Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data protection & FOIA considerations

Published byKristopher Hamilton Modified over 5 years ago

Similar presentations

Presentation on theme: "Data protection & FOIA considerations"— Presentation transcript:

1 Data protection & FOIA considerations

2 Prevent Statutory duty
Exercise functions with due regard to the need to prevent people being drawn into terrorism.

3 Prevent Terrorism is defined by Terrorism Act 2000 and includes action or threat of action which: Involves serious violence against a person. Involves serious damage to property. Endangers a person's life, other than that of the person committing the action. Creates a serious risk to the health or safety of the public or a section of the public or is designed seriously to interfere with or seriously to disrupt an electronic system.

4 & … Is designed to influence the government or an international governmental organisation or to intimidate the public or a section of the public, and the use or threat is made for the purpose of advancing a political, religious racial or ideological cause. It includes action taken for the benefit of a proscribed organisation. Applies to action taken overseas and in relation to foreign governments.

5 Prevent guidance Extremism is defined as:
Vocal or active opposition to fundamental British values, including democracy, the rule of law, individual liberty and mutual respect and tolerance of different faiths and beliefs. It also includes calls for death for members of the armed forces. Extremism per se is not unlawful unless it amounts, for example, to incitement to violence or to religious/racial hatred.

6 Prevent guidance Challenging extremist ideas.
Preventing transition from extremist groups (lawful) to terrorism? Effective co-operation with Prevent co-ordinators, police etc. Information sharing and provision of support, not covert surveillance. Comply with law on data protection and confidentiality. Where possible obtain consent to share information.

7 General Data Protection Regulation (GDPR)
Balances the individual’s right to privacy with other legitimate interests. Privacy is not an absolute right. GDPR confers on the individual a degree of control over their data. Personal data is not HEIs’ sovereign property to use in ways incompatible with the purposes for which it has been obtained. “Personal data” is any information from which a living person can be identified directly or indirectly. GDPR applies from 25 May 2018.

8 GDPR Religious beliefs or political opinions amount to “special categories of personal data” (ie sensitive). Stricter conditions apply to processing sensitive personal data. Conditions for disclosing include (GDPR Article 9): Individual’s explicit consent. The information has been made public by steps deliberately taken by the individual. To protect the individual’s vital interests where individual physically or legally incapable of giving consent. Legal proceedings Substantial public interest subject to proportionality and safeguards for the individual.

9 GDPR Article 6 conditions for non-sensitive data include:
Consent. To comply with a legal obligation (eg Terrorism Act 2000 – duty to report information of material assistance in preventing terrorism). Vital interests (no qualification) Necessary to perform a task in the public interest Legitimate interests provided no unwarranted intrusion in privacy? Does not apply to public authorities in the performance of their tasks. Non-sensitive personal data – must comply with one condition under Article 6. Special categories of personal data – must comply with two conditions – one from Article 9 and one from Article 6.

10 GDPR Disclosure of personal data must be:
Fair and transparent (reasonably anticipated) Relevant and not excessive (i.e. proportionate). Accurate. Data protection by design and default Accountability (to the individual)

11 GDPR – possible crime exemption
Exemption from most of Data Protection Act where: Disclosure for purpose of: Prevention/detection of crime. Apprehension/prosecution of offenders. Complying with the DPA would be likely to prejudice the above purposes. Exemption does not apply to justification, but usually justified in the public interest. GDPR – exemption not specifically included but member states may make separate provision of it.

12 Confidential information
Must have the necessary quality of confidence. Must not be trivial (not tittle tattle). Must not be in the public domain. Simply labelling information “confidential” is not sufficient.

13 Confidentiality Not an absolute right.
Defence to disclosure in breach of confidence where: Consent of confider. Compulsion of law – no general duty to report a crime. There are some exceptions eg Terrorism Act 2000. Public interest – ie disclosures to the appropriate authorities e.g. preventing crime, correct misleading information.

14 Anxieties Extremism is not automatically unlawful.
HEIs advance understanding and challenge received wisdom. Freedom of speech/expression – includes the right to express and receive shocking and disturbing ideas. Challenge – where is the threshold for reporting to police/Channel/Prevent co-ordinator? Fear of stereotyping and increased scrutiny of particular cohorts.

15 Information-sharing agreements
Protocols. Types of information to be disclosed and when (eg anonymised data, trends and statistics). When specific personal data is disclosed. Cannot contract out of data protection obligations to third parties. Not intended to be a general mechanism for surveillance on behalf of the police.

16 Freedom of Information Act (FOIA)
Right to a copy of information held unless exempt. Exemptions usually subject to public-interest test. Possible relevant exemptions: Prejudice to effective conduct of public affairs. Personal data (if cannot anonymise). Prejudice to commercial interests. Information intended for future publication (absolute). Information reasonably accessible elsewhere. Information supplied by/relating to bodies dealing with security matters (absolute). Law enforcement. Safeguarding national security. Health and safety. Confidential information received from a third party.

17 Case studies

Download ppt "Data protection & FOIA considerations"

Similar presentations

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Data Protection.

Data Protection.
Data Protection and Records Management

Data Protection and Records Management
The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.

The European Union legal framework for clinical data access: The European Union legal framework for clinical data access: potential challenges and opportunities.
Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.

Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
1 OVERVIEW PRESENTATION FREEDOM OF INFORMATION (SCOTLAND) ACT 2002.

1 OVERVIEW PRESENTATION FREEDOM OF INFORMATION (SCOTLAND) ACT 2002.
Exemptions and the Public Interest Test Louise Townsend - Masons.

Exemptions and the Public Interest Test Louise Townsend - Masons.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,

LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.

Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.

Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.

Similar presentations

Ads by Google