Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

Slides:



Advertisements
Similar presentations
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Advertisements

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya
The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The Data Protection Act
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Practical Information Management
The Information Commissioner’s Office David Evans.
Handling information 14 Standard.
Research Paper Presentation Software Engineering in agent systems.
Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.
The Data Protection Act 1998 The Eight Principles.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act AS Module Heathcote Ch. 12.
Local Government Reform: Incorporating Planning Functions Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
Data Protection: What You Need to Know Shauna Dunlop 1 July 2015.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
The Data Protection Act - Confidentiality and Associated Problems.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
DATA PROTECTION ACT DATA PROTECTION ACT  Gives rights to data subjects (i.e. people who have data stored about them on a computer)  Information.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Data protection—training materials [Name and details of speaker]
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
The Data Protection Act 1998
Education Update Data Protection
The Data Protection Act 1998
CISI – Financial Products, Markets & Services
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Level 2 Diploma in Customer Service
Privacy Impact Assessments (PIAs)
General Data Protection Regulation
Data Protection Act.
The Data Protection Act 1998
Data Protection Legislation
Data Protection & Freedom of Information- An Introduction
G.D.P.R General Data Protection Regulations
General Data Protection Regulation
Data Protection principles
General Data Protection Regulations 2018
Caring for People and their Data
Local Govt Reorganisation: Information Flows
GDPR what do we need to do?
Presentation transcript:

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office 2 December 2014

Contents Local Government Reorganisation Data Protection Principles Meeting the Principles

Local Government Reorganisation Super Council Existing powers New organisation

Local Government Reorganisation Super Council Planning Urban Regeneration / Community Development Community Planning Economic Development & Tourism Housing Regulation Off-street Parking Historical Buildings Transferred powers New organisation

Data Protection Principles The DPA is underpinned by a set of eight straightforward, common sense principles that organisations should follow. They state that personal data should be: 1) Processed fairly and lawfully 2) Processed for specified purposes 3) Adequate, relevant and not excessive 4) Accurate and up to date 5) Held for no longer than is necessary 6) Processed in accordance with the rights of individuals 7) Kept secure 8) Transferred outside the EEA only with adequate protection

Principle 1 – Fair and Lawful Processing Personal data shall be processed fairly and lawfully Register with the ICO Inform service users of forthcoming change……. …………..and again after reorganisation Have Retention and Disposal Schedules approved

Principle 2 – Processing for Specified Purposes Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. Review Privacy Policies Integrate where appropriate Ensure any new uses for the information are fair

Principle 3 –Adequate, Relevant and Not Excessive Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. Undertake a data audit Review need Dip sample, where appropriate

Principle 4 –Accurate and Up to Date Personal data shall be accurate and, where necessary, kept up to date. Take appropriate steps to ensure accuracy Test new integrated systems with dummy data Ensure records are up-to-date where necessary Dip sample

Principle 5 – Hold for no longer than is necessary Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Use the opportunity to weed systems Consider statutory and business requirements Prepare revised and extended Retention & Disposal Schedules

Principle 6 – Process in Accordance with the Data Subject’s Rights Personal data shall be processed in accordance with the rights of data subjects under this Act. Be aware of what information is held Consider issues around processing likely to cause damage or distress Stop direct marketing if requested. Abide by PECR for electronic marketing Put policies and procedures in place

Principle 7 - Security Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Secure disposal and/or transfer to new authority Data/system compatibility Encryption of all mobile devices Home/mobile working policies

Principle 8 -Transfer outside of EEA Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. If using cloud computing ensure the server is located within the EEA

All Principles:

Learn from others (what not to do)

Department of Justice (NI) £185,000 A monetary penalty notice of £185,000 was served on the Department of Justice (NI) after a cabinet containing details of a terrorist incident was sold at auction.

London Borough of Lewisham £70,000 CMP A CMP of £70,000 was imposed on the Council after a social worker left sensitive documents in a plastic shopping bag on a train, after taking them home to work on. The files, which were later recovered from the rail company’s lost property office, included GP and police reports and allegations of sexual abuse and neglect.

Aberdeen City Council £100,000 CMP A council employee inadvertently uploaded four documents containing sensitive personal information about children and families on to the internet whilst home-working using an infected second-hand PC. A home working and data protection policy was in place at the time of the breach but the technical measures to assist staff to adhere to it were not provided. The Council was fined £100k.

Contact us: ICO 3 rd Floor 14 Cromac Place Belfast BT7 2JB

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.