Presentation is loading. Please wait.

Presentation is loading. Please wait.

Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.

Published byApril Hardy Modified over 8 years ago

Similar presentations

Presentation on theme: "Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling."— Presentation transcript:

1 Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling

2 Welcome. We are going to be talking about the exciting field of Information Management. Fasten your seat belts! Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000

3 Did you know: – 80% of the worlds new data is unstructured – The worlds data is doubling every 1.2 years Managing Information

4 Do you understand your legal obligations under the Data Protection Act 1998 (DPA)? Do you know how to respond to a request for information under the Freedom of Information Act 2000 (FOI) or Environmental Information Regulations 1998 (EIR)? Managing Information

5 What could possibly go wrong? Data breach incidents by quarter (2014) from ICO Q1Q2Q3Q4 Central government8121312 Education25 3638 Health91137160163 Local government57685554

6 The ICO enforces and oversees the following legislation: Data Protection Act 1998 Freedom of Information Act 2000 Environmental Information Regulations 2004 Privacy and Electronic Communications Regulations 2003 INSPIRE Regulations 2009 Who oversees compliance? Information Commissioner’s Officer

7 His responsibilities also include being proactive in producing codes of practice to follow, such as: CCTV Information sharing Processing SARs Applying an exemption under FOI/EIR Information Commissioner

8 ICO decisions have been made against schools for: Not providing information in time Not responding to information requests at all Applying the wrong exemption ICO decisions

9 Schools and Academies: Have a legal obligation to respond to requests for personal data under the DPA Must respond to requests received under the FOI or EIR These requests can be complex and intricate. It is often hard to determine which piece of legislation applies and, if necessary, how to apply any exemptions. Your obligations

10 What does managing information mean to you? What types of information do you manage? Managing Information

11 Looking at our list which information might fall under one of these legislation? Data Protection Act 1998 (DPA) Freedom of Information Act 2000 (FOI) Environmental Information Regulations (EIR) Managing Information

12 Looking at some of the information we identified as personal data How do you think the DPA impacts on this? Data Protection

13 8 principles – Personal data shall be…. processed fairly and lawfully obtained only for one or more specified and lawful purposes adequate, relevant and not excessive accurate and up to date not be kept for longer than is necessary processed in accordance with the rights of data subjects Protected by technical and organisational measures not be transferred to a country or territory outside the European Economic Area (EEA) Data Protection - consider:

14 Section 7 Right of access to personal data (SAR)  Informed if any of their personal data is being processed  Given a description of that data  Given a copy of that data Data Protection - consider:

15 Compliance vs fines: 40 days in which to supply a copy of the data Failure to comply can lead to:  Monitoring, or watch, list  Undertakings  Fines Data Protection - consider:

16 Did you know that the Data Protection 1998 has no age specified in the legislation? Depending on the age of the child the parent does not automatically have a right of access to the child’s personal data. Data Protection - consider:

17 Do you understand what information falls under the Education Act rather than personal data that falls under the Data Protection Act? ‘Blue file’ – what are you putting in the ones you hold? Data Protection vs. Education Act

18 Lets have a few questions about your issues with Data Protection. Lets have some questions on Data Protection

19 Looking at some of the information we identified as information that would fall under FOI or EIR How do you think these statutory frameworks impacts on this? Freedom of Information Environmental Information

20 Getting it right – knowing which legislation to use For each request for recorded information you must decide which legislation to use You need to include complaint information in every reply You need to understand how to apply an exemption FOI / EIR– consider:

21 Compliance timeframe  There are slightly different timeframes for each They have different exemptions/exceptions FOI has to be in writing, while EIR can be verbal You have legal obligation to offer advice and guidance to assist anyone in making a request FOI / EIR – consider:

22 Do you all have a publication scheme? This is a legal requirement The document tells people what information you hold and how they access it. FOI / EIR – consider:

23 You may be breaching the FOI or EIR legislations if you do any of the following: fail to respond adequately to a request for information; fail to adopt the model publication scheme, or do not publish the correct information; or deliberately destroy, hide or alter requested information to prevent it being released. FOI / EIR – consider:

24 Penalties: Signed Undertaking Decision notices and Enforcement notices Criminal offence to alter, block, destroy or conceal information Contempt of court for failing to comply with a decision notice, enforcement notice, or information notice.  This could lead to a fine or jail for a senior officer FOI / EIR – consider:

25 Lets have a few questions about your issues with FOI or EIR Lets have some questions on FOI or EIR

26 Do you have the following in place: Privacy notice (registration with ICO) Data protection policy Publication Scheme Security incident management policy Acceptable use of e-mail and ICT portable device policy CCTV policy These are just a few of the things you should have in place Information Management

27 When you go back to your school look at your information. What do you hold? How are you managing this information? Do all your staff understand their obligations? Do you meet all your obligations under the various legislation? What policies do you need to have in place? Information Management

28 Any questions? Thank you for your participation and time Thank you and Questions GO SAFELY DOWN THE INFORMATION HIGHWAY This presentation is copyright protected by Suffolk County Council. Please contact Information Management Services for permission to reproduce or use this presentation.

Download ppt "Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling."

Similar presentations

Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
Freedom of Information 1 Freedom of Information - overview FOI Unit (December 2011)

Freedom of Information 1 Freedom of Information - overview FOI Unit (December 2011)
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Role of the Information Commissioner’s Office 'Promoting public access to official information and protecting your personal information' Christine Johnson.

Role of the Information Commissioner’s Office 'Promoting public access to official information and protecting your personal information' Christine Johnson.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Transparency in Public Administration – FOI and EIR

Transparency in Public Administration – FOI and EIR
Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.

Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Practical Information Management

Practical Information Management
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.

Similar presentations

Ads by Google