Presentation is loading. Please wait.

Presentation is loading. Please wait.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

Published byIra Gaines Modified over 9 years ago

Similar presentations

Presentation on theme: "CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland."— Presentation transcript:

1 CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland

2 CENTRAL SCOTLAND POLICE Data Protection? Information Security? What’s the difference??

3 CENTRAL SCOTLAND POLICE Data Protection Current Requirements Personal Data Processing of that data Data from which a person can be identified, e.g. name, date of birth, reference number, video image Applies to a living individual - the Act itself provides no protection after death but Force policy has an impact.

4 CENTRAL SCOTLAND POLICE Data Protection Relevant Legislation Data Protection Act 1998 Human Rights Act 1998 Computer Misuse Act 1990 Copyright Designs & Patents Act 1988 Freedom of Information (Scotland) Act 2002

5 CENTRAL SCOTLAND POLICE Data - what’s that?

6 CENTRAL SCOTLAND POLICE Data Protection Act 1998 Registered Purpose – Policing The prevention and detection of crime The apprehension and prosecution of offenders The protection of life and property The maintenance of law and order Rendering assistance to the public Vetting and Licencing Public Safety

7 CENTRAL SCOTLAND POLICE Data Protection Act 1998 The Act imposes strict conditions on the PROCESSING of personal data “Processing means obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data” i.e. anything we do with the data

8 CENTRAL SCOTLAND POLICE Data Protection Act 1998 The Eight Data Protection principles Processed fairly and lawfully Only obtained for a specified purpose Data shall be relevant, adequate and not excessive Data shall be accurate and kept up to date Data shall not be kept longer than is necessary Data shall be processed in accordance with rights of data subjects Appropriate measures shall be taken against unlawful or unauthorised processing and against loss, destruction or damage to data Data shall not be transferred outside the EEA unless adequate protection exists for the rights and freedoms of individuals

9 CENTRAL SCOTLAND POLICE Data Protection Act 1998 Sensitive personal data  Racial or ethnic origin  Political opinions  Religious beliefs or beliefs of a similar nature  Membership of a Trade Union  Details of physical or mental health  Details of sexual life  Commission or alleged commission of any offence  Details of any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of the court in such proceedings

10 CENTRAL SCOTLAND POLICE Disclosing Data To Others In general can only be released for a purpose in line with Policing Ask the 3 important questions WHO wants the data? WHY do they want it? WHAT are they going to do with it? If you get it wrong there is a personal liability UNLIMITED FINE

11 CENTRAL SCOTLAND POLICE Data Protection Individual Rights Any data subject has the right of access to their personal data The data subject has the right to demand the correction or deletion of inaccurate data The data subject has the right to compensation if they have suffered damage or distress  SUBJECT ACCESS - £10 fee

12 CENTRAL SCOTLAND POLICE Data Protection DPO Responsibilities The Data Protection Department  Ensures all force systems are compliant  Maintains Data Protection Register entries  Gives advice and assistance  Liaises with other agencies  Prepares information sharing protocols AUDITS EVERYONE !

13 CENTRAL SCOTLAND POLICE Data Protection Responsibility of Users YOU MUST  Have a working knowledge of the Act  Apply the principles as you work  Take notebook entries  Ensure the data you are processing is  Accurate  Relevant  Up to date  SECURE

14 CENTRAL SCOTLAND POLICE Data Protection Questions?

15 CENTRAL SCOTLAND POLICE Information Security Information security is all about protecting Force information from a wide range of risk sources. Information is an asset, and the lifeblood of the Police Service.

16 CENTRAL SCOTLAND POLICE Threats to Information Security Loss of information - CONFIDENTIALITY Loss of information - INTEGRITY Loss of information – AVAILABILITY C.I.A.

17 CENTRAL SCOTLAND POLICE Threats come from:- Risk Sources……. Internal – Employees Visitors Partner agency workers Contractors External - Criminals Journalists Information brokers Activists NATURAL DISASTERS

18 CENTRAL SCOTLAND POLICE Information Security Applies to…. Paper communications Radio & telephone. Conversation. I.T. - Force network, PCs, Laptops, PDAs, magnetic media. Internet & e-mail.

19 CENTRAL SCOTLAND POLICE Information Security Covers……. I.T. Buildings/vehicles (Physical) Information management Personnel

20 CENTRAL SCOTLAND POLICE The Basics Warrant Cards/IDs. Destruction. Clear desk policy. Passwords/logging out. E-mail/Internet use. Viruses. Desktop software. Access control.

21 CENTRAL SCOTLAND POLICE Government Protective Marking Scheme (G.P.M.S.) Information is graded into the following grades:- NOT PROTECTIVELY MARKED PROTECT RESTRICTED CONFIDENTIAL SECRET TOP SECRET

22 CENTRAL SCOTLAND POLICE Information Security Questions?

Download ppt "CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland."

Similar presentations

Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Legal Implications of ICT. In this section will look at: Legal Implications of ICT: ☼ Data Protection Act 1998 ◦ The 8 Principles, ◦ The Data Subject.

Legal Implications of ICT. In this section will look at: Legal Implications of ICT: ☼ Data Protection Act 1998 ◦ The 8 Principles, ◦ The Data Subject.
Data Protection.

Data Protection.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Data Protection Act.

Data Protection Act.
Data Protection Act 1998. Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.

Data Protection Act Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.
The Data Protection Act The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone.

The Data Protection Act The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
FORCE INFORMATION MANAGEMENT. INFORMATION MANAGEMENT Aim: To provide students with an awareness of the Force Information Management and legislation that.

FORCE INFORMATION MANAGEMENT. INFORMATION MANAGEMENT Aim: To provide students with an awareness of the Force Information Management and legislation that.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
General Purpose Packages

General Purpose Packages
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma
NOT PROTECTIVELY MARKED Data Protection Information Management & Information Security.

NOT PROTECTIVELY MARKED Data Protection Information Management & Information Security.

Similar presentations

Ads by Google