Presentation is loading. Please wait.

Presentation is loading. Please wait.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

Published byEmma Osborne Modified over 8 years ago

Similar presentations

Presentation on theme: "Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office."— Presentation transcript:

1 Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office 2 December 2014

2 Contents Local Government Reorganisation Data Protection Principles Meeting the Principles

3 Local Government Reorganisation Super Council Existing powers New organisation

4 Local Government Reorganisation Super Council Planning Urban Regeneration / Community Development Community Planning Economic Development & Tourism Housing Regulation Off-street Parking Historical Buildings Transferred powers New organisation

5 Data Protection Principles The DPA is underpinned by a set of eight straightforward, common sense principles that organisations should follow. They state that personal data should be: 1) Processed fairly and lawfully 2) Processed for specified purposes 3) Adequate, relevant and not excessive 4) Accurate and up to date 5) Held for no longer than is necessary 6) Processed in accordance with the rights of individuals 7) Kept secure 8) Transferred outside the EEA only with adequate protection

6 Principle 1 – Fair and Lawful Processing Personal data shall be processed fairly and lawfully Register with the ICO Inform service users of forthcoming change……. …………..and again after reorganisation Have Retention and Disposal Schedules approved

7 Principle 2 – Processing for Specified Purposes Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. Review Privacy Policies Integrate where appropriate Ensure any new uses for the information are fair

8 Principle 3 –Adequate, Relevant and Not Excessive Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. Undertake a data audit Review need Dip sample, where appropriate

9 Principle 4 –Accurate and Up to Date Personal data shall be accurate and, where necessary, kept up to date. Take appropriate steps to ensure accuracy Test new integrated systems with dummy data Ensure records are up-to-date where necessary Dip sample

10 Principle 5 – Hold for no longer than is necessary Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Use the opportunity to weed systems Consider statutory and business requirements Prepare revised and extended Retention & Disposal Schedules

11 Principle 6 – Process in Accordance with the Data Subject’s Rights Personal data shall be processed in accordance with the rights of data subjects under this Act. Be aware of what information is held Consider issues around processing likely to cause damage or distress Stop direct marketing if requested. Abide by PECR for electronic marketing Put policies and procedures in place

12 Principle 7 - Security Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Secure disposal and/or transfer to new authority Data/system compatibility Encryption of all mobile devices Home/mobile working policies

13 Principle 8 -Transfer outside of EEA Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. If using cloud computing ensure the server is located within the EEA

14 All Principles:

15 Learn from others (what not to do)

16 Department of Justice (NI) £185,000 A monetary penalty notice of £185,000 was served on the Department of Justice (NI) after a cabinet containing details of a terrorist incident was sold at auction.

17 London Borough of Lewisham £70,000 CMP A CMP of £70,000 was imposed on the Council after a social worker left sensitive documents in a plastic shopping bag on a train, after taking them home to work on. The files, which were later recovered from the rail company’s lost property office, included GP and police reports and allegations of sexual abuse and neglect.

18 Aberdeen City Council £100,000 CMP A council employee inadvertently uploaded four documents containing sensitive personal information about children and families on to the internet whilst home-working using an infected second-hand PC. A home working and data protection policy was in place at the time of the breach but the technical measures to assist staff to adhere to it were not provided. The Council was fined £100k.

19 Contact us: ICO 3 rd Floor 14 Cromac Place Belfast BT7 2JB 0303 123 1114 ni@ico.org.uk www.ico.org.uk ni@ico.org.uk www.ico.org.uk

Download ppt "Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office."

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya

TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The Data Protection Act

The Data Protection Act
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Practical Information Management

Practical Information Management

Similar presentations

Ads by Google