Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council.

Published byJustin Hart Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council."— Presentation transcript:

1 Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council

2 Myths…….

3 Key dates…….. 2009 Criminal Justice and Immigration Act 2008 introduced changes which enabled powers to the Information Commissioner to fine for breaches of the Data Protection Act. 2010 A report into the “horrifying death” of Baby P in August 2007 was the result of the incompetence of authority staff and serious failures of sharing simple records 2011 The Information Commissioner’s Office published a new statutory code of practice on the sharing of personal data. The code of practice covers best practices for both routine and one-off data sharing activities

4 Wales Accord Sets out: The process for sharing personal information The relevant legislative powers The information that is shared and with whom The conditions for processing Allowing us to: Comply with the 8 Data Protection principles Comply with the Data Sharing Code

5 What are the challenges? No single approach to Data Protection governance: -Multiple systems -Different standards for secure electronic sharing -Private sector security Financial pressures -Increased different ways of working, almost inevitably in involving processing of PI -Services focused on savings and not necessarily understanding data security risks -Drive to work in collaborative and shared service arrangements

6 Governance Appropriate governance structures are an essential element of embedding the WASPI framework within organisations Good Governance: Ownership Boards Reporting Mitigating risks

7 What are Privacy Impact Assessments A PIA helps assess the risks around the privacy of individuals in the collection, use and disclosure of information and foresee any problems and assist in bringing forward solutions. A PIA will also identify risks to individuals’ privacy together with DP compliance liabilities for the Council.

8 Scope of Privacy Impact Assessments New projects, programmes or changes to business practices, involving personal data, present a risk to organisations; the use of personal data in new or different ways needs to be assessed to ensure it is compliant with the Data Protection Act.

9 What is the purpose of a PIA? Identifies data being processed Who will have access to it? - This includes both internally and externally Describe any sharing arrangements Identifies any gaps in any data sharing and enables controls to be effectively put in place to help manage risk

10 The Cardiff Approach……… PIA Guidance/Template – PIA Board Mandated in project documentation Mandated in procurement contract award processes Reported to Information Security Board Training

11 The Future General Data Protection Regulation (GDPR) Regional models Increased challenge -Reorganisation -Collaborations -Joined up services

12 ‘Sharing personal information effectively is central to the provision of some of the Council’s key services. Corporate oversight of information sharing developments, particularly in large organisations like ours, is challenging and the measures we have introduced bring controls in this area. We also understood the need to keep trained ISP facilitators engaged and our Information Security Board provides a link to these key individuals and decision makers.’ Dave Parsons Information Governance Manager Cardiff Council

Download ppt "Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council."

Similar presentations

Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.

Philip M. J. Graham Head of Information Communications Technology (ICT) 13 th July 2010.
Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.

Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.
Outcomes focused regulation and compliance in practice Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk.

Outcomes focused regulation and compliance in practice Peter Scott Peter Scott Consulting
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.
Wales Accord on the Sharing of Personal Information (WASPI)

Wales Accord on the Sharing of Personal Information (WASPI)
Aust. AM Collaborative Group (AAMCOG) An introduction to ISO 55000 “What to do” guide 20th October 2014.

Aust. AM Collaborative Group (AAMCOG) An introduction to ISO “What to do” guide 20th October 2014.
Challenge Questions What outcomes have we achieved?

Challenge Questions What outcomes have we achieved?
The Value in Conducting a Privacy Impact Assessment

The Value in Conducting a Privacy Impact Assessment
PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting www.peterscottconsult.co.uk.

PETER SCOTT CONSULTING Business Management Systemize your compliance with Rule 5 Peter Scott Peter Scott Consulting
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Effectively applying ISO9001:2000 clauses 5 and 8

Effectively applying ISO9001:2000 clauses 5 and 8
Safeguarding Adults at Risk in the new commissioning landscape Stephan Brusch Professional Safeguarding Adult Advisor.

Safeguarding Adults at Risk in the new commissioning landscape Stephan Brusch Professional Safeguarding Adult Advisor.
G17: Recordkeeping for Business Activities Carried out by Contractors Patrick Power, Manager Government Recordkeeping Programme Archives New Zealand.

G17: Recordkeeping for Business Activities Carried out by Contractors Patrick Power, Manager Government Recordkeeping Programme Archives New Zealand.
Ship Recycling Facility Management System IMO Guideline A.962

Ship Recycling Facility Management System IMO Guideline A.962
Equality and Diversity through Procurement Policy Nick Sullivan Head of Policy and Capability Value Wales.

Equality and Diversity through Procurement Policy Nick Sullivan Head of Policy and Capability Value Wales.
Commissioning for Sufficiency and Affordability Katy Burch, Commissioning Support Programme.

Commissioning for Sufficiency and Affordability Katy Burch, Commissioning Support Programme.

Similar presentations

Ads by Google