Presentation is loading. Please wait.

Presentation is loading. Please wait.

Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do 17/07/2013.

Published byClemence Owens Modified over 9 years ago

Similar presentations

Presentation on theme: "Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do 17/07/2013."— Presentation transcript:

1 Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do 17/07/2013 DPA Presentation v31

2 Person Identifiable Data (PID) - the information that would enable a person’s identity to be established 17/07/2013 DPA Presentation v32 Main Points

3 The term applies to a combination of some of the following data items wherever it/they may appear and irrespective of the name of any data field in which it/they may appear, allowing that patient to be identified: Name - including last name and any forename or aliases Address – including any current or past address of residence Postcode - including any current or past postcode of residence Telephone number Date of birth NHS number Ethnic category Local Patient identifier Hospital Encounter number Patient pathway identifier SUS spell ID Unique booking reference number Date of death 17/07/2013 DPA Presentation v33 Person Identifiable Data (PID)

4 Person Identifiable Data (PID) - the information that would enable a person’s identity to be established Security and confidentiality of PID 17/07/2013 DPA Presentation v34 Main Points

5 Keep it safe Don’t let someone else have it Don’t give someone’s secrets away 17/07/2013 DPA Presentation v35 Security and confidentiality of PID

6 Why not? The Data Protection Act is the law that protects us against illegal and inappropriate use of our personal information without our consent, and the same applies to us using the information of others 17/07/2013 DPA Presentation v36 Security and confidentiality of PID

7 Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:eight principles of the Data Protection Act 1.Fairly and lawfully processed 2.Processed for limited purposes 3.Adequate, relevant and not excessive 4.Accurate and up to date 5.Not kept for longer than is necessary 6.Processed in line with your rights 7.Secure 8.Not transferred to other countries without adequate protection 17/07/2013 DPA Presentation v37 Data Protection Act Principles

8 Person Identifiable Data (PID) - the information that would enable a person’s identity to be established Security and confidentiality of PID The need to identify individual data subjects 17/07/2013 DPA Presentation v38 Main Points

9 Do you really need to know who they are? If so, they must give informed consent Anonymisation and Pseudonymisation 17/07/2013 DPA Presentation v39 The need to identify individuals

10 Data Protection Act Civil Rights Freedom of Information 17/07/2013 DPA Presentation v310 Reasons to be careful – part 1

11 Information Commissioner’s Office (ICO) Wrath of the ICO Legal and Financial penalties 17/07/2013 DPA Presentation v311 Reasons to be careful – part 2

12 If we breach any of the DPA Principles, the ICO can impose heavy financial penalties, up to £500,000 a time. If a person thinks that we are not doing all we should with their personal data they can ask the ICO to investigate. The ICO will arrive unannounced and will carry out a stringent audit on all our processes for handling Personal Data. 17/07/2013 DPA Presentation v312 Data Protection Act and the ICO

13 Information Security Maintain Confidentiality Always keep on the right side of the law 17/07/2013 DPA Presentation v313 What can you do?

14 Electronic data security Physical security What to watch out for 17/07/2013 DPA Presentation v314 Information Security

15 Don’t gossip 17/07/2013 DPA Presentation v315 Maintain Confidentiality

16 17/07/2013 DPA Presentation v316 Stay safe online What’s at risk? Personal information Corporate information

17 Source of risk? Virus writers Email attachments Software 17/07/2013 DPA Presentation v317 Stay safe online

18 Types of risk? Worms Trojan Horses Botnet Phishing 17/07/2013 DPA Presentation v318 Stay safe online

19 Types of risk? Worms Trojan Horses Botnet Phishing 17/07/2013 DPA Presentation v319 Stay safe online

20 Types of risk? Worms Trojan Horses Botnet Phishing 17/07/2013 DPA Presentation v320 Stay safe online If you click on My Account Activity you will go to somewhere quite unexpected

21 Can you avoid the risk? 17/07/2013 DPA Presentation v321 Stay safe online

22 Can you avoid the risk? Not really 17/07/2013 DPA Presentation v322 Stay safe online

23 Can you avoid the risk? Not really Damage limitation 17/07/2013 DPA Presentation v323 Stay safe online

24 Can you avoid the risk? Not really Damage limitation Use Encryption 17/07/2013 DPA Presentation v324 Stay safe online

25 Avoid being the risk Email protocol Using social media Follow the rules 17/07/2013 DPA Presentation v325 Stay safe online

26 What if you are targeted? SPAM Suspected Malware You said something you shouldn’t have 17/07/2013 DPA Presentation v326 Stay safe online

27 What you need to do 1.Think before you Send 2.Don’t fall for hoaxes 3.Take care with social media 17/07/2013 DPA Presentation v327 Stay safe online

28 Finally If a process isn’t intuitive, use a Checklist Know where the Policies, Procedures and Guidelines are stored When in doubt, ask! 17/07/2013 DPA Presentation v328 Always keep on the right side of the law

Download ppt "Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do 17/07/2013."

Similar presentations

I. Positive IT has had a massive impact in the last 40 years. People rely on using technology to stay in touch with people. Technology has had a positive.

I. Positive IT has had a massive impact in the last 40 years. People rely on using technology to stay in touch with people. Technology has had a positive.
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.

The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
3 Is there something I should know? Exercising our rights.

3 Is there something I should know? Exercising our rights.
Data Protection Act.

Data Protection Act.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.
The Legal Framework Can you work out which slide each bullet point should go on?!

The Legal Framework Can you work out which slide each bullet point should go on?!
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
2 Private versus public. 2 Lesson objectives By the end of the session, you will: understand how you might unintentionally disclose personal data; define.

2 Private versus public. 2 Lesson objectives By the end of the session, you will: understand how you might unintentionally disclose personal data; define.
Implementation of Security and Confidentiality in GP Practices.

Implementation of Security and Confidentiality in GP Practices.
Handling information 14 Standard.

Handling information 14 Standard.
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma

Similar presentations

Ads by Google