Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data protection for commissioners Vicky Cetinkaya, Senior Policy Officer, Strategic Liaison Katie Hanrahan, Lead Auditor, Good Practice 2 July 2015.

Published bySharyl Garrett Modified over 8 years ago

Similar presentations

Presentation on theme: "Data protection for commissioners Vicky Cetinkaya, Senior Policy Officer, Strategic Liaison Katie Hanrahan, Lead Auditor, Good Practice 2 July 2015."— Presentation transcript:

1 Data protection for commissioners Vicky Cetinkaya, Senior Policy Officer, Strategic Liaison Katie Hanrahan, Lead Auditor, Good Practice 2 July 2015

2 The Information Commissioner’s Office

3 What does the DPA cover? The DPA is concerned with the processing of ‘personal data’. Obligation to comply with the DPA rests with the ‘data controller’. Provides a framework that data controllers processing personal data must comply with.

4 The eight data protection principles

5 Background Sector chosen due to significant volumes of SPD - high risk Project initially designed to identify and highlight common problems, themes and issues as well as good practice 20 agencies invited, mainly in NW & London - 10 took part Organisations identified via Consortium for Voluntary Adoption Agencies/BAAF websites or previous ICO contact Follow-up survey of 100 LAs – 17 took part

6 Typical information & processing Organisations process and retain sensitive personal data relating to foster carers, adoptive parents, looked after children & their families and third parties Information used to assess suitability to foster / adopt Other personal information also used by local authorities and agencies to match carers with children, facilitate placements and assess the success of placements

7 IFP key findings/issues Insecure exchange of personal data Highly sensitive unencrypted personal information routinely emailed between IFPs and local authorities and vice versa. Contributing factors: Local authorities reluctant to deal with encrypted emails due to technical concerns. IFPs often send foster carer information without encryption to prevent delays that might jeopardise their commercial relationship with local authorities.

8 IFP key findings/issues (cont…) Mobile device encryption – Extensive use of unencrypted mobile devices to store / process / transport sensitive personal data. Carer reports/diaries - Processing of information by carers about looked after children on home computers and in the ‘cloud’. Homeworking – Staff using home computers for business purposes and lack of suitable controls. Training - Data protection/information security training is often lacking.

9 Other findings Passwords controls are not robust Secure printing procedures not widely adopted Endpoint restrictions often not in place Majority did not have data protection/information security policies Only a few had security incident/breach reporting and management procedures Retention and disposal procedures/schedules are not in place or not operating effectively

10 47% LA survey results Said their employer either didn’t record whether DP/IG policies had been read or they didn’t know

11 31% LA survey results Received DP/IG refresher training less frequently than every two years – 17% never received it

12 59% LA survey results Didn’t receive any role-specific DP training

13 57% LA survey results Never checked manual records out or in

14 50% LA survey results Potentially hold sensitive personal data of parents deemed unsuitable for placements for longer than necessary 28% retain it indefinitely!

15 31% LA survey results Either could not accept encrypted emails or did not know if they could

16 Recommendations for LA fostering & adoption teams Encrypt emails/attachments containing SPD Anonymise children’s data initially when matching Maintain DP/IG policies; ensure staff read & understand them DP training is timely, monitored, refreshed & role specific Records removed from office are tracked and monitored Retention & disposal schedules for manual & electronic files

17

18

19 £90,000 - 2012 Telford & Wrekin Council Foster Care Assessment provided to the wrong family member. Names and address of foster carers provided to mother in Placement Information record.

20 £70,000 - 2012 Norwood Ravenswood Ltd Background reports regarding children in care left on prospective adopter’s door step. Reports disappeared and were not recovered

21 £90,000 - 2012 Devon County Council Social worker printed wrong adoption panel report and sent to a family with no connection to the case Report contained highly SPD concerning a disabled couple whose child was being considered for adoption.

22 £70,000 - 2013 Halton Borough Council Clerical officer sent letter to birth mother containing the name and address of birth parents. Birth grandparents contacted adoptive parents

23 Undertaking -2014 Moray Council Detailed reports relating to adoption of two children plus less detailed reports on other children left in café.

24 Local authority Enforcement case - no further action Letter containing adoptive parents’ address sent to birth family in error – resulted in family having to be rehoused

25 Local authority Enforcement case - no further action Adoption report sent to incorrect email address as an attachment – it wasn’t encrypted.

26 Organisational Measures Technical measures Awareness HUMAN ERROR

27 Summary Consistent findings Support our concerns Improvements necessary Advice and support

28 How the ICO can help The Guide to data protection Subject access code of practice Data sharing code of practice and checklists Advisory visit outcomes reports

29 ICO advice and guidance -ICO guidance – www.ico.org.ukwww.ico.org.uk -ICO helpline – 0303 123 1113 -ICO email – casework@ico.org.uk

30 @iconews Keep in touch Subscribe to our e-newsletter at www.ico.org.uk or find us on… /iconews

Download ppt "Data protection for commissioners Vicky Cetinkaya, Senior Policy Officer, Strategic Liaison Katie Hanrahan, Lead Auditor, Good Practice 2 July 2015."

Similar presentations

Vetting and Barring and the Independent Safeguarding Authority scheme UCET seminar 9 June 2008 Presented by: Peter Swift.

Vetting and Barring and the Independent Safeguarding Authority scheme UCET seminar 9 June 2008 Presented by: Peter Swift.
Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.

Corporate Records Management (Practitioner) Information Governance Policy Team NHS Connecting for Health.
Supporting the education of looked after learners Rob Mills LAC Education Coordinator.

Supporting the education of looked after learners Rob Mills LAC Education Coordinator.
The Post Adoption Support Challenge Hugh Thornbery CEO Adoption UK and Chair of the Adoption Support Fund Expert Advisory Group.

The Post Adoption Support Challenge Hugh Thornbery CEO Adoption UK and Chair of the Adoption Support Fund Expert Advisory Group.
PRIVATE FOSTERING IN BOURNEMOUTH: A MULTI AGENCY APPROACH Presentation to Bournemouth 2026 Sarah Stewart, Team Manager Private Fostering 10 December 2013.

PRIVATE FOSTERING IN BOURNEMOUTH: A MULTI AGENCY APPROACH Presentation to Bournemouth 2026 Sarah Stewart, Team Manager Private Fostering 10 December 2013.
1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.

1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.
Data Protection.

Data Protection.
BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.

BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Data Protection Recruitment Process

Data Protection Recruitment Process
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
The Heart of the Matter: supporting family contact for fostered children.

The Heart of the Matter: supporting family contact for fostered children.
Practical Information Management

Practical Information Management
Handling information 14 Standard.

Handling information 14 Standard.
Early Intervention EYFS Framework Guide. Early intervention The emphasis placed on early intervention strategies – addressing issues early on in a child’s.

Early Intervention EYFS Framework Guide. Early intervention The emphasis placed on early intervention strategies – addressing issues early on in a child’s.
Senior Management Team : Children’s Safeguarding and Child Protection Briefing This briefing will cover: What is safeguarding and child protection Policy.

Senior Management Team : Children’s Safeguarding and Child Protection Briefing This briefing will cover: What is safeguarding and child protection Policy.
Safeguarding and looked after children Survey of children’s social work practitioners Results for Dudley Metropolitan Borough Council 2010 (Dud ’10) (No.

Safeguarding and looked after children Survey of children’s social work practitioners Results for Dudley Metropolitan Borough Council 2010 (Dud ’10) (No.

Similar presentations

Ads by Google