2014 dpa training february nn
-
Upload
lawrence-serewicz -
Category
Business
-
view
390 -
download
2
description
Transcript of 2014 dpa training february nn
Data Protection Training Session
Information Management Team
February 2014
2
Table of ContentsSection 1 Introduction: how the Act works
Section 2 Definitions
Section 3 The 8 Principles of the DPA
Section 4 Your responsibilities
Section 5 Additional information
Your take aways
• Know the 8 principles
• Know your role and responsibilities.
3
4
The Legal FrameworkOur use of information is governed by a range of laws principally:
• The Data Protection Act • The Freedom of
Information Act• Common Law Duty of
Confidence• Human Rights ActYou need to know how
these laws affect you!
5
What is the Data Protection Act?
6
7
How the Act Works
As a “data controller” , you have to follow the eight principles so you protect the rights of individuals also known as “data subjects”.
The principles cover how you work with personal data and sensitive personal data.
SECTION TWO: DEFINITIONS
8
9
What is personal Information?Personal information is defined broadly and has two criteria:
First. It must relate to a living person. The dead do not have data protection rights. The living relatives will have a right to privacy and confidentiality.
Second, the person must be identifiable – either from the information itself or from the information plus other information which the data controller either possesses or is likely to possess in the future
The definition of personal data includes any expression of opinion about the data subject.
10
What is Sensitive Personal Data? Sensitive personal information is defined by the Act. It covers the following areas:
Race ethnic originCriminal records (including CRB checks)Membership of a trade unionMedical records (such as sickness absence)Political opinionsReligious, or similar beliefs Sexual life, for example, a person’s sexual
orientation
In most cases explicit consent is needed before these can be used but other conditions may apply.
11
What is a Data Subject
A data subject is any living individual who is the subject of personal data.
12
What is a data controllerAn organisation, or an individual, is a data controller if it has full authority to decide how and why personal data is to be “processed” . When an organisation uses personal data or shares it with another organisation, it is acting as a data controller.
Please note that an employee working for an organisation can never be a data controller.
13
What is processing?
SECTION 3 THE 8 PRINCIPLES
14
• If you learn nothing else on Data Protection, remember the following slide and you’ll probably be OK
15
16
The 8 Data Protection Principles
1. Fairly and lawfully processed2. Processed for limited purposes.3. Adequate, relevant and not excessive4. Accurate and up to date5. Not kept for longer than is necessary. 6. Processed in line with the rights of the
data subject. 7. Stored and processed securely.8. Not transferred to countries without
adequate protection.
17
Principle 1: Fair and Lawful
18
Principle 2. Processed for limited purposes
19
Principle 3. Adequate, relevant, not excessive
20
Principle 4 Accurate
21
Principle 5 Not kept for longer than is necessary.
Principle 6 Rights of Data Subjects
22
23
Principle 7 Secure
• VS
24
Principle 8
Video Breakhttp://www.youtube.com/watch?v=CdYWoLC7TNI&feature=youtu.be
25
SECTION 4 YOUR RESPONSIBILITIES
26
Responsibilities
• Subject Access Requests
• Security of information
• Records management
• Sharing information
27
Subject Access requests
• What is a SAR?
• What do you need to do?• Educational Record• Third Party Data• Confidentiality
28
Security of Paper records
29
Records management
30
Sharing information
31
SECTION 5 CONTACT INFORMATION
32
33
Who to contact?
Information Commissioner’s Office
0303 123 1113
Information Management Team
03000 268 035