Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Information Management

Published byMadeleine York Modified over 9 years ago

Similar presentations

Presentation on theme: "Practical Information Management"— Presentation transcript:

1 Practical Information Management
Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to

2

3 Privacy Notice (Principle 1 & 2)
In general terms, a privacy notice should state: the purpose or purposes for which you intend to process the information; and any extra information you need to give individuals in the circumstances to enable you to process the information fairly.

4 Information Security (Principle 7)
Policy Statement: Northamptonshire County Council will ensure its information assets are protected and that the personal data we process is secured at all times Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to

5 Protective Marking Scheme
Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to

6 Why is information security important?- Some examples
Croydon Council has been handed a penalty of £100,000 after a bag containing papers relating to the care of a child sex abuse victim was stolen from a London pub. The Information Commissioner's Office (ICO) fined Midlothian Council £140,000 for disclosing sensitive personal data about children and their carers to the wrong people on five separate occasions Norfolk County Council has been served with an £80,000 penalty for disclosing information about allegations against a parent and the welfare of their child to the wrong recipient The ICO fined Worcestershire County Council £80,000 for an incident in March 2011 in which a member of staff inadvertently ed data on a large number of vulnerable individuals to 23 people on the wrong contact list Scottish Borders Council employed an outside company to digitise their pension records, but failed to seek appropriate guarantees on how the personal data would be kept secure. The ICO issued a fine of £250,000 when personal data was found in a supermarket paper recycle bank.

7 While we have to accept that some incidents will always occur, it is not acceptable where adherence to our policies and guidelines would have prevented the breach

8 Information Disclosure
What is disclosure? Verbally – over the phone or in face to face conversation Letter Suggestion Loss of devices Mislaid paperwork Before disclosing you should ask yourself: Am I authorised to disclose this information Is the person requesting it entitled to receive it Are there any specific processes for disclosure e.g. redaction of 3rd party data

9 IT security and the AUP If you are required to use a computer for your job then you will need to comply with the acceptable use policy. If you don’t agree with the policy your access to IT system and services will be withdrawn. You must also comply with the Portable Storage and Devices Policy

10 Paper files... Should be kept secure
Should not be taken out of the office without permission and appropriate risk assessment Should be stored in an appropriate filing system Must not be left unattended if taken off site Should not be kept longer than are necessary

11 Managing paper files and records (Principle 5)
Records created or stored by the Council must be managed in accordance with Council’s Records Management Retention and Disposal schedule. This means that we will not waste valuable space and money in storing information that we no longer need, and will also mean we are not in breach of the Data Protection Act. All filing systems should be designed to ensure that they are accessible and understandable in an emergency situation and relevant information can be located without the need of specialist knowledge Records are therefore those documents that: 1. Ensure the availability of credible, reliable and authoritative evidence to protect the rights of the organisation, its staff, its customers and anyone else affected by its activities; 2. Provide corporate memory so that lapse of time does not affect access to and availability of information; 3. Demonstrate accountability by providing the evidence and information required for any possible internal or external audit or to enable or defend legal challenge; and 4. Demonstrate the delivery of the Council's statutory obligations

12 Data Protection Act & Information Sharing (principle 1&2)
DPA does not prevent the sharing of information but sets some controls over how information should be shared. SORP 7 States: Within the parameters of the law and good practice, we will always share our information where there is a clearly defined purpose for doing so. You colelct infornation for a purpose and tell your clients when you collect what you will use it for through a privacy notice. Often things happend that mean you may want to share that informatioj – the DAP does not prevent this happen – but requires you consider issues before you do so .

13 Data Protection Act & Information Sharing – The Caldicott Principles
Justify the purpose(s) for using patient data Don't use patient-identifiable information unless it is absolutely necessary Use the minimum necessary patient-identifiable information Access to patient-identifiable information should be on a strict need to know basis Everyone should be aware of their responsibilities to maintain confidentiality Understand and comply with the law, in particular the Data Protection Act You colelct infornation for a purpose and tell your clients when you collect what you will use it for through a privacy notice. Often things happend that mean you may want to share that informatioj – the DAP does not prevent this happen – but requires you consider issues before you do so .

14 Disposal Paper documents containing personal information must be disposed of securely – using the secure bins or shredded You colelct infornation for a purpose and tell your clients when you collect what you will use it for through a privacy notice. Often things happend that mean you may want to share that informatioj – the DAP does not prevent this happen – but requires you consider issues before you do so .

15 Practical tips to aid compliance (1)
Complete the on line training Read the Information Security Policy and seek clarification if you need it. Read SORP 7 Ensure you use strong Passwords – and know the rules around passwords Ensure any personal data you hold is relevant and up to date. Archive properly – know and apply the correct retention periods and destroy when the retention period has passed Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to

16 Practical tips to aid compliance (2)
7. Identify FOIs and SARs and send them to the DP/FOI Team , but be prepared to deal with certain requests under “business as usual” 8. Never give out personal data without verifying the caller is entitled to it. Know what information you have, where it is and how secure it is. Remember – it can be OK to share data- if you are in a receipt of an appropriate request - but seek advice first Be aware of information security in everything you do – would you want your information treated the same way? Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to

17 Any Questions? Aim for 5 or 6 bullet points per slide – any more and the slide is difficult to read from the back of the room. Don’t reduce the type size or line spacing – if you can’t fit it in, you’ve got too much on the slide! Cut some words instead. People switch off when they see too much information on the screen. Either split it onto another screen or cut down the information. For more dos and don’ts with PowerPoint, go to

Download ppt "Practical Information Management"

Similar presentations

Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
FERPA 102 Helpful Guide for Administrators, Security Contacts and Support Staff Prepared by the Office of the Registrar Student Records: Institutional.

FERPA 102 Helpful Guide for Administrators, Security Contacts and Support Staff Prepared by the Office of the Registrar Student Records: Institutional.
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Information Governance

Information Governance
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
FERPA The Family Educational Rights and Privacy Act.

FERPA The Family Educational Rights and Privacy Act.
Data Protection Recruitment Process

Data Protection Recruitment Process
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   

Similar presentations

Ads by Google