7062664 Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.

Slides:



Advertisements
Similar presentations
Preventing Infringement of Intellectual Property (IP) Rights in the Workplace Awareness raising to how to prevent infringement within [business name] September.
Advertisements

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Confidentiality & Records Management. What is Information Governance? What is Records Management?
The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
The Data Protection Act
Data Protection Act. Lesson Objectives To understand the data protection act.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Information Assurance and Information Sharing IMKS Public Sector Forum 7 February 2011 Clare Cowling, Senior Information Governance Adviser Transport for.
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
Handling information 14 Standard.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.
The Data Protection Act 1998 The Eight Principles.
Information Management in FSS: A Legal Perspective Paul Hinton Ian Mason Barlow Lyde & Gilbert LLP 17 September 2009.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
Data Protection: What You Need to Know Shauna Dunlop 1 July 2015.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
The Data Protection Act [1998]
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
Information Management in Telco: A Legal Perspective Sheila Tormey Barlow Lyde & Gilbert LLP Ronan Lupton Barrister at Law 17 September 2009.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.
INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.
Data Protection and research Rachael Maguire Records Manager.
DATA PROTECTION ACT (DPA). WHAT IS THE DATA PROTECTION ACT?  The Data Protection Act The Data Protection Act (DPA) gives individuals the right.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Data protection—training materials [Name and details of speaker]
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Commissioning Services: with the DPA in mind South Yorkshire Information and Data Sharing Group Sheffield 14 th August 2014 Lynne Shackley Lead Policy.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Information Management in Government: A Legal Perspective
CISI – Financial Products, Markets & Services
Data Protection The Current Regime
General Data Protection Regulation
GDPR Road map to Compliance.
GENERAL DATA PROTECTION REGULATION (GDPR)
G.D.P.R General Data Protection Regulations
Data Protection and Running a Compliant Pub Watch SCHeme
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulations 2018
Getting Ready For GDPR Simon Marks Director
GDPR what do we need to do?
Presentation transcript:

Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009

Information Management Information is a key asset of every business Technology has revolutionised our ability to access, create, store, search and communicate information Information Management is in its infancy and lagging behind technological development “the stone age was marked by man's clever use of crude tools; the information age, to date, has been marked by man's crude use of clever tools”

,000 1,500 2,000 2,500 3,000 3, ,000 4,500 8,000 10,000 6,000 Storing up trouble…

Inside of an IT storage system

Why is this a problem? The acquisition of and failure to discard, possessions that are useless or of limited value due to a fear of losing things perceived to be important. = “PATHOLOGICAL HOARDING DISORDER”

Law and Information Management IPRs DPA Others e.g DDA, Confidence etc

Data Protection Act Data Protection Act 1998 EC Directive – EEA wide application Policed in the UK by the ICO Protects ‘personal data’ – electronic mainly (but also paper in some cases) ‘data controllers’ must ‘process’ in accordance with the DPA ‘data subjects’ get a number of rights under the DPA Establishes “Principles” to abide by

The Data Protection Principles Adequate, relevant and not excessive Accurate and up to date Rights for Data Subjects under the Act Specific purpose Not kept longer than necessary Technical and organisational measures EEA “fairly and lawfully processed”

Consequences of breaching DPA Reputational damage Fines Criminal offences ICO increasing policing and enforcement and taking a harder line

5 Key Legal Impacts 1.Security/confidentiality obligations 2.What information can/must be stored 3.Exploitation of information 4.Who has a right to access information 5.Dealing with 3 rd parties

1. Security/Confidentiality Common law confidentiality Contractual – agreed standards Data Protection Act – Principle 7 Applicable IT standards “keeping up to date” - adequate technical and organisational (= security) measures – e.g. BS Practical measures and security standards

2. What Can/Must Be Stored 800+ specified retention periods fixed by statute/common law VAT records 6 years Contractual claims 6 years (12 years if a deed) Data Protection Act Processing fairly and lawfully Adequate and not excessive Accurate and up to date Not for longer than necessary IPRs

3. Exploitation of Information Copyright Arising automatically in original works Lasts for a set number of years Generally owned by creator – (including ‘employer’) Database rights Arises where "substantial investment" in obtaining, verifying or presenting the contents of the database Owned by the maker Data Protection “fairly and lawfully”

4. Who has a right to access? Confidentiality – who can it be given to? DPA Fairly and lawfully processed EEA Subject Access Request Litigation – duty to provide even if detrimental Regulatory investigation

5. Dealings with 3 rd Parties See 1. to 4. above: Security Storage Exploitation Access DPA issues need to be dealt with explicitly in contracts Liability/Indemnity/Insurance Right to audit/access and have information returned Information management policies

Specific retail issues (1) Customer lists Marketing Credit card details Dealing with consumers – “UCTA” and B2C contracts Customer retention / media - e.g. TK Maxx

Specific retail issues (2) Online retailing – data in transit, Distance Selling Regs Standards – ISO, PCI, “good industry practice” Levels of encryption and security procedures Good for your business – marketing and practical risk reduction Do your suppliers comply with these standards?

Information is your greatest asset, but also your biggest risk... Not just the Data Protection Act 1998 There is no “magic bullet” solution A multi-faceted approach is needed: Contractual and legal protections IT security and solutions Practical policies and procedures

Policies Make it an employee issue not a corporate problem: Written documents that explains practical day-to-day procedures and rules for use of the data (including communications, storage, passwords, access, home working etc etc) Provided to all employees who have to sign and comply with them (part of employment / outsourcing contract) Will reduce the real risk of a leak occurring Will increase chances of compliance with law and regulation Will reduce liability Significantly improves PR damage

Spot the difference if lost….. and A B

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.