1 / 30

Data Protection: What You Need to Know

Data Protection: What You Need to Know. Hi!. Jason Miles-Campbell JISC Legal Service Manager jason.miles-campbell @jisclegal.ac.uk 0141 548 4939 www.jisclegal.ac.uk. jiscleg.al/ DataProtection. Law, ICT and Data Protection. Have you heard of JISC Legal before?. Hello again, Jason

allene
Download Presentation

Data Protection: What You Need to Know

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Data Protection: What You Need to Know

  2. Hi! • Jason Miles-Campbell JISC Legal Service Manager • jason.miles-campbell@jisclegal.ac.uk • 0141 548 4939 • www.jisclegal.ac.uk

  3. jiscleg.al/DataProtection Law, ICT and Data Protection

  4. Have you heard of JISC Legal before? • Hello again, Jason • Yes, fairly often • Yes, used occasionally • Vague acquaintance • What’s that, then?

  5. When it comes to data protection... • I’m confident • I’ve a fair idea • I dabble • I ask others • I hide in the toilet

  6. Data Protection Act 1998 www.ico.gov.uk

  7. Why Comply? • It’s the law • Good business practice • Sets a good example • Confidence • Risk (id theft)

  8. Data Protection Essentials “Data protection ..regimes…do not seek to protect data itself, rather they seek to provide the individual with a degree of control over the use of their personal data” “data privacy regimes do not seek to cut off the flow of data, merely to see that it is collected and used in a responsible and, above all, accountable, fashion” Source: DP Code of Practice for FE and HE i.e. Data Protection law does not prevent using and sharing personal data but .. Criminal Justice and Immigration Act 2008 – gives ICO power to impose fines direct for serious security breaches 9

  9. Understanding Your Duties • Data Subject • Data Controller • Data Processor • Processing

  10. What is Personal Data? • Any information which relates to an identified or identifiable person • Living persons • Must be significant biographical information which affects privacy • Sensitive personal data

  11. The Age of Data Protection From what age does DP apply to protect someone? • From birth • From age 5 • From age 12 • From age 16 • From age 18

  12. The Eight DP Principles 1: fair and lawful2: limited purposes3: adequate, relevant and not excessive4: accurate and current5: no kept longer than necessary6: respect the rights of the individual7: appropriate security8: transfer outside EEA needs adequate protection

  13. Fair and Lawful Processing Fair processing – • A processing notice – transparency • Weighing up interests v privacy • Would you be happy?

  14. Fair and Lawful Processing Lawful processing - To process, a Schedule 2 condition must be met: • Consent • Legitimate interest of the data controller • Fulfilment of a contractual obligation More stringent conditions for ‘sensitive’ personal data

  15. The Age of Data Protection From what age can someone give DP consent? • From birth • From age 5 • From age 12 • From age 16 • From age 18

  16. Security Situations Where are the greatest security risks? • At your desk • On your laptop • On your mobile phone • On the train • At home

  17. Appropriate Security Your PC Your laptop Your mobile phone Your IT infrastructure / VLE Your desk Your rubbish

  18. Important Points When handling personal data in your role: • Purpose: why are you collecting personal data, • Fairness: is the reason fair to the data subject and • Transparency: does the data subject know about it • Security: at an appropriate level of security

  19. Over to you Some Scenarios……..

  20. A parent asks for information on her son’s progress. Do you… • Supply it - nothing wrong in doing this • Supply it – he is under 18 • Withhold it as she should never access it • Withhold it until you have consent of her son

  21. The police ask for information on one of your students. Do you… • Supply it because it’s the police • Supply it only when you know what it’s for and think it is relevant information to the investigation • Never supply it

  22. A student asks his tutor if he can see the reference the tutor wrote for him. Do you • Say no - he has no right to see it under DPA • Say yes – he is entitled under DPA to see it • Not sure so seek help before replying

  23. The College decides to retain all emails for a period of 10 years. Is this in line with the DPA? • Yes • No • Maybe • Can I phone a friend?

  24. A member of staff clicks the wrong email group and instead of sending to relevant tutors, sends info relating to student health issues to other students. • The College is liable for the breach • There is no liability, it was an accident, not deliberate • The member of staff is liablenot the College

  25. What security should be on mobile devices holding personal data? • Password protection and encryption • None as only used on College premises • It depends on the type of information

  26. What should you know? • Where the DP policy is, how to access it and its contents • Have awareness of DP and how it may affect students, staff etc. • That what you’re doing is covered by the data protection notice to students, staff etc. • How to store/share personal information on and off campus • How to keep personal information secure(mobiles, social networking) • Where to get help

  27. Sources of help • Your institution’s DP officer • Your institutional policies and procedures • info@jisclegal.ac.uk and www.jisclegal.ac.uk (code of practice)

  28. Next steps? • Go back and say well done! • Start a conversation with management • Re-write a few policies • Monitor what’s in place already • Get further support • Point at someone else and say ‘his problem!’ or ‘her problem!’

  29. ? Questions and Follow Up http://jiscleg.al/sgm 3pm Friday www.jisclegal.ac.uk info@jisclegal.ac.uk 0141 548 4939

More Related