Presentation is loading. Please wait.

Presentation is loading. Please wait.

NOT PROTECTIVELY MARKED Data Protection Information Management & Information Security.

Published byBenjamin Cole Modified over 9 years ago

Similar presentations

Presentation on theme: "NOT PROTECTIVELY MARKED Data Protection Information Management & Information Security."— Presentation transcript:

1 NOT PROTECTIVELY MARKED Data Protection Information Management & Information Security

2 NOT PROTECTIVELY MARKED Data Protection? Information Security? What’s the difference??

3 NOT PROTECTIVELY MARKED Data Protection Current Requirements Personal Data Processing of that data Data from which a person can be identified, e.g. name, date of birth, reference number, video image Applies to a living individual - the Act itself provides no protection after death but Force policy has an impact.

4 NOT PROTECTIVELY MARKED Data Protection Relevant Legislation Data Protection Act 1998 Human Rights Act 1998 Computer Misuse Act 1990 Copyright Designs & Patents Act 1988 Freedom of Information (Scotland) Act 2002

5 NOT PROTECTIVELY MARKED Data - what’s that?

6 NOT PROTECTIVELY MARKED Data Protection Act 1998 Registrable Particulars – Policing The prevention and detection of crime The apprehension and prosecution of offenders The protection of life and property The maintenance of law and order Rendering assistance to the public Vetting and Licencing Public Safety

7 NOT PROTECTIVELY MARKED Data Protection Act 1998 The Act imposes strict conditions on the PROCESSING of personal data “Processing means obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data” i.e. anything we do with the data

8 NOT PROTECTIVELY MARKED Data Protection Act 1998 The Eight Data Protection principles Processed fairly and lawfully Only obtained for a specified purpose Data shall be relevant, adequate and not excessive Data shall be accurate and kept up to date Data shall not be kept longer than is necessary Data shall be processed in accordance with rights of data subjects Appropriate measures shall be taken against unlawful or unauthorised processing and against loss, destruction or damage to data Data shall not be transferred outside the EEA unless adequate protection exists for the rights and freedoms of individuals

9 NOT PROTECTIVELY MARKED Data Protection Act 1998 Sensitive personal data  Racial or ethnic origin  Political opinions  Religious beliefs or beliefs of a similar nature  Membership of a Trade Union  Details of physical or mental health  Details of sexual life  Commission or alleged commission of any offence  Details of any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of the court in such proceedings

10 NOT PROTECTIVELY MARKED Disclosing Data To Others In general can only be released for a purpose in line with Policing Ask the 3 important questions WHO wants the data? WHY do they want it? WHAT are they going to do with it? If you get it wrong there is a personal liability UNLIMITED FINE

11 NOT PROTECTIVELY MARKED Data Protection Individual Rights Any data subject has the right of access to their personal data The data subject has the right to demand the correction or deletion of inaccurate data The data subject has the right to compensation if they have suffered damage or distress  SUBJECT ACCESS - £10 fee

12 NOT PROTECTIVELY MARKED Data Protection DPO Responsibilities The Data Protection Department  Ensures all force systems are compliant  Maintains Data Protection Notification  Gives advice and assistance  Liaises with other agencies  Prepares information sharing protocols AUDITS EVERYONE!

13 NOT PROTECTIVELY MARKED Data Protection Responsibility of Users YOU MUST  Have a working knowledge of the Act  Apply the principles as you work  Take notebook entries  Ensure the data you are processing is  Accurate  Relevant  Up to date  SECURE

14 NOT PROTECTIVELY MARKED Criminal Offences Under the Act Knowingly or recklessly obtain, disclose or procure the disclosure of personal data without the consent of the data controller Sell or offer to sell personal data obtained in the above manner

15 NOT PROTECTIVELY MARKED Data Protection Questions

16 NOT PROTECTIVELY MARKED Information security applies to all information, including personal data, and in any format. Paper - written & printed. Communications - radio & telephone. Conversation. I.T. - Force network, PCs, Laptops, PDAs, magnetic media, non-magnetic media. Internet & e-mail. Information Security

17 NOT PROTECTIVELY MARKED So why is information security needed? Information security is about protecting that valuable lifeblood from a wide range of threats. Information is a vast resource, and a valuable asset. More importantly, it is the lifeblood of the Police Service. Information Security

18 NOT PROTECTIVELY MARKEDThreats Deliberate Deliberate - theft, denial of service, hacker. Accidental Accidental - coffee, power supply. Natural Natural - fire, flood. Information Security

19 NOT PROTECTIVELY MARKEDSources Internal Internal - employees. External External - criminals, investigative journalists, members of the public. Most dangerous = Information Security employees employees

20 NOT PROTECTIVELY MARKED What do we get from information security? C I A C onfidentiality I ntegrity Information Security The restriction of information and assets to authorised individuals The maintenance of information systems and physical assets in their complete and proper form The continuous or timely access to information, systems or physical assets by authorised individuals A vailability

21 NOT PROTECTIVELY MARKEDPersonnel Computer Communications Radiation Procedural Document Physical C I A Information Security

22 NOT PROTECTIVELY MARKED Information Security Or to give it the full title, the Government Protective Marking Scheme which is designed to enhance the security and help protect the value of sensitive and help protect the value of sensitive assets through the use of assets through the use of ‘protective markings’. ‘protective markings’. How do we go about protecting our sensitive assets? G P M S

23 NOT PROTECTIVELY MARKED Information Security The six markings used are: G P M S NOT PROTECTIVELY MARKED PROTECTRESTRICTEDCONFIDENTIALSECRET TOP SECRET

24 NOT PROTECTIVELY MARKED Information Security Once applied these markings (and handling instructions) indicate to others the value of an asset and the impact of compromise. Value and impact determine how it should be protected, and who should be given access to it. The fundamental principle of this system is to assure that protectively marked assets will be given adequate protection against accidental or deliberate compromise. Examples of impact are: G P M S

25 NOT PROTECTIVELY MARKED Information Security Accidental or deliberate compromise of assets marked NOT PROTECTIVELY MARKED would be likely to: G P M S have no impact on the Force

26 NOT PROTECTIVELY MARKED Information Security G P M S Accidental or deliberate compromise of assets marked PROTECT would be likely to have: no impact on life or safety but may cause inconvenience or discomfort to an individual no impact on crime fighting but may cause minor disruption to emergency service activities

27 NOT PROTECTIVELY MARKED Information Security Accidental or deliberate compromise of assets marked RESTRICTED would be likely to: G P M S cause substantial distress to individuals prejudice the investigation or facilitate prejudice the investigation or facilitate the commission of crime the commission of crime

28 NOT PROTECTIVELY MARKED Information Security Accidental or deliberate compromise of assets marked CONFIDENTIAL would be likely to: G P M S prejudice individual security or liberty impede the investigation or facilitate the commission of serious crime the commission of serious crime

29 NOT PROTECTIVELY MARKED Information Security Accidental or deliberate compromise of assets marked SECRET would be likely to: G P M S threaten life directly, or seriously prejudice public order, or individual security or liberty order, or individual security or liberty cause serious damage to the continuing effectiveness of highly valuable security effectiveness of highly valuable security or intelligence operations or intelligence operations

30 NOT PROTECTIVELY MARKED Information Security Accidental or deliberate compromise of assets marked TOP SECRET would be likely to: G P M S lead directly to widespread loss of life cause exceptionally grave damage to the continuing effectiveness of extremely continuing effectiveness of extremely valuable security or intelligence valuable security or intelligence operations operations

31 NOT PROTECTIVELY MARKED Information Security However, the most common markings you will probably see and use on a day-to-day basis are: G P M S NOT PROTECTIVELY MARKED PROTECTRESTRICTEDCONFIDENTIAL

32 The Basics Warrant Cards/IDs. Destruction. Clear desk policy. Passwords/logging out. E-mail/Internet use. Desktop software. Viruses. Access control. Information Security

33 NOT PROTECTIVELY MARKED A Problem Shared Is A Problem Halved Reporting Procedure: E-mail. Telephone. In person. As Soon As Possible Information Security

34 NOT PROTECTIVELY MARKED More Information – see your copy of Information Security Police Scotland Information Security Standard Operating Procedure

35 NOT PROTECTIVELY MARKED Any questions? Information Governance Officer Information Security

Download ppt "NOT PROTECTIVELY MARKED Data Protection Information Management & Information Security."

Similar presentations

Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Legal Implications of ICT. In this section will look at: Legal Implications of ICT: ☼ Data Protection Act 1998 ◦ The 8 Principles, ◦ The Data Subject.

Legal Implications of ICT. In this section will look at: Legal Implications of ICT: ☼ Data Protection Act 1998 ◦ The 8 Principles, ◦ The Data Subject.
Data Protection.

Data Protection.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.

The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
General Purpose Packages

General Purpose Packages
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

Similar presentations

Ads by Google