Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Published byEvelyn Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011."— Presentation transcript:

1 Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011

2 The role of the ICO Enforce and regulate: –Data Protection Act –Freedom of Information Act –Environmental Information Regulations –Privacy and Electronic Communications Regulations Provide information to individuals and organisations Adjudicate on complaints Promote good practice

3 About the ICO 206,585 – calls to our helplines 339,298 – organisations notifying 29,685 – data protection cases closed 4,369 – freedom of information cases closed Public awareness of data protection rights 89% Public awareness of freedom of information rights 84%

4 The data protection principles 1.Fair and lawful processing 2.Specified purposes 3.Personal data shall be adequate, relevant and not excessive 4.Accurate and up to date 5.Personal data shall not be retained longer than is necessary 6.Individuals have rights 7.Appropriate technical and organisational measures to secure the personal data 8.No transfer outside of the European Economic Area except where there is adequate protection at destination.

5 ANPR data– personal information? Identifiable information: vehicle keeper identified by the VRM and other “readily available” information Useful tool in detecting and preventing crime, public safety, managing car parks and traffic Limited consequences for most people But tracking vehicle movements of huge numbers of people who have done nothing wrong brings data protection responsibilities

6 ICO’s CCTV code of practice Data Protection Act applies to images of individuals or information derived from images related to them (eg VRMs) Covers UK, all sectors Helps CCTV operators comply with legal obligations Focus on data protection Education – intervene/enforce where risks high. Monetary penalties for serious breaches

7 ANPR data: data protection issues Lack of awareness that often ANPR is personal data Who is the data controller? Fairness - signage Purpose of collecting the data – car park management, prevention and detection of crime, public safety Accuracy of underlying databases – DVLA, hotlists Excessive retention of “reads” Retention of “hits” for DVLA audit purposes Sharing of information eg with police

8 Further CCTV regulation ICO view: Want effective CCTV and ANPR regulation Want to see improved standards Don’t want to see a weakening of data protection standards or a perception that data protection no longer applies to CCTV

9 Protection of Freedoms Bill Surveillance Camera Code Surveillance Camera Commissioner What about data protection? Data Protection Act continues to apply to images of individuals – or information derived from images related to them (eg VRMs) Wider geographic scope - DPA covers UK DPA covers all sectors, public and private space except for domestic use

10 Surveillance camera code Minister has confirmed that ICO remains responsible for data protection Welcome provision in the Bill that Secretary of State has to consult ICO on code Agree clarity and co-ordination are essential Committed to working closely with Surveillance Camera Commissioner

11 Public attitudes to CCTV/ANPR Public trust and confidence – can’t be taken for granted More access requests Expect proper control and fair use Privacy concerns about new proactive technologies

12 Fairness is the key Be honest and open about how you use information Do people understand what you are doing and why? The more unexpected the processing, the more sensitive the data, the more you need to do No surprises

13 Disclosure of information Disclosure of images must be controlled Appropriate to disclose data to law enforcement agencies on case by case basis so as not to prejudice the prevention and detection of crime Release of CCTV images to the media for identification purposes should generally be through law enforcement agencies

14 Data quality Accurate records – fit for the purpose Cleaning up existing information resources such as hotlists Making corrections and informing others e.g. problems caused by cloned plates Compatibility of information-systems, format of names, dob’s etc Common defined retention periods

15 Data sharing code of practice DPA is not a barrier where information sharing is justified, necessary and proportionate DPA provides a framework for sharing in a secure, lawful and reasonable way Limitations and safeguards are essential Vital to get this right with partnerships, multi-agencies, outsourcing Statutory code

16 ICO approach to enforcement New powers and monetary penalties but primary focus is education, awareness, good practice Strengthening public confidence by making it: –easier for the majority of organisations who seek to handle personal information well –tougher for the minority who do not Calling for tougher penalties for people who misuse data and stronger audit powers

17 Getting it wrong Monetary penalty notices –Applicable to serious infringements likely to cause damage or distress –Either deliberate or knew (or should have known) the risks –Failed to take reasonable steps to prevent the contravention –If standards are widely known and used and you are not using them this will stand out

18 Reducing the risk Knowing what information is held – sensitive images? Access – levels of control Data sharing – communication methods Policies and procedures? Staff awareness?

19 Good practice Reducing risk requires: –Leadership - accountability –Assessing what can go wrong (how, how often, how much) –Keep up to date and agile with new technology –See staff not just as a vulnerability but also as a first line of defence

20 www.twitter.com/iconews Keep in touch Subscribe to our e-newsletter at www.ico.gov.uk or find us on…

Download ppt "Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011."

Similar presentations

NATIONAL INFORMATION GOVERNANCE BOARD

NATIONAL INFORMATION GOVERNANCE BOARD
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date: 09.07.14.

BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
Big Data and data protection

Big Data and data protection
Data Protection and Records Management

Data Protection and Records Management
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The Data Protection Act

The Data Protection Act
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
How the Information Commissioner’s office operates as a regulator David Smith Deputy Information Commissioner.

How the Information Commissioner’s office operates as a regulator David Smith Deputy Information Commissioner.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Working together: Ensuring effective regulation Jonathan Bamford Head of Strategic Liaison.

Working together: Ensuring effective regulation Jonathan Bamford Head of Strategic Liaison.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

Similar presentations

Ads by Google