Presentation on theme: "Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are."— Presentation transcript:
Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are collecting their information, what you are going to do with it and who you may share it with... e.g. when formulating a research project, remember to be open and transparent about what you will be doing with the information Research Project
Principle 2 Principle 2 Processed only for specified lawful purposes/no incompatible processing Only use the information for the authorised purpose(s) stated Look out for tick boxes often hidden at the bottom of forms !! Please tick if you do not wish your details to be used for internal promotions or passed to our parent companies Please tick if you do not wish to receive information about products and services from carefully selected companies
Principle 3 Principle 3 Adequate, relevant and not excessive Only collect and keep the information you require … Do not keep “just in case it might be useful one day” ! e.g. taking both daytime and evening telephone number if you know you will only call in the day
Principle 4 Principle 4 Accurate and kept up-to-date Are you sure your information is up to date? Take care inputting data Do you have mechanisms for checking your information is accurate? e.g. each time a patient attends a clinic, they are asked to confirm that their details are correct - address, telephone number etc I wonder if anything has changed???
Principle 5 Principle 5 Not kept for longer than is necessary Follow advised Retention periods – For the Record (HSC 1999/053) Ensure regular housekeeping/spring cleaning Do not keep “just in case it might be useful one day” ! Can I dispose of this now?
Principle 6 Principle 6 Processed in accordance with data subjects’ rights Subject access Prevention of processing Processing for direct marketing – an end to junk mail and faxes ! Automated decision taking Compensation Rectification/blocking/erasure Request an assessment Rights Individual
E.g. Keep your password secret Always keep confidential papers in a locked cabinet… clear desk policy? Ensure confidential telephone conversations cannot be overheard Ensure secure route for confidential faxes (Safe Haven) Principle 7 Principle 7 Protected by appropriate security (Practical)
Principle 7 Principle 7 Protected by appropriate security (Organisational) An organisation needs... Good data management practices Guidelines on IT security Staff training Confidentiality clause in employment contracts Procedure for access to personal data Confidentiality contracts with third parties e.g. archiving companies, cleaners, confidential waste ESHA Security Policy ITBuilding ProceduresStorage Disposal Contracts Human Resources Equipment
Principle 8 Principle 8 Not transferred outside the European Economic Area (EEA) without adequate protection Be careful about Websites e.g. if putting personal information data on a website, gain consent from the person first Where is your support service operator based ?? … if outside the EEA is your information adequately protected??
For further information... Caldicott Guardian: Dr Ian Clark Data Protection Co-ordinator: Helen Wells – Ext Information Integrity Support: Nicola Gould – Ext Information Commissioner’s website: Caldicott website: