2014 dpa training february nn

608 views
463 views

Published on

Data Protection Training presentation for work. A consistent 7/7 from audience on presentation and slides. The presentation covers the 8 principles of the Act and describes the roles and responsibility of staff.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
608
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
22
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • .
  • 2014 dpa training february nn

    1. 1. Data Protection Training Session Information Management Team February 2014
    2. 2. Table of Contents Section 1 Introduction: how the Act works Section 2 Definitions Section 3 The 8 Principles of the DPA Section 4 Your responsibilities Section 5 Additional information 2
    3. 3. Your take aways • Know the 8 principles • Know your role and responsibilities. 3
    4. 4. The Legal Framework Our use of information is governed by a range of laws principally: • The Data Protection Act • The Freedom of Information Act • Common Law Duty of Confidence You need to know how • Human Rights Act these laws affect you! 4
    5. 5. 5
    6. 6. What is the Data Protection Act? 6
    7. 7. How the Act Works As a “data controller” , you have to follow the eight principles so you protect the rights of individuals also known as “data subjects”. The principles cover how you work with personal data and sensitive personal data. 7
    8. 8. SECTION TWO: DEFINITIONS 8
    9. 9. What is personal Information? Personal information is defined broadly and has two criteria: First. It must relate to a living person. The dead do not have data protection rights. The living relatives will have a right to privacy and confidentiality. Second, the person must be identifiable – either from the information itself or from the information plus other information which the data controller either possesses or is likely to possess in the future The definition of personal data includes any expression of opinion about the data subject. 9
    10. 10. What is Sensitive Personal Data? Sensitive personal information is defined by the Act. It covers the following areas: Race ethnic origin Criminal records (including CRB checks) Membership of a trade union Medical records (such as sickness absence) Political opinions Religious, or similar beliefs Sexual life, for example, a person’s sexual orientation In most cases explicit consent is needed before these can be used but other conditions may apply. 10
    11. 11. What is a Data Subject A data subject is any living individual who is the subject of personal data. 11
    12. 12. What is a data controller An organisation, or an individual, is a data controller if it has full authority to decide how and why personal data is to be “processed” . When an organisation uses personal data or shares it with another organisation, it is acting as a data controller. Please note that an employee working for an organisation can never be a data controller. 12
    13. 13. What is processing? 13
    14. 14. SECTION 3 THE 8 PRINCIPLES 14
    15. 15. • If you learn nothing else on Data Protection, remember the following slide and you’ll probably be OK 15
    16. 16. The 8 Data Protection Principles 1. 2. 3. 4. 5. 6. Fairly and lawfully processed Processed for limited purposes. Adequate, relevant and not excessive Accurate and up to date Not kept for longer than is necessary. Processed in line with the rights of the data subject. 7. Stored and processed securely. 8. Not transferred to countries without adequate protection. 16
    17. 17. Principle 1: Fair and Lawful 17
    18. 18. Principle 2. Processed for limited purposes 18
    19. 19. Principle 3. Adequate, relevant, not excessive 19
    20. 20. Principle 4 Accurate 20
    21. 21. Principle 5 Not kept for longer than is necessary. 21
    22. 22. Principle 6 Rights of Data Subjects 22
    23. 23. Principle 7 Secure • VS 23
    24. 24. Principle 8 24
    25. 25. Video Break http://www.youtube.com/watch?v=CdYWoLC7TNI&feature=youtu.be 25
    26. 26. SECTION 4 YOUR RESPONSIBILITIES 26
    27. 27. Responsibilities • • • • Subject Access Requests Security of information Records management Sharing information 27
    28. 28. Subject Access requests • What is a SAR? • What do you need to do? • Educational Record • Third Party Data • Confidentiality 28
    29. 29. Security of Paper records 29
    30. 30. Records management 30
    31. 31. Sharing information 31
    32. 32. SECTION 5 CONTACT INFORMATION 32
    33. 33. Who to contact? Information Commissioner’s Office 0303 123 1113 Information Management Team 03000 268 035 33

    ×