Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: What You Need to Know.

Published byJeffrey Herbison Modified over 9 years ago

Similar presentations

Presentation on theme: "Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: What You Need to Know."— Presentation transcript:

1 Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: What You Need to Know

2 Slide 2 Hi! Jason Miles-Campbell JISC Legal Service Manager jason.miles-campbell @jisclegal.ac.uk 0141 548 4939 www.jisclegal.ac.uk

3 Slide 3

4 Slide 4 Law, ICT and Data Protection jiscleg.al/DataProtection

5 Slide 5 Have you heard of JISC Legal before? 1.Hello again, Jason 2.Yes, fairly often 3.Yes, used occasionally 4.Vague acquaintance 5.What’s that, then?

6 Slide 6 When it comes to data protection... 1.I’m confident 2.I’ve a fair idea 3.I dabble 4.I ask others 5.I hide in the toilet

7 Slide 7 7 www.ico.gov.uk Data Protection Act 1998

8 Slide 8 Why Comply? 1.It’s the law 2.Good business practice 3.Sets a good example 4.Confidence 5.Risk (id theft)

9 Slide 9 9 9 Data Protection Essentials “Data protection..regimes…do not seek to protect data itself, rather they seek to provide the individual with a degree of control over the use of their personal data” “data privacy regimes do not seek to cut off the flow of data, merely to see that it is collected and used in a responsible and, above all, accountable, fashion” Source: DP Code of Practice for FE and HE i.e. Data Protection law does not prevent using and sharing personal data but.. Criminal Justice and Immigration Act 2008 – gives ICO power to impose fines direct for serious security breaches

10 Slide 10 10 Understanding Your Duties Data Subject Data Controller Data Processor Processing

11 Slide 11 11 What is Personal Data? Any information which relates to an identified or identifiable person Living persons Must be significant biographical information which affects privacy Sensitive personal data

12 Slide 12 The Age of Data Protection 1.From birth 2.From age 5 3.From age 12 4.From age 16 5.From age 18 From what age does DP apply to protect someone?

13 Slide 13 1: fair and lawful 2: limited purposes 3: adequate, relevant and not excessive 4: accurate and current 5: no kept longer than necessary 6: respect the rights of the individual 7: appropriate security 8: transfer outside EEA needs adequate protection The Eight DP Principles

14 Slide 14 14 Fair and Lawful Processing Fair processing – A processing notice – transparency Weighing up interests v privacy Would you be happy?

15 Slide 15 15 Fair and Lawful Processing Lawful processing - To process, a Schedule 2 condition must be met: Consent Legitimate interest of the data controller Fulfilment of a contractual obligation More stringent conditions for ‘sensitive’ personal data

16 Slide 16 The Age of Data Protection 1.From birth 2.From age 5 3.From age 12 4.From age 16 5.From age 18 From what age can someone give DP consent?

17 Slide 17 Security Situations 1.At your desk 2.On your laptop 3.On your mobile phone 4.On the train 5.At home Where are the greatest security risks?

18 Slide 18 18 Appropriate Security Your PC Your laptop Your mobile phone Your IT infrastructure / VLE Your desk Your rubbish

19 Slide 19 When handling personal data in your role: 1.Purpose: why are you collecting personal data, 2.Fairness: is the reason fair to the data subject and 3.Transparency: does the data subject know about it 4.Security: at an appropriate level of security Important Points Important Points

20 Slide 20 Some Scenarios…….. Over to you Over to you

21 Slide 21 A parent asks for information on her son’s progress. Do you… 1.Supply it - nothing wrong in doing this 2.Supply it – he is under 18 3.Withhold it as she should never access it 4.Withhold it until you have consent of her son

22 Slide 22 The police ask for information on one of your students. Do you… 1.Supply it because it’s the police 2.Supply it only when you know what it’s for and think it is relevant information to the investigation 3.Never supply it

23 Slide 23 A student asks his tutor if he can see the reference the tutor wrote for him. Do you 1.Say no - he has no right to see it under DPA 2.Say yes – he is entitled under DPA to see it 3.Not sure so seek help before replying

24 Slide 24 The College decides to retain all emails for a period of 10 years. Is this in line with the DPA? 1.Yes 2.No 3.Maybe 4.Can I phone a friend?

25 Slide 25 A member of staff clicks the wrong email group and instead of sending to relevant tutors, sends info relating to student health issues to other students. 1.The College is liable for the breach 2.There is no liability, it was an accident, not deliberate 3.The member of staff is liable not the College

26 Slide 26 What security should be on mobile devices holding personal data? 1.Password protection and encryption 2.None as only used on College premises 3.It depends on the type of information

27 Slide 27 Where the DP policy is, how to access it and its contents Have awareness of DP and how it may affect students, staff etc. That what you’re doing is covered by the data protection notice to students, staff etc. How to store/share personal information on and off campus How to keep personal information secure (mobiles, social networking) Where to get help What should you know? What should you know?

28 Slide 28 Sources of help Your institution’s DP officer Your institutional policies and procedures info@jisclegal.ac.uk and www.jisclegal.ac.uk (code of practice) info@jisclegal.ac.ukwww.jisclegal.ac.uk

29 Slide 29 Next steps? 1.Go back and say well done! 2.Start a conversation with management 3.Re-write a few policies 4.Monitor what’s in place already 5.Get further support 6.Point at someone else and say ‘his problem!’ or ‘her problem!’

30 Slide 30 ? www.jisclegal.ac.uk info@jisclegal.ac.uk 0141 548 4939 Questions and Follow Up Questions and Follow Up http://jiscleg.al/sgm 3pm Friday

Download ppt "Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: What You Need to Know."

Similar presentations

Basic Principles of GMP

Basic Principles of GMP
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Document #07-2I RXQ.11.4.1 Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.

Document #07-2I RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.
Aviation Security Training Module 4 Design and Conduct Exercise II 1.

Aviation Security Training Module 4 Design and Conduct Exercise II 1.
Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.

Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.

1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
1 ICOTS What weve learned since October 6, 2008. 2 GETTING STARTED.

1 ICOTS What weve learned since October 6, GETTING STARTED.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Using Information at the University University Secretarys Office

Using Information at the University University Secretarys Office
Slide 1 of 20 Don't Make a Legal Ass of Assessment Pecha Kucha 3.30pm RSC Northwest Annual Event 2010 79.

Slide 1 of 20 Don't Make a Legal Ass of Assessment Pecha Kucha 3.30pm RSC Northwest Annual Event
Data Protection webinar: Data Protection & Human Resources

Data Protection webinar: Data Protection & Human Resources
ABC Technology Project

ABC Technology Project
1 Undirected Breadth First Search F A BCG DE H 2 F A BCG DE H Queue: A get Undiscovered Fringe Finished Active 0 distance from A visit(A)

1 Undirected Breadth First Search F A BCG DE H 2 F A BCG DE H Queue: A get Undiscovered Fringe Finished Active 0 distance from A visit(A)

Similar presentations

Ads by Google