Presentation on theme: "CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland."— Presentation transcript:
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland
CENTRAL SCOTLAND POLICE Data Protection? Information Security? What’s the difference??
CENTRAL SCOTLAND POLICE Data Protection Current Requirements Personal Data Processing of that data Data from which a person can be identified, e.g. name, date of birth, reference number, video image Applies to a living individual - the Act itself provides no protection after death but Force policy has an impact.
CENTRAL SCOTLAND POLICE Data Protection Relevant Legislation Data Protection Act 1998 Human Rights Act 1998 Computer Misuse Act 1990 Copyright Designs & Patents Act 1988 Freedom of Information (Scotland) Act 2002
CENTRAL SCOTLAND POLICE Data Protection Act 1998 Registered Purpose – Policing The prevention and detection of crime The apprehension and prosecution of offenders The protection of life and property The maintenance of law and order Rendering assistance to the public Vetting and Licencing Public Safety
CENTRAL SCOTLAND POLICE Data Protection Act 1998 The Act imposes strict conditions on the PROCESSING of personal data “Processing means obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data” i.e. anything we do with the data
CENTRAL SCOTLAND POLICE Data Protection Act 1998 The Eight Data Protection principles Processed fairly and lawfully Only obtained for a specified purpose Data shall be relevant, adequate and not excessive Data shall be accurate and kept up to date Data shall not be kept longer than is necessary Data shall be processed in accordance with rights of data subjects Appropriate measures shall be taken against unlawful or unauthorised processing and against loss, destruction or damage to data Data shall not be transferred outside the EEA unless adequate protection exists for the rights and freedoms of individuals
CENTRAL SCOTLAND POLICE Data Protection Act 1998 Sensitive personal data Racial or ethnic origin Political opinions Religious beliefs or beliefs of a similar nature Membership of a Trade Union Details of physical or mental health Details of sexual life Commission or alleged commission of any offence Details of any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of the court in such proceedings
CENTRAL SCOTLAND POLICE Disclosing Data To Others In general can only be released for a purpose in line with Policing Ask the 3 important questions WHO wants the data? WHY do they want it? WHAT are they going to do with it? If you get it wrong there is a personal liability UNLIMITED FINE
CENTRAL SCOTLAND POLICE Data Protection Individual Rights Any data subject has the right of access to their personal data The data subject has the right to demand the correction or deletion of inaccurate data The data subject has the right to compensation if they have suffered damage or distress SUBJECT ACCESS - £10 fee
CENTRAL SCOTLAND POLICE Data Protection DPO Responsibilities The Data Protection Department Ensures all force systems are compliant Maintains Data Protection Register entries Gives advice and assistance Liaises with other agencies Prepares information sharing protocols AUDITS EVERYONE !
CENTRAL SCOTLAND POLICE Data Protection Responsibility of Users YOU MUST Have a working knowledge of the Act Apply the principles as you work Take notebook entries Ensure the data you are processing is Accurate Relevant Up to date SECURE
CENTRAL SCOTLAND POLICE Data Protection Questions?
CENTRAL SCOTLAND POLICE Information Security Information security is all about protecting Force information from a wide range of risk sources. Information is an asset, and the lifeblood of the Police Service.
CENTRAL SCOTLAND POLICE Threats to Information Security Loss of information - CONFIDENTIALITY Loss of information - INTEGRITY Loss of information – AVAILABILITY C.I.A.
CENTRAL SCOTLAND POLICE Threats come from:- Risk Sources……. Internal – Employees Visitors Partner agency workers Contractors External - Criminals Journalists Information brokers Activists NATURAL DISASTERS
CENTRAL SCOTLAND POLICE Information Security Applies to…. Paper communications Radio & telephone. Conversation. I.T. - Force network, PCs, Laptops, PDAs, magnetic media. Internet & e-mail.
CENTRAL SCOTLAND POLICE Information Security Covers……. I.T. Buildings/vehicles (Physical) Information management Personnel