• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Keeping Personal and Sensitive Data Securely
 

Keeping Personal and Sensitive Data Securely

on

  • 201 views

Overview of the Data Protection Act 1998 and its implications for research projects. Presentation given by Marion Rosenberg on 24th September 2013 at the London School of Hygiene & Tropical Medicine.

Overview of the Data Protection Act 1998 and its implications for research projects. Presentation given by Marion Rosenberg on 24th September 2013 at the London School of Hygiene & Tropical Medicine.

Statistics

Views

Total Views
201
Views on SlideShare
173
Embed Views
28

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 28

http://blogs.lshtm.ac.uk 27
https://blogs.lshtm.ac.uk 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Keeping Personal and Sensitive Data Securely Keeping Personal and Sensitive Data Securely Presentation Transcript

    • Improving health worldwide www.lshtm.ac.uk Keeping personal and sensitive data securely Marion Rosenberg
    • Agenda  Context and definitions  Risks  Remediation  Conclusions
    • Context  Nature of the organisation  What data?  “Unmanaged...”  data  systems  people
    • Definitions - Data Data means information which - (a) is being processed by means of equipment operating automatically in response to instructions given for that purpose, (b) is recorded with the intention that it should be processed by means of such equipment, (c) is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system, (d) does not fall within paragraph (a), (b) or (c) but forms part of an accessible record as defined by section 68, or (e) is recorded information held by a public authority and does not fall within any of paragraphs (a) to (d).
    • Personal Data ...data which relate to a living individual who can be identified— (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;
    • Sensitive Personal Data ... means personal data consisting of information as to— (a) the racial or ethnic origin of the data subject, (b) his political opinions, (c) his religious beliefs or other beliefs of a similar nature, (d) whether he is a member of a trade union, (e) his physical or mental health or condition, (f) his sexual life, (g) the commission or alleged commission by him of any offence, or (h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
    • Risks  financial  reputational  loss/disclosure of data  loss of future business  loss of collaboration opportunities
    • Remedies  identify/audit what data you handle/process  classify your data  data handling guidelines  education, education, education
    • Conclusions  Identify scope and context  Classify  Policies/procedures - governance  Education and awareness - continuous
    • Everything’s OK then? No! “Officials at the University of California at San Francisco have warned 600 patients that their medical information may have been leaked by a doctor who fell for a phishing scam.” - Dec 2009