Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Published byLillian Marsh Modified over 10 years ago

Similar presentations

Presentation on theme: "Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues."— Presentation transcript:

1 Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

2 Centre for IT & Law, University of Bristol Knowing what we know… Development of LLR/ePortfolio systems will inevitably increase personal data holdings and electronic transfers between institutions Development of LLR/ePortfolio systems will inevitably increase personal data holdings and electronic transfers between institutions DP law will require institutions to meet certain standards with regard to that processing. DP law will require institutions to meet certain standards with regard to that processing. Institutions (and groups of institutions) need to understand the: Institutions (and groups of institutions) need to understand the: –purposes, nature and scope of their processing –flows of data within the LLR/ePortfolio system –appropriate administrative & technical responsibilities –legal relationships arising from those responsibilities.

3 Centre for IT & Law, University of Bristol The Data Protection Principles Personal data shall be: Personal data shall be: –processed fairly and lawfully & only if certain conditions are met (Schedules 2 & 3 DPA); –obtained only for specified & lawful purposes; –adequate, relevant and not excessive. –accurate and, where necessary, kept up to date. –kept for no longer than is necessary. –processed in accordance with data subjects rights. –protected against unauthorised or unlawful processing & accidental loss, destruction, or damage. –only transferred to non-EEA countries ensuring an adequate level of protection.

4 Centre for IT & Law, University of Bristol Planning Compliance Build compliance into the planning/design process. Build compliance into the planning/design process. –Proposed uses of personal data –3 rd parties from whom data may be received –3 rd parties to whom data may be transferred –Risks identified & institutional responses documented. Institutional data protection officers should always be involved in this process – notification. Institutional data protection officers should always be involved in this process – notification. Later changes to the system, technical & administrative, should also be reviewed and DP implications documented before implementation Later changes to the system, technical & administrative, should also be reviewed and DP implications documented before implementation

5 Centre for IT & Law, University of Bristol Mapping a System - UEO I Identifying the data protection actors Identifying the data protection actors Identifying proposed purposes for data transfers and processing Identifying proposed purposes for data transfers and processing Determining data protection roles Determining data protection roles Considering categories of personal data to be processed/transferred Considering categories of personal data to be processed/transferred Identifying personal data that is sensitive personal data Identifying personal data that is sensitive personal data

6 Centre for IT & Law, University of Bristol Mapping a System - UEO II Determining which processing conditions might justify the processing/transfer Determining which processing conditions might justify the processing/transfer Choosing processing conditions Choosing processing conditions Dealing data subject consent Dealing data subject consent Determining when collection notices should be provided to data subjects Determining when collection notices should be provided to data subjects Dealing with data subject access Dealing with data subject access

7 Centre for IT & Law, University of Bristol Mapping a System - UEO III Plotting necessary contractual agreements between data protection actors Plotting necessary contractual agreements between data protection actors Considering necessary administrative documentation Considering necessary administrative documentation Plotting the necessary institutional infrastructures Plotting the necessary institutional infrastructures Identifying probable information dissemination and training needs Identifying probable information dissemination and training needs

8 Centre for IT & Law, University of Bristol Lessons from the UEO Example Most FE/HE institutions will be largely compliant with DP obligations as regards internal learner records/ePortfolio systems Most FE/HE institutions will be largely compliant with DP obligations as regards internal learner records/ePortfolio systems Problems are likely to arise where PD is transferred between institutions, if data controller staff are not clear what conditions attach to its processing Problems are likely to arise where PD is transferred between institutions, if data controller staff are not clear what conditions attach to its processing One key element of the mapping process is to identify responsibility and liability – see also the NIIMLE project. One key element of the mapping process is to identify responsibility and liability – see also the NIIMLE project. The other key element is ensuring that the rights of data subjects are adequately protected – a system that data subjects dont trust to protect their personal data is unlikely to be used effectively. The other key element is ensuring that the rights of data subjects are adequately protected – a system that data subjects dont trust to protect their personal data is unlikely to be used effectively.

9 Centre for IT & Law, University of Bristol Processes and Practices Creating processes for DP compliance is relatively straightforward Creating processes for DP compliance is relatively straightforward Ensuring that staff practice conforms with those processes is perhaps more difficult Ensuring that staff practice conforms with those processes is perhaps more difficult Proper process utilisation may require other institutional changes – employment contract clauses, information audit, compulsory training Proper process utilisation may require other institutional changes – employment contract clauses, information audit, compulsory training Both processes and practice will require re- evaluation on a regular basis, as technologies and data subject expectations evolve. Both processes and practice will require re- evaluation on a regular basis, as technologies and data subject expectations evolve.

Download ppt "Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues."

Similar presentations

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya

TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.

Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.
Training on Data Protection Roles of the Data Protection Office.

Training on Data Protection Roles of the Data Protection Office.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Implementation of Security and Confidentiality in GP Practices.

Implementation of Security and Confidentiality in GP Practices.
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.

EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.

Computers, the law and ethics  Lesson Objective: Understand some of the legal & ethical issues in developing computer systems  Learning Outcome: Know.

Similar presentations

Ads by Google