1 / 27

Data Protection webinar: Overview of Data Protection & Confidentiality

13 th May 2014. Data Protection webinar: Overview of Data Protection & Confidentiality. Welcome. We’re just making the last few preparations for the webinar to start at 11.00. Keep your speakers or headphones turned on and you will shortly hear a voice! .

sherry
Download Presentation

Data Protection webinar: Overview of Data Protection & Confidentiality

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 13th May 2014 Data Protection webinar:Overview of Data Protection & Confidentiality Welcome. We’re just making the last few preparations for the webinar to start at 11.00. Keep your speakers or headphones turned on and you will shortly hear a voice!

  2. This presentation is intended to help you understand aspects of the Data Protection Act 1998 and related legislation.It is not intended to provide detailed advice on specific points, and is not necessarily a full statement of the law.

  3. What Data Protection is about: 1 Prevent harm to the individuals whose data we hold, or other people Keep information in the right hands Hold good quality data Protecting data Protecting people   Clients Service users Employees Volunteers Donors Members Supporters Professional contacts 4

  4. Examples: 1 • Giving out an address or phone number allows someone to be harassed or stalked • Poor security over financial details gives opportunities for ID fraud • Losing information means that you can’t deliver the service someone needs • Wrong information leads to someone not getting a job they were eligible for

  5. What Data Protection is about: 2 Reassure people that we use their information responsibly, so that they trust us Be transparent – open and honest, don’t hide things or go behind people’s back Offer people a reasonable choice over how you use their data, and what for Give us more money! Support our campaign! We sold your details to someone else 6

  6. Comply with specific legal requirements, such as: What Data Protection is about: 3  • Right to opt out of direct marketing • Right of Subject Access • Notification • (And others) 7

  7. Security Transparency Choice Accuracy & data quality But first: The Data Protection Principles The definition of Personal data Confidentiality The main topics for this webinar: 8

  8. The Data Protection Principles Data ‘processing’ must be ‘fair’ and legal You must limit your use of data to the purpose(s) you obtained it for Data must be adequate, relevant & not excessive Data must be accurate & up to date Data must not be held longer than necessary Data Subjects’ rights must be respected You must have appropriate security Special rules apply to transfers abroad 9

  9. Personal data

  10. Personal data The Act applies to information that is ‘personal’ and ‘data’ The personal part means that it is about: identifiable, living individuals The data part means that it is recorded: • electronically or on an automated system • in a ‘relevant filing system’ • with the intention of going into one of these systems 11

  11. Data Protection and Confidentiality overlap a lot, but they are not the same Data Protection Confidentiality Clear boundaries 12

  12. Confidentiality Define the boundaries: who has access to what information for what purposes Does everyone affected understand where the boundaries are? How do you make sure all your staff and volunteers take the boundaries seriously?

  13. Gossip Scams/ mistakes ‘Too onerous’ security Taking confidentiality seriously

  14. You could be breaking the law if you don’t respect confidentiality It is a Criminal offence ‘knowingly or recklessly’ to: access data you are not authorised to access allow another person unauthorised access Examples: Criminal record and fine for operator who looked to see if her friends were on the police database Criminal record and fine (and no job) for bank clerk who looked up finances of partner’s ex-wife 15

  15. Security (Principle 7) The Data Protection Act says you must prevent: unauthorised access to personal data accidental loss or damage of personal data The security measures must be appropriate. They must also be technical and organisational. £500,000 The Information Commissioner can impose a penalty of up to £??????? for gross breaches of security. 16

  16. Key security measures • Protect ‘data in transit’ • passwords, encryption on emails, USB devices and laptops • extreme care when faxing, e-mailing & posting • Network security – anti-virus, firewall, log-ons, etc. • Website security – ‘OWASP top ten’ • ‘Bring Your Own Device’ policy • External contractors (‘Data Processors’) • Secure destruction – shredding, etc. • Access controls, clear desks, locked filing cabinets • Staff DBS checks, supervision and monitoring

  17. ‘Fair’ processing (Principle 1): Transparency One part of being fair to people is to make sure they have no unpleasant surprises when you use data about them. This means you must always think whether you need to tell them anything about: who is collecting their information what purposes you hold their data for who you might pass the data on to how to contact you if they want to stop you from using their data or check what you are doing 18

  18. Transparency

  19. ‘Fair’ processing (Principle 1): Choice The other important part of being fair is to give people a reasonable choice over how their information is used. People must be given a choice over Direct marketing Choices can be: Opt out (we’ll do it unless you say ‘no’) Opt in (we’ll only do it if you say ‘yes’) Be clear about what choices are offered, record them carefully, and ensure that they are acted on. Pre-ticked boxes are not good practice

  20. Conditions for fair processing With consent of the Data Subject (“specific, informed and freely given”) For a contract involving the Data Subject To meet a legal obligation To protect the Subject’s ‘vital interests’ Government & judicial functions In your ‘legitimate interests’ provided the Data Subject’s interests are respected 21

  21. Transparency & choice

  22. Data quality (Principles 3 & 4) The Data Protection Act says that data must be: Adequate Relevant Not excessive Accurate Up to date (where necessary)

  23. Why does data quality matter? • Insufficient information about a volunteer’s medical condition --» they get placed in a risky situation • Wrong address --» cheque goes astray • Failure to update all your records --» further mailings after you have been told that they died • Irrelevant/biased information --» client gets treated poorly by other staff

  24. Data Controller (Staff & volunteers are part of the Data Controller) A trading company is a separate Data Controller Organisations can be joint Data Controllers • The ‘person’ legally responsible for complying with the Data Protection Act   25

  25. The Data Protection Principles Data ‘processing’ must be ‘fair’ and legal You must limit your use of data to the purpose(s) you obtained it for Data must be adequate, relevant & not excessive Data must be accurate & up to date Data must not be held longer than necessary Data Subjects’ rights must be respected You must have appropriate security Special rules apply to transfers abroad  ()   () ()  () 26

  26. Data Protection:the absolute basics We are trying to: Prevent harm by Keeping data only in the right hands (and being clear what ‘the right hands’ are) Holding good quality data (accurate, up to date and adequate) Reassure people so that they trust us Making sure people know enough about what we are doing Giving people a choice where possible 27

  27. Many thanks Follow-up questions: paul@paulticher.com To come by e-mail: • Link to evaluation questionnaire • Link to download the presentation, after you have completed the questionnaire

More Related