Presentation is loading. Please wait.

Presentation is loading. Please wait.

© University of Reading 2007 www.reading.ac.uk/data_protection Lee Shailer 06 June 2016 Data Protection the basics.

Published byScot Rodgers Modified over 8 years ago

Similar presentations

Presentation on theme: "© University of Reading 2007 www.reading.ac.uk/data_protection Lee Shailer 06 June 2016 Data Protection the basics."— Presentation transcript:

1 © University of Reading 2007 www.reading.ac.uk/data_protection Lee Shailer 06 June 2016 Data Protection the basics

2 2 Data Protection (DP) objectives Why DP is important? Overview of the Act (the basics) Help/support

3 3 Data Protection: why is it important? Privacy a fundamental right in Human Rights Act Costs of unfair processing - Identity theft - ‘Information injustice’ – social networking sites and jobs - Brandon Mayfield - Personnel Security breaches – HMRC, MOD Individuals (data subjects) have strong rights under the Act which cost the University Individuals will complain if the University gets it wrong – media, decision notices

4 4 Data Protection: overview DP Act 1998: came into full effect in March 2000. Regulates of processing of personal data relating to living individuals who can be identified from the information. Basic aim of the Act: to balance the rights of individuals to privacy with the legitimate interests of organisations in processing personal data Scope of the Act very wide: covers all processing. The proliferation of data, particularly electronic, means many media covered – emails, PDAs, CCTV, photographs, etc

5 5 Data Protection: key terms Data…. Recorded electronic or manual information Personal data …is data that: - relates to a identifiable living individual - has the living individual as the main focus - is of ‘biographical significance’ to the individual This includes opinions about them and other peoples’ intentions towards them. Personal data can take many forms…..egs Data processing …all aspects of data handling Data controller …is the organisation (term can apply to employees) who determines the manner and purposes of processing Sensitive personal data …. trade union membership, religious beliefs, sexual life, political opinions, criminal history, health

6 6 Data Protection: the Act itself From the University’s point of view the main requirements are: 1. - To comply with 8 DP principles 2. - To comply with data subject rights in the DP Act 3. - To notify the Information Commission of its processing

7 7 1. Data protection principles 8. Personal data not to be transferred outside EEA without protection 7. Appropriate technical and organisational measures shall be taken to prevent unauthorised processing and loss, destruction or damage to that personal data (a challenge to comply, ie home working?) Explanation of 7 th Principle – the University must: - Have a regard to technological developments to ensure a level of security appropriate to: - Harm that might result from unauthorised processing - The nature of the data to be protected - Take reasonable steps to ensure reliability of employees - Data processors must operate under written contract and ‘reasonable steps’ must be taken to ensure compliance

8 Data protection principles (cont.) 6.Processed in accordance with the rights of the data subject 5.Kept only for so long as is necessary for the specified purpose 4.Accurate (people complain about inaccuracy!) 3.Adequate, relevant and not excessive (Do not collect more than you need!) 2.Obtained and processed for limited purposes 1. Processed fairly and lawfully. This means: - Issue a fair collection notice at the time of collection - meeting one condition of processing, ie Schedule 2 8

9 9 1. Schedule 2 – conditions for processing 1. Consent Or it is necessary for: 2.Contract 3.Legal obligation 4.Vital interests 5.Justice or Crown or Government 6.‘The balancing act’ - Legitimate interests of data controller/Third parties, but not prejudice rights of individual

10 10 1. Exemptions DP principles apply to all processing and all personal data unless exemption applies. Examples include:  References  Crime and taxation (prejudice test)  Journalism  Research  Examination marks and scripts  Domestic purposes  Legal professional privilege

11 11 2. Data subject rights Accuracy –ensure their personal data is accurate Prevent processing likely to cause damage or distress Seek compensation For no 3rd party access Access to their personal data (subject access request) – Data Protection Officer must answer within 40 days – Offence to destroy ‘stuff’ after a request is received – Requests must be received in writing – Identity of individual must be identified – Maximum of £10 charged

12 12 3. Notification to IC As a data controller, the University of Reading must: Notify the IC on what personal data it is processing and keep this up to date (given the complexity and size of the University with its semi-autonomous) Schools/Offices this is quite a big operation Declare a Data Protection Officer Be compliant with the Data Protection act

13 13 DP enforcement Information Commissioner is responsible for enforcement for DP (and also Freedom of Information FOI and Environmental Information Regulations (EIR)) What does the IC do? ‘….is the UK's independent authority set up to promote access to official information and to protect personal information’

14 14 DP Help Data protection is complex. Any data protection issue or concern you have talk it through with IMPS. Remember: it is best to check *before* processing IMPS network Online training modules - http://www.icr.ac.uk/icre8/org/Courses/reading/reading_dpa/html/ http://www.icr.ac.uk/icre8/org/Courses/reading/reading_dpa/html/ IMPS contact details: Lee Shailer, imps@reading.ac.uk, Ext 8981imps@reading.ac.uk www.reading.ac.uk/data_protection www.reading.ac.uk/foi

15 © University of Reading 2007 www.reading.ac.uk/data_protection Lee Shailer 06 June 2016 Data Protection the basics

Download ppt "© University of Reading 2007 www.reading.ac.uk/data_protection Lee Shailer 06 June 2016 Data Protection the basics."

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Data Protection Act 1998. Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.

Data Protection Act Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.

Similar presentations

Ads by Google