ political/philosophical groups Already in public domain Legal proceedings/advice Administration of justice Public functions Anti-fraud activity Medical purposes Equal Opps Monitoring Substantial public interest (SI2000/417) Personal data:Sensitive personal data:

6 Lawful – conditions for processing Consent Contract Legal obligation Vital interests Administration of justice Public function/interest Legitimate interests of the data controller and third party but not prejudicial to individual Explicit consent Employment law Vital interests Not-for-profit TU/religious/ political/philosophical groups Already in public domain Legal proceedings/advice Administration of justice Public functions Anti-fraud activity Medical purposes Equal Opps Monitoring Substantial public interest (SI2000/417) Personal data:Sensitive personal data:

7 Lawful – individuals’ rights Right to Access – sources & disclosures Right to Object – unwarranted & substantial damage or distress Right to Accuracy – matters of fact, not opinion Right to Complain – internal & external procedures

8 Data Protection Principles Processed fairly and lawfully and must meet appropriate conditions for processing; Obtained only for one or more specified lawful purposes; Adequate, relevant and not excessive; Accurate and, where necessary, kept up to date; Kept for no longer than is necessary; Processed in accordance with individuals’ rights; Subject to appropriate technical and organisational measures to prevent the unauthorised or unlawful processing, or the accidental loss, destruction, or damage to, personal data; Only transferred to a country or territory outside the EEA where adequate levels of protection for the rights and freedoms of individuals in relation to the processing of personal data can be ensured. Personal information must be…

9 Tools for good governance: Minimum data sets & data standards Procedures for corrections & forwarding alerts Formal retention schedule Robust security standards & up-to-date systems & software Formal near-miss & breach procedures Information governance

10 Tools for good governance: Staff training Security standards Policies & Procedures Privacy Impact Assessments Formal information governance lines of accountability Data Sharing Agreements/Information Sharing Protocols Information governance

11 Information governance – data sharing EmergencyExceptional Reciproca l Regular Named person Police Health Social work School

12 Data sharing code of practice What is a statutory Code of Practice? ICO is required by law to produce Approved by Secretary of State and UK Parliament Provides ‘good practice’ advice Not following Code is not necessarily a DPA breach Admissible in court proceedings

13 Information governance – data sharing What is the sharing meant to achieve? What information needs to be shared? When and how should sharing take place? Who requires access to the shared data? Will the sharing involve any transfers outside the EEA? How do you check objectives are being achieved? Does your notification need to be updated? Are current fair processing notices adequate? What is your legal basis for sharing? Should a data sharing agreement be in place? Factors to consider:

14 Data sharing agreements Structure Purpose of sharing Partner organisations & points of contact Data to be shared Legal basis for sharing Access & individuals’ rights Information governance arrangements: Datasets; accuracy; compatibility; retention and deletion; security; SARs; reviews; termination; appendices (glossary, templates, diagrams/decision trees)

15 ICO statement Misconception that the Act prevents sharing so fear of non-compliance becomes a barrier The Act promotes lawful and proportionate information sharing A risk to wellbeing can be a strong indication that a person could be at risk of harm if the immediate matter is not addressed Where a practitioner believes, in their professional opinion, that there is risk to a person that may lead to harm, proportionate sharing of information is unlikely to constitute a breach of the Act Consent can be difficult and it should only be sought when the individual has real choice over the matter

16 ICO statement The Act provides conditions to allow sharing of such information: functions of a public nature exercised in the public interest (Sch2) and functions conferred under an enactment (Sch3) Appropriate and relevant protocols conveyed to practitioners to provide a support mechanism for the decision making process The practitioner should use experience, professional instinct and all available information before they decide whether or not to share The Data Protection Act should not be viewed as a barrier to appropriate and proportionate sharing!

17 Scotland Office: 45 Melville Street Edinburgh EH3 7HL T: 0131 244 9001 E: scotland@ico.org.uk Subscribe to our e-newsletter at www.ico.org.uk or find us on… @iconews #icoscotland Keep in touch /iconews

Download ppt "Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office."

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Information Law Report.

National Smartcard Project Work Package 8 – Information Law Report.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Data Sharing and Good Practice Maureen H Falconer Sr Policy Officer Information Commissioner’s Office.

Data Sharing and Good Practice Maureen H Falconer Sr Policy Officer Information Commissioner’s Office.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Implementation of Security and Confidentiality in GP Practices.

Implementation of Security and Confidentiality in GP Practices.
Bernadette Malone – Chief Executive Perth and Kinross Council and Chair of GIRFEC National Implementation Working Group Alan Small -Information Sharing.

Bernadette Malone – Chief Executive Perth and Kinross Council and Chair of GIRFEC National Implementation Working Group Alan Small -Information Sharing.

Similar presentations

Ads by Google