Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection webinar: Data Protection & Human Resources 18 th March 2014 Welcome. Were just making the last few preparations for the webinar to start.

Similar presentations

Presentation on theme: "Data Protection webinar: Data Protection & Human Resources 18 th March 2014 Welcome. Were just making the last few preparations for the webinar to start."— Presentation transcript:

1 Data Protection webinar: Data Protection & Human Resources 18 th March 2014 Welcome. Were just making the last few preparations for the webinar to start at 11.00. Keep your speakers turned on and you will shortly hear a voice!

2 Please note: If you want to make the links and animations in this presentation work, you need to Show it as a slideshow (press F5) If you can see this slide, you are not in Show mode and the links and animations wont work

3 This presentation is intended to help you understand aspects of the Data Protection Act 1998 and related legislation. It is not intended to provide detailed advice on specific points, and is not necessarily a full statement of the law.

4 4 What Data Protection is about: 1 Prevent harm to the individuals whose data we hold, or other people Keep information in the right hands Hold good quality data Protecting people Protecting data EmployeesVolunteers DonorsService users MembersProfessional contacts

5 5 What Data Protection is about: 2 Reassure people that we use their information responsibly, so that they trust us Be transparent – open and honest, dont hide things or go behind peoples back Offer people a reasonable choice over how you use their data, and what for Give us more money! Support our campaign! We sold your details to someone else

6 Comply with specific legal requirements, such as: 6 What Data Protection is about: 3 Right to opt out of direct marketing Right of Subject Access Notification (And others)

7 Best practice with HR records External suppliers (e.g. payroll) The wider role of HR Contracts and staff handbooks But first: The Data Protection Principles The definition of Personal data Confidentiality 7 The main topics for this webinar:

8 8 The Data Protection Principles 1.Data processing must be fair and legal 2.You must limit your use of data to the purpose(s) you obtained it for 3.Data must be adequate, relevant & not excessive 4.Data must be accurate & up to date 5.Data must not be held longer than necessary 6.Data Subjects rights must be respected 7.You must have appropriate security 8.Special rules apply to transfers abroad

9 Personal data DataNot data Personal Not personal

10 10 Personal data The Act applies to information that is personal and data The personal part means that it is about: identifiable, living individuals The data part means that it is recorded: on a computer or automated system in a relevant filing system with the intention of going into one of these systems

11 11 Confidentiality Clear boundaries Data Protection and Confidentiality overlap a lot, but they are not the same Data Protection

12 How confidential is confidential? Reasons for absence Sickness records Pregnancy Disability Disciplinaries Supervision notes Welfare/home circumstances

13 Taking confidentiality seriously Passwords Gossip Scams

14 14 You could be breaking the law if you dont respect confidentiality It is a Criminal offence knowingly or recklessly to: access data you are not authorised to access allow another person unauthorised access Examples: Criminal record and fine for operator who looked to see if her friends were on the police database Criminal record and fine (and no job) for bank clerk who looked up finances of partners ex-wife

15 15 HR records: Principle 1 Transparency & Choice You must always ensure that Data Subjects are not in the dark about: who is collecting their information what purposes you hold their data for who you might pass the data on to how to contact you if they want to stop you from using their data or check what you are doing You must give people a reasonable choice over how their data is used – and in any case you must meet at least one of the Schedule 2 Conditions Fair Processing

16 16 Fair Processing conditions With consent of the Data Subject (specific, informed and freely given) For a contract involving the Data Subject To meet a legal obligation To protect the Subjects vital interests Government & judicial functions In your legitimate interests provided the Data Subjects interests are respected

17 HR records: Principle 2 Limited purposes When you obtain information your purpose(s) must be clear Staff administration is likely to cover almost all HR functions You must use information only in ways that are compatible with the original purpose(s)

18 HR records: Principles 3 & 4 Data quality The Data Protection Act says that data must be: Adequate Relevant Not excessive Accurate Up to date (where necessary)

19 HR records: Principle 5 Retention Not longer than necessary Refer to employment law book Take account of any regulations specific to your organisations area of work Broad brush approach: Short term (up to 6 months? current year?) Medium term (often 6 to 7 years) Long term (effectively indefinite)

20 HR records: Principle 6 Data Subject rights (access) Subject Access is important Can run alongside open files/self service The right is to access all their personal data, this includes e-mails about them There are exemptions: negotiations, planning … You may have to redact third party information Where someone else is the source Where the information is about someone else

21 HR records: Principle 6 Data Subject rights (references) References you have given are exempt from subject access References you have received should be shown unless they are confidential When giving a reference: Is the information you have still accurate and up to date? Make it clear whether the reference is confidential or not

22 22 HR records: Principle 7 Security The Data Protection Act says you must prevent: unauthorised access to personal data accidental loss or damage of personal data The security measures must be appropriate. They must also be technical and organisational. The Information Commissioner can impose a penalty of up to £??????? for gross breaches of security. £500,000

23 Key security measures Protect data in transit Passwords & encryption on USB devices and laptops extreme care when faxing, e-mailing & posting think about encryption on e-mails if appropriate BYOD policy Access controls, clear desks, locked filing cabinets HR information held by line managers External contractors (Data Processors) Secure destruction – shredding, etc.

24 24 Data Controller A trading company is a separate Data Controller Organisations can be joint Data Controllers Good practice to have a Data Protection Officer The person legally responsible for complying with the Data Protection Act

25 25 Data Processor An organisation that work is outsourced to, which involves accessing Personal Data The Data Controller remains responsible for what happens to the data There must be a written contract with the Data Processor, setting out: what they are to do what the relationship is security others worth looking at (checklist)checklist

26 The role of HR in promoting good Data Protection practice I Job descriptions Employment contracts Staff handbook Behaviour/Code of conduct HR Policies and procedures Induction Training Monitoring Discipline (Dont forget temps, interns, placements, etc.)

27 The role of HR in promoting good Data Protection practice II Policies & procedures in operational areas: Service users Fundraising, membership & supporters Volunteers Safeguarding Complaints procedure Repository of good practice Written in full collaboration with relevant managers

28 28 Data Protection: the absolute basics We are trying to: Prevent harm by Keeping data only in the right hands (and being clear what the right hands are) Holding good quality data (accurate, up to date and adequate) Reassure people so that they trust us Making sure people know enough about what we are doing Giving people a choice where possible

29 Many thanks Follow-up questions: To come by e-mail: *Link to evaluation questionnaire *Link to download the presentation, after you have completed the questionnaire

Download ppt "Data Protection webinar: Data Protection & Human Resources 18 th March 2014 Welcome. Were just making the last few preparations for the webinar to start."

Similar presentations

Ads by Google