Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Slides:



Advertisements
Similar presentations
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Advertisements

Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.
Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.
Confidentiality & Records Management. What is Information Governance? What is Records Management?
The Data Protection (Jersey) Law 2005.
Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do 17/07/2013.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Higher Administration and IT Administrative Practices.
Health and Safety Legislation
Session 3 – Information Security Policies
Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
Implementation of Security and Confidentiality in GP Practices.
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
Handling information 14 Standard.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Care.Data an ICO Update EMIS National User Group Conference East Midlands Conference Centre Nottingham 3 rd October 2013 Lynne Shackley Lead Policy Officer.
The Data Protection Act 1998 The Eight Principles.
Professional Values and Basic Business Legislation.
ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.
Investigating Rights and Responsibilities at work
Data Protection: What You Need to Know Shauna Dunlop 1 July 2015.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
What is personal data? Personal data is data about an individual which they consider to be private.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Everyone has a duty to comply with the Act, including employers, employees, trainees, self-employed, manufacturers, suppliers, designers, importers of.
The health and safety act was introduced to protect the welfare of people of the workplace. Before being introduced in 1974 it was estimated that 8.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
ICT and the Law: We are going to look at 3 areas.  The Copyright, Design, and Patents Act controls Illegal Copying  The Computer Misuse Act prevents.
Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Session 1 An introduction to compliance. 1 Contents The compliance maze OFR and SRA Handbook Cost of compliance COLP and COFA Compliance arrangements.
Session 8 Confidentiality and disclosure. 1 Contents Part 1: Introduction Part 2: The duty of confidentiality Part 3: The duty of disclosure Part 4: Confidentiality.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Information Systems Unit 3.
Session 9 Conflicts of interest. 1 Contents Part 1: Introduction Part 2: Conflicts of interest Part 3: Safeguarding confidentiality Part 4: Standard conflict.
Session 13 Cyber-security and cybercrime. Contents  What’s the issue?  Why should we care?  What are the risks?  How do they do it?  How do we protect.
INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.
Data Protection Philip Reed. Introduction What is data? What is data protection? Who needs your data? Who wants your data? Who does not need your data?
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
Data protection—training materials [Name and details of speaker]
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.
Lone Working – Good Practice Marie Foster Early Years Safeguarding Officer.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Understanding Privacy An Overview of our Responsibilities.
Understanding Privacy An Overview of our Responsibilities.
Education Update Data Protection
Explaining strategies to ensure compliance with workplace legislation
Outsourcing Policy & Procedures
Learning objective Understand how to safeguard children in relation to legislation, frameworks, policies and procedures. Identify current.
CISI – Financial Products, Markets & Services
Data Protection and Confidentiality
Privacy principles Individual written policies
Data Protection Act.
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
EU Directive 95/46/EC (Paragraph 2) “Whereas data-processing systems are designed to serve man; whereas they must Respect their fundamental rights.
GDPR - Individual’s Rights
Pam Millington Area 4 co-ordinator
MyHR and Data Protection
G.D.P.R General Data Protection Regulations
Unit 7 – Organisational Systems Security
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulations 2018
Handling information 14 Standard.
Presentation transcript:

Session 12 Information management and security

1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part 4: IT system management and development Part 5: Failure to comply and reporting breaches Part 6: Summary

2 Introduction Part 1

3 Introduction The purpose of our policy on information management and security is to: protect against breaches protect information assets and IT facilities support our data protection policy increase awareness of our requirements of information security

4 Application of the policy All staff must ensure: information is accurate information is kept confidential data security breaches are reported

5 Legal and regulatory responsibilities Part 2

6 Legal and regulatory responsibilities Data Protection Act 1998 SRA Code of Practice 2011 confidential and with consent only for authorised purposes adequate, relevant and not excessive not held for longer than necessary client confidentiality disclosure only as required or permitted by law or the client consents

7 Our procedures Part 3

8 Our procedures Information management Human resources information Access to offices and filesComputers and IT

9 Our procedures (cont) Backup of data Communication and transfer Home working International transfer

10 IT systems and development Part 4

11 How is the IT system managed? Suitably trained staff Authorisation process New system proposed will undergo risk assessments Software and applications are managed daily Staff are not permitted to install any software on their computer or other equipment supplied by the firm without the consent of the IT Manager

12 Failure to comply and reporting breaches Part 5

Insert company name/logo 13 Failure to comply and reporting breaches Failure to comply: puts both you and the firm at risk may lead to disciplinary action possibly resulting in dismissal An actual or potential breach of policy: should be reported according to the compliance failure policy

14 Summary Part 6

15 Summary The information and security policy applies to all staff You must comply with the policy when handling different types of information You are obliged to report an actual or potential breach of the information and security policy Failure to comply with the policy may lead to disciplinary action and/or dismissal

16 Final comments Any questions? to Update your training records in Compliance Manager

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.