Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do 17/07/2013.

Slides:



Advertisements
Similar presentations
I. Positive IT has had a massive impact in the last 40 years. People rely on using technology to stay in touch with people. Technology has had a positive.
Advertisements

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Introduction to Information Governance (IG)
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Confidentiality & Records Management. What is Information Governance? What is Records Management?
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
3 Is there something I should know? Exercising our rights.
Data Protection Act.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Act. Lesson Objectives To understand the data protection act.
The Legal Framework Can you work out which slide each bullet point should go on?!
Data Protection for Church of Scotland Congregations
2 Private versus public. 2 Lesson objectives By the end of the session, you will: understand how you might unintentionally disclose personal data; define.
Implementation of Security and Confidentiality in GP Practices.
Handling information 14 Standard.
Health & Social Care Apprenticeships & Diploma
Professional Values and Basic Business Legislation.
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.
What is personal data? Personal data is data about an individual which they consider to be private.
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
The health and safety act was introduced to protect the welfare of people of the workplace. Before being introduced in 1974 it was estimated that 8.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Information Systems Unit 3.
Impacts of I.T. Ethical, Social, legal and economic impacts on I.T.
Cyber Safety Jamie Salazar.
ICT and the Law Mr Conti. Did you see anything wrong with that? Most people wouldn’t want that sort of information posted in a public place. Why? Because.
Laws related to ICT   There are 4 laws that you might be asked about in the exams: Health & Safety at Work Act The Computer Misuse Act 1990 The Copyright,
INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.
Data Protection and research Rachael Maguire Records Manager.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
Data Protection Philip Reed. Introduction What is data? What is data protection? Who needs your data? Who wants your data? Who does not need your data?
Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
Computing and Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
Security of, privacy of and access to personal/confidential information/data.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Data protection—training materials [Name and details of speaker]
Safety & Security By Kieran Bolko. Laws The main law that you should be taking note of is the Data Protection Act 1998 – this law sets rules for the electronic.
Data protection act. During the second half of the 20th century, businesses, organisations and the government began using computers to store information.
Information Governance A refresher for all staff who have previously gone through the full course.
The Data Protection Act 1998
Data protection and data sharing
Data Protection and Confidentiality
Data Protection Act.
GDPR Overview Gydeline – October 2017
The Data Protection Act 1998
GDPR Overview Gydeline – October 2017
GDPR - Individual’s Rights
G.D.P.R General Data Protection Regulations
General Data Protection Regulation
Data Protection principles
Data Protection and You
Unit 7 – Organisational Systems Security
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
D3 Confidentiality.
Information management and communication
Data protection and data sharing
Identify the laws and guidelines that affect day-to-day use of IT.
Handling information 14 Standard.
European Computer Driving Licence Syllabus version 5.0
Presentation transcript:

Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do 17/07/2013 DPA Presentation v31

Person Identifiable Data (PID) - the information that would enable a person’s identity to be established 17/07/2013 DPA Presentation v32 Main Points

The term applies to a combination of some of the following data items wherever it/they may appear and irrespective of the name of any data field in which it/they may appear, allowing that patient to be identified: Name - including last name and any forename or aliases Address – including any current or past address of residence Postcode - including any current or past postcode of residence Telephone number Date of birth NHS number Ethnic category Local Patient identifier Hospital Encounter number Patient pathway identifier SUS spell ID Unique booking reference number Date of death 17/07/2013 DPA Presentation v33 Person Identifiable Data (PID)

Person Identifiable Data (PID) - the information that would enable a person’s identity to be established Security and confidentiality of PID 17/07/2013 DPA Presentation v34 Main Points

Keep it safe Don’t let someone else have it Don’t give someone’s secrets away 17/07/2013 DPA Presentation v35 Security and confidentiality of PID

Why not? The Data Protection Act is the law that protects us against illegal and inappropriate use of our personal information without our consent, and the same applies to us using the information of others 17/07/2013 DPA Presentation v36 Security and confidentiality of PID

Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:eight principles of the Data Protection Act 1.Fairly and lawfully processed 2.Processed for limited purposes 3.Adequate, relevant and not excessive 4.Accurate and up to date 5.Not kept for longer than is necessary 6.Processed in line with your rights 7.Secure 8.Not transferred to other countries without adequate protection 17/07/2013 DPA Presentation v37 Data Protection Act Principles

Person Identifiable Data (PID) - the information that would enable a person’s identity to be established Security and confidentiality of PID The need to identify individual data subjects 17/07/2013 DPA Presentation v38 Main Points

Do you really need to know who they are? If so, they must give informed consent Anonymisation and Pseudonymisation 17/07/2013 DPA Presentation v39 The need to identify individuals

Data Protection Act Civil Rights Freedom of Information 17/07/2013 DPA Presentation v310 Reasons to be careful – part 1

Information Commissioner’s Office (ICO) Wrath of the ICO Legal and Financial penalties 17/07/2013 DPA Presentation v311 Reasons to be careful – part 2

If we breach any of the DPA Principles, the ICO can impose heavy financial penalties, up to £500,000 a time. If a person thinks that we are not doing all we should with their personal data they can ask the ICO to investigate. The ICO will arrive unannounced and will carry out a stringent audit on all our processes for handling Personal Data. 17/07/2013 DPA Presentation v312 Data Protection Act and the ICO

Information Security Maintain Confidentiality Always keep on the right side of the law 17/07/2013 DPA Presentation v313 What can you do?

Electronic data security Physical security What to watch out for 17/07/2013 DPA Presentation v314 Information Security

Don’t gossip 17/07/2013 DPA Presentation v315 Maintain Confidentiality

17/07/2013 DPA Presentation v316 Stay safe online What’s at risk? Personal information Corporate information

Source of risk? Virus writers attachments Software 17/07/2013 DPA Presentation v317 Stay safe online

Types of risk? Worms Trojan Horses Botnet Phishing 17/07/2013 DPA Presentation v318 Stay safe online

Types of risk? Worms Trojan Horses Botnet Phishing 17/07/2013 DPA Presentation v319 Stay safe online

Types of risk? Worms Trojan Horses Botnet Phishing 17/07/2013 DPA Presentation v320 Stay safe online If you click on My Account Activity you will go to somewhere quite unexpected

Can you avoid the risk? 17/07/2013 DPA Presentation v321 Stay safe online

Can you avoid the risk? Not really 17/07/2013 DPA Presentation v322 Stay safe online

Can you avoid the risk? Not really Damage limitation 17/07/2013 DPA Presentation v323 Stay safe online

Can you avoid the risk? Not really Damage limitation Use Encryption 17/07/2013 DPA Presentation v324 Stay safe online

Avoid being the risk protocol Using social media Follow the rules 17/07/2013 DPA Presentation v325 Stay safe online

What if you are targeted? SPAM Suspected Malware You said something you shouldn’t have 17/07/2013 DPA Presentation v326 Stay safe online

What you need to do 1.Think before you Send 2.Don’t fall for hoaxes 3.Take care with social media 17/07/2013 DPA Presentation v327 Stay safe online

Finally If a process isn’t intuitive, use a Checklist Know where the Policies, Procedures and Guidelines are stored When in doubt, ask! 17/07/2013 DPA Presentation v328 Always keep on the right side of the law

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.