In this brief Part 2 introduction to all things data protection, Vicki Bowles looks at issues such as disclosure, BYOD (Bring Your Own Device) and the impact of social media.
3. Legislative framework -
reminder
• Back to basics – key information:
– Who is the data controller?
– What personal data do you have?
– Are you compliant with the principles?
4. Disclosure
• Comply with the first data protection principle:
Personal data shall be processed fairly and lawfully, and in particular,
shall not be processed unless-
– At least one of the conditions in Schedule 2 is met, and
– In the case of sensitive personal data, at least one of the
conditions in Schedule 3 is also met.
5. Disclosure
• What is “fair”?
– How was the information obtained?
– What was the individual told about the
purposes of processing when the information
was obtained?
6. Disclosure
• Schedule 2 conditions:
– Para 1: consent
– Para 2: contracts
– Para 3: compliance with legal obligation
– Para 4: protect vital interest of data subject
– Para 6: Necessary for the legitimate interests
subject to unwarranted prejudice to rights and
freedoms
7. BYOD
• Bring Your Own Device
– Responsibility for breaches
– Level of risk v resources
• No BYOD – low risk/not practical
• You supply the device and control security settings
– medium risk/expensive
• Access limited to certain components of system –
medium/high risk/more practical
• Unlimited access – high risk
8. BYOD
• Have a policy in place:
– Minimum levels of security required
– Expectations re: downloads etc. if your device
• Training
– Do your staff/volunteers understand what they
need to do to secure their device?
– Make your requirements clear
9. Social Media
• Areas of risk:
– Use by your organisation
– Use by your employees/volunteers outside of
work
– Comments made about your organisation
10. Social Media
• Use by you:
– Dedicate necessary resources – reputation
– Be clear on what is and is not acceptable
– “Chain of command” for authorisation
• Use by employees/volunteers:
– Same as BYOD – policy and training
– Important to protect reputation
– WWTDMT?
12. Attributions
Slide 1 Some rights reserved by Symo0
Slide 2 Some rights reserved by giulia.forsythe
Slide 3 Some rights reserved by IntelFreePress
Slide 4 Some rights reserved by MichaelMKenny
Slide 5 Some rights reserved by Mista Bob
Slide 6 Some rights reserved by jk5854
Slide 7 Some rights reserved by adactio
Slide 8 Some rights reserved by justgrimes
Slide 9 Some rights reserved by angermann
Slide 10 Some rights reserved by opensourceway
Slide 11 Some rights reserved by AsGood
12