Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 Morgan Cole LLPExpertise | Experience | Efficiency | Contribution 11th October 2012 Avoiding Data Protection pitfalls when collecting Equality Information.

Published byAndra Briggs Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2012 Morgan Cole LLPExpertise | Experience | Efficiency | Contribution 11th October 2012 Avoiding Data Protection pitfalls when collecting Equality Information."— Presentation transcript:

1 © 2012 Morgan Cole LLPExpertise | Experience | Efficiency | Contribution 11th October 2012 Avoiding Data Protection pitfalls when collecting Equality Information Mererid McDaid Associate

2 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 2 Equality Act 2010 Section 149(1) provides that a public authority must in exercising its functions have due regard to:  Eliminate conduct prohibited by the Act  Advance equality of opportunity  Foster good relations between persons Welsh Ministers prepared Regulations for the purpose of better performance of the general duty Application to Housing Associations

3 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 3 The Regulatory Framework Published 2 December 2011 Purpose  “Delivering high quality services – providing services that meets people’s needs and expectations…” Governance & Financial Management  “We place the people who want to use our service at the heart of our work…”  “Our activities and services reflect the diversity of the communities where we operate, are free from discrimination and promote equality of opportunity”

4 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 4 What is equality monitoring data Likely to include the following details:  Name  Address  Details of any dependants  Details of any illnesses or other health issues Could also include data relating to:  Age  Disability  Gender reassignment  Marriage and civil partnership  Race  Religion or beliefs  Sex  Sexual orientation All ‘protected characteristics’

5 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 5 Equality Data and Personal Data (1) Data collected likely to be “personal data” Personal data defined as:  Information in electronic format or in tightly structured manual files that relates to identifiable living individuals  Also includes where an individual can be identified from context or information can be linked with other information that allows an individual to be identified

6 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 6 Equality Data and Personal Data (2) Data may also be “sensitive personal data” Sensitive personal data defined as:  racial or ethnic origin  political opinions  religious (or similar) beliefs  trades union membership  physical or mental health  sexual life  commission or alleged commission of criminal offence  prosecution for alleged offences

7 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 7 What activities are covered by the DPA? Any and all handling of personal data e.g. Recording Copying Sharing Disclosing (including verbally) Emailing Faxing Updating Retrieving Storing Destroying Reading Organising or rearranging

8 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 8 Data Collection and DPA If collecting equality data, a Housing Association will:  Collect  Analyse and  Possibly, publish data Therefore “processing” for purposes of DPA

9 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 9 Impact of DPA Anyone that processes personal information must comply with the eight key principles Failure to do so can result in enforcement action, including penalties being imposed Other possible consequences include:  Lose the confidence of your tenants/other stakeholders  Reputational risk

10 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 10 Data Protection Principles Personal Data must be… handled fairly and lawfully used for specified purposes adequate, relevant and not excessive accurate and up to date Personal Data must… not be kept for longer than necessary be handled in accordance with individual rights be handled securely not be transferred to a country outside Europe unless there is adequate protection for privacy

11 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 11 Principle 1: Handling data fairly All personal data must be processed “fairly and lawfully” and for specified purposes What does this mean?

12 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 12 Handling data fairly Individuals must be told about your use of their data  Who is responsible for looking after their data  Why their data is being collected and used  Any other relevant information anything else that might surprise them about the use of their data, anything you feel they should know about, especially if they might wish to object e.g. whether the data will be shared with others, or used for marketing, or handled abroad  Whether you are planning to use their details (especially email and mobile numbers) for promotional or marketing purposes

13 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 13 Handling data fairly You don’t always need consent to use personal data but if you have made promises about the way you will use it, it will be unfair if you then use it in a different way without going back to the individual e.g. “We will only use your mobile number so we can contact you in an emergency” It would be unfair then to use mobile numbers for routine calls or to send promotional text messages

14 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 14 Handling data fairly Personal Data must be handled “lawfully” Personal data that has been supplied to you in confidence must be treated in confidence Otherwise there will be a breach of the DPA as well as a breach of confidence

15 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 15 Confidentiality Certain information is “confidential” if it is supplied and received with the understanding that it should be kept private Individuals can bring legal action if their confidential information is disclosed without consent Confidential information can be disclosed in exceptional cases if necessary in the public interest e.g. to save life and limb or expose wrong doing

16 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 16 What may people expect you to treat as confidential? Name address and telephone number Date of birth Personal circumstances including employment Their involvement with other agencies Financial circumstances Medical circumstances Information about other household members Racial or ethnic origin Religion History of criminal offences Any other information that they specifically say is being provided in confidence

17 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 17 Fair handling In addition to any duty of confidentiality, personal data should be “processed” only if one of the following six conditions applies Remember this applies every time you use personal data for any purpose at all

18 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 18 Personal Data: Schedule 2 condition Consent Processing necessary for the performance of a contract Processing necessary to comply with a legal obligation Processing necessary to protect vital interests Processing necessary for the exercise of statutory/public functions Processing necessary for legitimate interests provided there is no unwarranted interference with the rights and freedoms of the individuals concerned

19 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 19 Sensitive Data: Schedule 3 condition If handling sensitive personal data must also satisfy a condition in Schedule 3, which include:  Explicit consent  Necessary for the purpose of any statutory functions  Necessary for identifying/keeping under review the existence or absence of equality of opportunity or treatment between persons of different racial/ethnic origins with a view to promoting/maintaining equality and is carried out with appropriate safeguards

20 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 20 Fair handling Information should  be used only for specified purposes  not used for any “incompatible purpose” (unless an exemption applies) Exemptions  prevent/detect crime  carry out serious internal investigations  obtain legal advice, deal with legal proceedings

21 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 21 Fair Processing Information If sensitive personal data is being collected and is to be processed on the basis of consent, the fair processing notice should be written in such a way that explicit consent to processing is obtained

22 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 22 Torbay Care Trust (1) Served a Civil Monetary Penalty (CMP) Online publication of sensitive personal data collected with the Trust’s duties under EA 2010 Information collected by staff survey was stored on the Trust’s electronic staff records system. Workforce development team was then asked to supply information from the system for the purpose of publishing equality data.

23 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 23 Torbay Care Trust (2) Excel spreadsheet prepared containing details of 1,373 staff including;  Names and DOB,  NI numbers and  sensitive personal data such as race, religious beliefs, disability and sexual orientation Published on Trust’s website and remained online for 19 weeks until a member of the public made the ICO aware of document

24 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 24 Torbay Care Trust (3) ICO investigation found:  No guidance for staff on what information should not be published online  Trust had failed to put in place adequate checks to identify potential problems  ICO considered the breach extremely serious because of the large number of employee records involved and the sensitive and confidential nature of the personal data Served a CMP of £175,000

25 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 25 Good practice (1) Make data protection statements on monitoring forms easy to understand and include:  What the information is going to be used for  If information will be shared and if so, to whom Be clear as to the reasons why monitoring, particularly whether obliged to provide information for monitoring If publishing information – anonymise results (critically review) Tell individuals of their rights under DPA Make sure information collected is accurate and kept up to date

26 Expertise | Experience | Efficiency | Contribution© 2012 Morgan Cole LLP 26 Good practice (2) Periodic review of information collected to ensure still needed for monitoring purposes Develop a policy on how long information will be kept for Assess what appropriate security measures are required to ensure the information is kept secure Make sure that only staff who need to view the information collected are able to gain access and ensure such staff are appropriately trained Make sure information is disposed of securely when it is no longer needed

Download ppt "© 2012 Morgan Cole LLPExpertise | Experience | Efficiency | Contribution 11th October 2012 Avoiding Data Protection pitfalls when collecting Equality Information."

Similar presentations

Equality Act 2010 The Public Sector Equality Duty - how will it affect the third sector? Overview of where we are with legislation that came into force.

Equality Act 2010 The Public Sector Equality Duty - how will it affect the third sector? Overview of where we are with legislation that came into force.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Line Managers Date: updated March 2011

Line Managers Date: updated March 2011
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The Data Protection Act

The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.

Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.

Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.

Similar presentations

Ads by Google