Archive, Records Management and Museum Services Confidentiality, Personal Data and the Data Protection Act 1998 Alan R Bell Records Manager and Information Compliance Officer

Archive, Records Management and Museum Services Confidential

Archive, Records Management and Museum Services 1. Done or communicated in confidence; secret. 2. Entrusted with the confidence of another. 3. Denoting confidence or intimacy. 4. Containing information, the unauthorized disclosure of which poses a [risk].

Archive, Records Management and Museum Services the principle in medical ethics that the information a patient reveals to a health care provider is private and has limits on how and when it can be disclosed to a third party. Dorland's Medical Dictionary for Health Consumers. © 2007 by Saunders, an imprint of Elsevier, Inc. All rights reserved. the ethical principle or legal right that a physician or other health professional will hold secret all information relating to a patient, unless the patient gives consent permitting disclosure. The American Heritage® Medical Dictionary Copyright © 2007, 2004 by Houghton Mifflin Company. Published by Houghton Mifflin Company. All rights reserved. 1 the nondisclosure of information except to another authorized person. 2 (in research) protection of study participants such that an individual participant’s identity cannot be linked to the information provided to the researcher and is never publicly divulged. Mosby's Medical Dictionary, 8th edition. © 2009, Elsevier. the nondisclosure of certain information except to another authorized person. Mosby's Dental Dictionary, 2nd edition. © 2008 Elsevier, Inc. All rights reserved. secrecy relating to information. All clinical data have a degree of confidentiality, the level varying with the information and the circumstances. Saunders Comprehensive Veterinary Dictionary, 3 ed. © 2007 Elsevier, Inc. All rights reserved

Archive, Records Management and Museum Services the principle in medical ethics that the information a patient reveals to a health care provider is private and has limits on how and when it can be disclosed to a third party. Dorland's Medical Dictionary for Health Consumers. © 2007 by Saunders, an imprint of Elsevier, Inc. All rights reserved. the ethical principle or legal right that a physician or other health professional will hold secret all information relating to a patient, unless the patient gives consent permitting disclosure. The American Heritage® Medical Dictionary Copyright © 2007, 2004 by Houghton Mifflin Company. Published by Houghton Mifflin Company. All rights reserved. 1 the nondisclosure of information except to another authorized person. 2 (in research) protection of study participants such that an individual participant’s identity cannot be linked to the information provided to the researcher and is never publicly divulged. Mosby's Medical Dictionary, 8th edition. © 2009, Elsevier. the nondisclosure of certain information except to another authorized person. Mosby's Dental Dictionary, 2nd edition. © 2008 Elsevier, Inc. All rights reserved. secrecy relating to information. All clinical data have a degree of confidentiality, the level varying with the information and the circumstances. Saunders Comprehensive Veterinary Dictionary, 3 ed. © 2007 Elsevier, Inc. All rights reserved

Archive, Records Management and Museum Services Information Data Privacy Personal Disclosure/Non-disclosure Legal Rights

Archive, Records Management and Museum Services Personal Data

Archive, Records Management and Museum Services What Is Personal Data? Personal information held: about a living person which can identify that person which may be of a sensitive nature

Archive, Records Management and Museum Services What Is Sensitive Personal Data? Information concerning a person’s: Race Politics Religion Trade Union membership Physical condition or mental health Sexual life Criminal record

Archive, Records Management and Museum Services Personal Information and the Data Protection Act

Archive, Records Management and Museum Services What does it do? Data Protection Act 1998 Governs the ways that personal information can be processed. It is not privacy legislation

Archive, Records Management and Museum Services Growth of computer technology in early 1970’s Development of large data banks of personal information 1984 Data Protection Act – Electronic information only Disparity in Data Protection regimes in EU member states 1995 EU Data Protection Directive nd UK Data Protection Act

Archive, Records Management and Museum Services Implements European Data Protection Directive 95/46/EC in the UK The Act received Royal Assent 1998 – It came into full force 2001 Entirely replace Data Protection Act 1984 Now includes data held in manual formats Updates the Data Protection Principles Includes new rules for processing sensitive personal data New definitions of ‘ personal data’

Archive, Records Management and Museum Services The Act Applies To Paper files Electronic files and databases Web pages Photographs CCTV Voice recordings X rays Publications

Archive, Records Management and Museum Services Relevant Filling System

Archive, Records Management and Museum Services Data Controller: Data Processor: Data Subject: Who/what are these?

Archive, Records Management and Museum Services Data Controller: determines the purposes for which and the manner in which personal data are processed Data Processor: any person, other than an employee of the data controller, who process the data on behalf of the data controller Data Subject: an individual who is the subject of personal data

Archive, Records Management and Museum Services 8 Data Protection Principles 1.‘Personal data shall be processed fairly and lawfully’ 2.‘Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes’ 3.‘Personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed’ 4.‘Personal data shall be accurate and, where necessary, kept up to date’

Archive, Records Management and Museum Services 5.‘Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes’ 6.‘Personal data shall be processed in accordance with the rights of data subjects under this Act’ 7.‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’ 8.‘Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data’

Archive, Records Management and Museum Services 1. ‘Personal data shall be processed fairly and lawfully’  must not deceive or mislead  must state the purpose of the processing  must provide your identity  must have consent of the data subject – can not infer this from a lack of response  must specify time period of consent

Archive, Records Management and Museum Services 1. ‘Personal data shall be processed fairly and lawfully’  must have appropriate safeguards for data  must obtain consent from data subjects for processing if data provided by a third party

Archive, Records Management and Museum Services 2. ‘Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes’  must identify purposes for which data is being processed

Archive, Records Management and Museum Services 2. ‘Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes’  must ensure purposes are compatible with information given to data subjects and to the Office of the Information Commissioner

Archive, Records Management and Museum Services 2. ‘Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes’  must not further process if purposes are not compatible with consent or notification to OIC without resolving conflicts

Archive, Records Management and Museum Services 3. ‘Personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed’  must establish what is collected and why  must audit data holding against need – minimum information must be collected – do not collect ‘just in case’  must establish effective data retention and disposal policies

Archive, Records Management and Museum Services 3. ‘Personal data shall be adequate, relevant, and not excessive in relation to the purpose or purposes for which they are processed’  must establish policies and procedures to test new and modified data collection against the principle

Archive, Records Management and Museum Services 4. ‘Personal data shall be accurate and, where necessary, kept up to date’  must establish methods to validate the source of data  must establish policies and procedures to keep data up to date  must establish policies and procedures to correct or mark as incorrect any disputed data

Archive, Records Management and Museum Services 5. ‘Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes’  must establish policies and procedures review why you are retaining data – eg current use, audit/legal purposes, research purposes.  must delete data that is no longer needed

Archive, Records Management and Museum Services 6. ‘Personal data shall be processed in accordance with the rights of data subjects under this act’  rights of data subjects include:  right to be told that their personal data is being processed and for what purpose  right to obtain a copy of their personal data  right to prevent the use of their data for direct marketing purposes  right to be told to whom the data will be disclosed

Archive, Records Management and Museum Services  right to prevent processing which may cause substantial damage or distress to the data subject  right to have explained the logic behind any decision taken on the basis of the processing of the data 6. ‘Personal data shall be processed in accordance with the rights of data subjects under this act’

Archive, Records Management and Museum Services 6. ‘Personal data shall be processed in accordance with the rights of data subjects under this act’  must manage operations to ensure that data subjects can exercise their rights properly and fully

Archive, Records Management and Museum Services 7. ‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’  practical steps to compliance include:  do not allow staff to share passwords  site PC’s where the screen can not be seen by unauthorised staff or the public and do not leave information on the screen when you are not there  when using external agencies ensure processing is carried out under written contracts

Archive, Records Management and Museum Services  block access to systems by former staff  vet all prospective employees (eg cleaners)  react to allegations of access to unauthorised data  do not leave files unattended in the open  shred personal data rather than bin it  do not design documents/write papers in ways that reveal personal data  physical and electronic security  staff training  measures to prevent accidental loss, damage or destruction of data

Archive, Records Management and Museum Services 8. ‘Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data’  must not transfer data by any means (including electronic) if in doubt

Archive, Records Management and Museum Services Processing of Personal Data (Schedule 2) consent of data subject The processing is:  necessary for the performance of contract or with a view to entering into a contract  necessary for compliance with a legal obligation other than imposed by a contract  necessary in order to protect the vital interests of the data subject

Archive, Records Management and Museum Services  necessary for the administration of justice; for the exercise of functions under an enactment; for functions of the Crown, Ministers, or government departments; for the exercise of other functions of a public nature exercised in the public interest  necessary for the pursuit of legitimate interests except where the processing is unwarranted by reasons of prejudice to the rights and freedoms or legitimate interests of the data subject

Archive, Records Management and Museum Services Processing of Sensitive Data (Schedule 3) consent of data subject The processing is:  necessary to meet obligation under employment law  necessary to protect the vital interests of the data subject or another individual

Archive, Records Management and Museum Services  carried out in the course of legitimate business, is not for profit, has appropriate safeguards, does not involve the disclosure of information to a third party without consent, is by a political, religious, philosophical or trade union body, and concerns only individuals who are members or who are associated with the body  necessary for legal proceedings; obtaining legal advice; establishing, exercising, or defending legal rights

Archive, Records Management and Museum Services  necessary for the administration of justice; for the exercise of functions under an enactment; for functions of the Crown, Ministers, or government departments  necessary for medical purposes; conducted by a health professional or someone with equivalent duty of confidentiality; includes preventative medicine, diagnosis, medical research, provision of care and treatment, management of healthcare services

Archive, Records Management and Museum Services  necessary promote or maintain equal opportunities, subject to appropriate safeguards for rights and freedoms of data subjects Processing can take place where the data subjects have made information about themselves public

Archive, Records Management and Museum Services necessary for medical purposes; conducted by a health professional or someone with equivalent duty of confidentiality; includes preventative medicine, diagnosis, medical research, provision of care and treatment, management of healthcare services

Archive, Records Management and Museum Services Personal data shall be processed fairly and lawfully

Archive, Records Management and Museum Services Personal data shall be processed fairly and lawfully necessary for medical purposes; conducted by a health professional or someone with equivalent duty of confidentiality; includes preventative medicine, diagnosis, medical research, provision of care and treatment, management of healthcare services + Schedule 2 condition

Archive, Records Management and Museum Services necessary for medical purposes; conducted by a health professional or someone with equivalent duty of confidentiality; includes preventative medicine, diagnosis, medical research, provision of care and treatment, management of healthcare services + Schedule 2 condition Personal data shall be processed fairly and lawfully Fair processing statement/privacy notice

Archive, Records Management and Museum Services Informed Consent (schedule 2 and schedule 3) Fair processing statement/privacy notice

Archive, Records Management and Museum Services The Research Exemption

Archive, Records Management and Museum Services 33 Research, history and statistics. (1) In this section— “research purposes” includes statistical or historical purposes; “the relevant conditions”, in relation to any processing of personal data, means the conditions— (a) that the data are not processed to support measures or decisions with respect to particular individuals, and (b) that the data are not processed in such a way that substantial damage or substantial distress is, or is likely to be, caused to any data subject. (2) For the purposes of the second data protection principle, the further processing of personal data only for research purposes in compliance with the relevant conditions is not to be regarded as incompatible with the purposes for which they were obtained. (3) Personal data which are processed only for research purposes in compliance with the relevant conditions may, notwithstanding the fifth data protection principle, be kept indefinitely. (4) Personal data which are processed only for research purposes are exempt from section 7 if— (a) they are processed in compliance with the relevant conditions, and (b) the results of the research or any resulting statistics are not made available in a form which identifies data subjects or any of them. (5)For the purposes of subsections (2) to (4) personal data are not to be treated as processed otherwise than for research purposes merely because the data are disclosed— (a) to any person, for research purposes only, (b) to the data subject or a person acting on his behalf, (c) at the request, or with the consent, of the data subject or a person acting on his behalf, or (d) in circumstances in which the person making the disclosure has reasonable grounds for believing that the disclosure falls within paragraph (a), (b) or (c).

Archive, Records Management and Museum Services Information Data Privacy Personal Disclosure/Non-disclosure Legal Rights

Archive, Records Management and Museum Services Informed Consent