Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection What You Need To Know New College Telford, 23 October 2013.

Published byKiera Shere Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Protection What You Need To Know New College Telford, 23 October 2013."— Presentation transcript:

1 Data Protection What You Need To Know New College Telford, 23 October 2013

2 2 Hello! Jason Miles-Campbell JISC Legal Service Manager jason.miles-campbell @jisclegal.ac.uk 0141 548 4939 www.jisclegal.ac.uk

3 3 About JISC Legal Role: to avoid legal issues becoming a barrier to the use of technology in tertiary education Information service: we cannot take decisions for you when you are faced with a risk

4 Slide 3 of 28

5 Law, ICT and Data Protection jiscleg.al/DataProtection

6 Common Scenarios A parent requests information on son’s progress Police request information on one of your students A tutor asks to see a reference supplied by her supervisor An employer requests information on an employee’s attendance Personal details of a student disclosed in confidence appear on FB A staff mobile phone containing sensitive data is lost Internal sharing of data amongst staff External sharing of data - ALL have DP compliance implications

7 Why Comply? 1.It’s the law 2.Good business practice 3.Sets a good example 4.Confidence 5.Risk (ID theft)

8 When it comes to data protection... 1.I’m confident 2.I’ve a fair idea 3.I dabble 4.I ask others 5.I hide in the toilet

9 Recent Headlines Serious Data Protection Risks for App Users Unencrypted Devices Pose ‘Unnecessary Risk’ for Sensitive Data Think Before You Tweet or Risk Arrest Teacher in FB Meltdown University Sends Personal Data to Wrong Recipient University Breaches DPA by Disclosing Personal Data on Website Negligent Employees and Contractors Cause 36% of UK Data Breaches Duplicate Password Use by School Leads to data breach FB Comments Result in sacking

10 10 Data Protection Law Data Protection Act 1998 Information Commissioner (www.ico.gov.uk)www.ico.gov.uk Other relevant law: Freedom of Information Act 2000 Privacy and Electronic Communications Regs 2003 Protection of Freedoms Act 2012

11 11 Data Protection Essentials “Data protection..regimes…do not seek to protect data itself,... they seek to provide the individual with a degree of control over the use of their personal data” “data privacy regimes do not seek to cut off the flow of data, merely to see that it is collected and used in a responsible and, above all, accountable, fashion” Source: DP Code of Practice for FE and HE i.e. Data Protection law does not prevent using and sharing personal data but.. ICO power to impose fines direct for serious security breaches

12 Understanding Your Duties Data Subject Data Controller Data Processor Processing

13 NCT contracts with Help4U to produce pay slips. Unfortunately, Help4U send the payslips to the wrong recipients. Who is liable? 1.The college as data controller 2.The processor as they caused the error 3.Both the data controller and the processor 4.Neither

14 What is Personal Data? Any information which relates to an identified or identifiable person Living persons Must be significant biographical information which affects privacy Sensitive personal data

15 Which of the following is likely to be covered by the DPA? 1.a deceased staff member’s email account 2.numerals to identify students in a VLE 3.documents relating to a disciplinary matter 4.‘John Smith’ on a post it on a monitor

16 The 8 Data Protection Principles – key to compliance 1.fair and lawful 2.limited purposes 3.adequate, relevant and not excessive 4.accurate and current 5.not kept longer than necessary 6.respect the rights of the individual 7.appropriate security 8.transfer outside EEA needs adequate protection

17 17 Fair Processing… and Lawful Processing A processing notice – transparency Weighing up interests v privacy Would you be happy?

18 Lawful Processing and Lawful Processing To process, a Schedule 2 condition must be met: Consent Legitimate interest of the data controller Fulfilment of a contractual obligation More stringent conditions for ‘sensitive’ personal data 18

19 One of these is fair and lawful. Which? 19 1.The college releases details on student attendance to a parent 2.The college collects name and contact details of all students 3.A tutor puts personal details of a student on his Facebook account

20 A college keeps all emails for 10 years. Is this in line with the DPA? 20 1.Yes 2.No 3.Might be 4.Not sure

21 New College Telford should give out information about students and staff to other organisations 21 1.Never 2.Rarely 3.Freely upon request 4.Only when the person gives permission 5.Only when a senior manager authorises it

22 Information can be shared freely internally (between staff) within your organisation 1.True 2.False 3.Not sure 22

23 When handling personal data in your role consider: 1.Purpose: what data do you hold and why are you collecting personal data? 2.Fairness: is the reason fair to the data subject? 3.Transparency: does the data subject know about it? 4.Security: is there an appropriate level of security? Important Points…

24 Some Scenarios…….. Over to you

25 1.Supply it - nothing wrong in doing this 2.Supply it – learner is under 18 3.Withhold it as he should never access it 4.Withhold it until you have consent A father asks for information on his son’s progress. Do you…

26 1.Supply it because it’s the police 2.Supply it only when you know what it’s for and think it is relevant information to the investigation 3.Never supply it The police arrive at reception asking for a student’s address, his record of attendance and whether he is currently in class. What should you do?

27 1.Password protection and encryption 2.None as kept on campus 3.It depends on the type of information What security should be on devices holding personal data?

28 1.Copy them on to a USB memory stick to take with you 2.Use your own laptop or tablet after consulting IT, checking policy and ensuring security 3.Email them to your webmail 4.Log into and save to the college network from home You want to finish student profile reports at home. What do you do?

29 1.The College is liable for the breach 2.There is no liability, it was an accident, not deliberate 3.The member of staff is liable not the college A member of staff clicks the wrong email group and sends personal info about a student’s health to other students instead of relevant tutors. Who is liable?

30 Where the DP policy is, how to access it and its contents Have awareness of DP and how it may affect students, staff etc. That what you’re doing is covered by the data protection notice to students, staff etc. How to store/share personal information on and off campus How to keep personal information secure (mobiles, social networking) Where to get help What should you know?

31 Sources of Help Your institution’s DP officer Your institutional policies and procedures info@jisclegal.ac.uk and www.jisclegal.ac.uk (code of practice)info@jisclegal.ac.uk www.jisclegal.ac.uk

32 Questions? ? www.jisclegal.ac.uk info@jisclegal.ac.uk 0141 548 4939

33

Download ppt "Data Protection What You Need To Know New College Telford, 23 October 2013."

Similar presentations

Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.

Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Using Information at the University University Secretarys Office

Using Information at the University University Secretarys Office
IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.

Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: What You Need to Know.

Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: What You Need to Know.
Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.

Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.
Slide 1 Friday, 15 March 2013 Confident in Data Protection Compliance Ayrshire College.

Slide 1 Friday, 15 March 2013 Confident in Data Protection Compliance Ayrshire College.
Slide 1 of 16 An Overview of Legal Issues Relating to BCE and pointers to specific legal resources Supporting Professional Development for Engagement:

Slide 1 of 16 An Overview of Legal Issues Relating to BCE and pointers to specific legal resources Supporting Professional Development for Engagement:
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Getting data sharing right for every child

Getting data sharing right for every child
Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.

Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.
Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.

Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.

Similar presentations

Ads by Google