Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internal Audit Data Protection

Published byAbner Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "Internal Audit Data Protection"— Presentation transcript:

1 Internal Audit Data Protection
St Helens Council Internal Audit Data Protection

2 Data Protection The Principles
It’s as broad as it can get Act is huge - it is underpinned by 8 guiding principles These are: Our customers should know what information is being collected and why We cant collect data “just in case” - We have a Retention Schedule which ensures we comply with required timescales for both retention and destruction of info We don’t pass on without permission or legislation, someone has the right (for a small fee) to see all the information we hold on them Covered in more detail later It’s not legal to transfer personal data outside the EU without taking appropriate steps to protect it (ie Dropbox, Google docs)

3 The three most important aspects when sharing data are:
Data Protection The three most important aspects when sharing data are: • Making sure you are allowed to share it • Ensuring adequate security (taking into account the nature of the information) is in place to protect it • Providing an outline in a fair processing notice of who receives personal information from the school

4 Data Protection Important!!!! HM Guidance March 2015 –
The DPA is not a barrier to sharing information where the failure to do so would result in a child being placed at risk of harm Outcomes from Rotherham child exploitation Information sharing - Advice for practitioners providing safeguarding services to children, young people, parents and carers March 2015

5 When Can/should you share
Data Protection When Can/should you share Schedule 2 Conditions Consent Functions of a public nature exercised in the public interest (Legislation) Protect the vital interests of the data subject The administration of justice Implied consent Not necessarily under legislation Safeguarding Police/Courts etc but they should request in writing

6 When Can/should you share
Data Protection When Can/should you share Schedule 3 Conditions (Sensitive data) Consent Function conferred under enactment (Legislation) Protect the vital interests of the data subject The administration of justice Explicit consent Requires legislation Safeguarding Police/Courts etc but they should request in writing

7 Data Protection Secure Sharing Email – When is it secure
Post – Recorded or more secure depending on content Fax – Last resort, ensure number/recipient Microsoft 365 to Transport Layered Security Postal system not infallible, be careful with confidential info Faxes being removed from the Council unless no other option. Fax to options

8 Fair Processing Notice (Privacy Notice)
Data Protection Fair Processing Notice (Privacy Notice) The important thing is what personal information you are collecting and why Control access to personal information mentions the purpose and use of any CCTV and the use you may make of photos of staff and pupils Previously supplied by Council however now responsibility of each School Guidance on ICO website for schools on all matters Be clear/transparent about how you will use the personal information you collect to comply with the first and second principles. Important thing is to tell parents and pupils what personal information you are collecting and why. Mentions purpose and use, unless properly managed, issues can arise from putting identifiable images of pupils on a website/school publication – a form of processing personal data. Fair processing and avoiding unauthorised processing requires you control access, giving it only to people (staff and governors) who need particular information to do their jobs, and only when they need it. This covers access to written/electronic staff and pupil records and recorded CCTV images. Need systems and procedures in place to control access to paper and electronic records containing personal information.

9 Other Issues to consider
Data Protection Other Issues to consider CCTV Freedom of Information/Environmental Information Regulations Subject Access Requests CCTV – Have you got any, are their signs (contact details, purpose), retention periods FOI/EIR – Understand your responsibilities SAR – Process for handling

10 Data Protection Any Questions ???

11 Data Protection Andy Paton Extn 3474

Download ppt "Internal Audit Data Protection"

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
Getting data sharing right for every child

Getting data sharing right for every child
BC Freedom of Information and Protection of Privacy Act

BC Freedom of Information and Protection of Privacy Act
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Information Law Report.

National Smartcard Project Work Package 8 – Information Law Report.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
2010 Case Study – A Pig of a Day Document Risk Management.

2010 Case Study – A Pig of a Day Document Risk Management.
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.

Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.

Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Sharing Pupil Data North Yorkshire County Council Schools Conference Robert Beane and Louise Jackson.

Sharing Pupil Data North Yorkshire County Council Schools Conference Robert Beane and Louise Jackson.

Similar presentations

Ads by Google