Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Management in Government: A Legal Perspective

Similar presentations


Presentation on theme: "Information Management in Government: A Legal Perspective"— Presentation transcript:

1 Information Management in Government: A Legal Perspective
Andrew Joint Barlow Lyde & Gilbert LLP 17th September 2009

2 Information Management
Information is a key asset of every business Technology has revolutionised our ability to access, create, store, search and communicate information Information Management is in its infancy and lagging behind technological development “the stone age was marked by man's clever use of crude tools; the information age, to date, has been marked by man's crude use of clever tools”

3 Storing up trouble… 2006 2007 2008 2009 2010 2011 500 1,000 1,500 2,000 2,500 3,000 3,500 2012 2013 2014 2015 4,000 4,500 8,000 10,000 6,000

4

5

6

7 Inside of an IT storage system

8 = Why is this a problem? “PATHOLOGICAL HOARDING DISORDER”
The acquisition of and failure to discard, possessions that are useless or of limited value due to a fear of losing things perceived to be important. = “PATHOLOGICAL HOARDING DISORDER”

9 Law and Information Management
DPA Others e.g DDA, Confidence etc IPRs

10 Data Protection Act Data Protection Act 1998
EC Directive – EEA wide application Policed in the UK by the ICO Protects ‘personal data’ – electronic mainly (but also paper in some cases) ‘data controllers’ must ‘process’ in accordance with the DPA ‘data subjects’ get a number of rights under the DPA Establishes “Principles” to abide by

11 The Data Protection Principles
Specific purpose Not kept longer than necessary Technical and organisational measures EEA Adequate, relevant and not excessive Accurate and up to date Rights for Data Subjects under the Act “fairly and lawfully processed”

12 Consequences of breaching DPA
Reputational damage Fines Criminal offences ICO increasing policing and enforcement and taking a harder line

13 5 Key Legal Impacts Security/confidentiality obligations
What information can/must be stored Exploitation of information Who has a right to access information Dealing with 3rd parties

14 1. Security/Confidentiality
Common law confidentiality Contractual – agreed standards Data Protection Act – Principle 7 Applicable IT standards “keeping up to date” - adequate technical and organisational (= security) measures – e.g. BS 10012 Practical measures and security standards

15 2. What Can/Must Be Stored
800+ specified retention periods fixed by statute/common law VAT records 6 years Contractual claims 6 years (12 years if a deed) Data Protection Act Processing fairly and lawfully Adequate and not excessive Accurate and up to date Not for longer than necessary IPRs

16 3. Exploitation of Information
Copyright Arising automatically in original works Lasts for a set number of years Generally owned by creator – (including ‘employer’) Database rights Arises where "substantial investment" in obtaining, verifying or presenting the contents of the database Owned by the maker Data Protection “fairly and lawfully”

17 4. Who has a right to access?
Confidentiality – who can it be given to? DPA Fairly and lawfully processed EEA Subject Access Request Litigation – duty to provide even if detrimental Regulatory investigation

18 5. Dealings with 3rd Parties
See 1. to 4. above: Security Storage Exploitation Access DPA issues need to be dealt with explicitly in contracts Liability/Indemnity/Insurance Right to audit/access and have information returned Information management policies

19 Specific Issues in the Public Sector
Freedom of Information Act 2000 Positive publication obligations Similar access regimes as under DPA Procurement Regulations Openness and transparency objectives Fairness pre and post procurement Open book and the NAO

20 Specific Issues in the Public Sector (cont’d)
Government Policy Expectation: Explicit – e.g. List X Implied – e.g. DDA Public eye/Private Eye risks

21 Information is your greatest asset, but also your biggest risk...
Not just the Data Protection Act 1998 There is no “magic bullet” solution A multi-faceted approach is needed: Contractual and legal protections IT security and solutions Practical policies and procedures

22 Policies Make it an employee issue not a corporate problem:
Written documents that explains practical day-to-day procedures and rules for use of the data (including communications, storage, passwords, access, home working etc etc) Provided to all employees who have to sign and comply with them (part of employment / outsourcing contract) Will reduce the real risk of a leak occurring Will increase chances of compliance with law and regulation Will reduce liability Significantly improves PR damage

23 Spot the difference if lost…..
A B and

24 Questions?


Download ppt "Information Management in Government: A Legal Perspective"

Similar presentations


Ads by Google