Introduction to data protection
Sponsored Links
This presentation is the property of its rightful owner.
1 / 28

Introduction to Data Protection PowerPoint PPT Presentation


  • 101 Views
  • Uploaded on
  • Presentation posted in: General

Introduction to Data Protection. Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do. Main Points.

Download Presentation

Introduction to Data Protection

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Introduction to Data Protection

Training prepared by Geoff Webb

Information Security & Governance Consultant

Data Protection isn’t a choice, it’s the law

What all CPH staff must do

DPA Presentation v3


Main Points

Person Identifiable Data (PID) - the information that would enable a person’s identity to be established

DPA Presentation v3


Person Identifiable Data (PID)

The term applies to a combination of some of the following data items wherever it/they may appear and irrespective of the name of any data field in which it/they may appear, allowing that patient to be identified:

Name - including last name and any forename or aliases

Address – including any current or past address of residence

Postcode - including any current or past postcode of residence

Telephone number

Date of birth

NHS number

Ethnic category

Local Patient identifier

Hospital Encounter number

Patient pathway identifier

SUS spell ID

Unique booking reference number

Date of death

DPA Presentation v3


Main Points

Person Identifiable Data (PID) - the information that would enable a person’s identity to be established

Security and confidentiality of PID

DPA Presentation v3


  • Security and confidentiality of PID

Keep it safe

Don’t let someone else have it

Don’t give someone’s secrets away

DPA Presentation v3


  • Security and confidentiality of PID

Why not?

The Data Protection Act is the law that protects us against illegal and inappropriate use of our personal information without our consent, and the same applies to us using the information of others

DPA Presentation v3


  • Data Protection Act Principles

Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

Fairly and lawfully processed

Processed for limited purposes

Adequate, relevant and not excessive

Accurate and up to date

Not kept for longer than is necessary

Processed in line with your rights

Secure 

Not transferred to other countries without adequate protection

DPA Presentation v3


Main Points

Person Identifiable Data (PID) - the information that would enable a person’s identity to be established

Security and confidentiality of PID

The need to identify individual data subjects

DPA Presentation v3


  • The need to identify individuals

Do you really need to know who they are?

If so, they must give informed consent

Anonymisation and Pseudonymisation

DPA Presentation v3


  • Reasons to be careful – part 1

Data Protection Act

Civil Rights

Freedom of Information

DPA Presentation v3


  • Reasons to be careful – part 2

Information Commissioner’s Office (ICO)

Wrath of the ICO

Legal and Financial penalties

DPA Presentation v3


  • Data Protection Act and the ICO

If we breach any of the DPA Principles, the ICO can impose heavy financial penalties, up to £500,000 a time.

If a person thinks that we are not doing all we should with their personal data they can ask the ICO to investigate. The ICO will arrive unannounced and will carry out a stringent audit on all our processes for handling Personal Data.

DPA Presentation v3


  • What can you do?

Information Security

Maintain Confidentiality

Always keep on the right side of the law

DPA Presentation v3


  • Information Security

Electronic data security

Physical security

What to watch out for

DPA Presentation v3


  • Maintain Confidentiality

Don’t gossip

DPA Presentation v3


  • Stay safe online

What’s at risk?

Personal information

Corporate information

DPA Presentation v3


  • Stay safe online

Source of risk?

Virus writers

Email attachments

Software

DPA Presentation v3


  • Stay safe online

Types of risk?

Worms

Trojan Horses

Botnet

Phishing

DPA Presentation v3


  • Stay safe online

Types of risk?

Worms

Trojan Horses

Botnet

Phishing

DPA Presentation v3


  • Stay safe online

If you click on My Account Activityyou will go to somewhere quite unexpected

Types of risk?

Worms

Trojan Horses

Botnet

Phishing

DPA Presentation v3


  • Stay safe online

Can you avoid the risk?

DPA Presentation v3


  • Stay safe online

Can you avoid the risk?

Not really

DPA Presentation v3


  • Stay safe online

Can you avoid the risk?

Not really

Damage limitation

DPA Presentation v3


  • Stay safe online

Can you avoid the risk?

Not really

Damage limitation

Use Encryption

DPA Presentation v3


  • Stay safe online

Avoid being the risk

Email protocol

Using social media

Follow the rules

DPA Presentation v3


  • Stay safe online

What if you are targeted?

SPAM

Suspected Malware

You said something you shouldn’t have

DPA Presentation v3


  • Stay safe online

What you need to do

Think before you Send

Don’t fall for hoaxes

Take care with social media

DPA Presentation v3


  • Always keep on the right side of the law

Finally

If a process isn’t intuitive, use a Checklist

Know where the Policies, Procedures and Guidelines are stored

When in doubt, ask!

DPA Presentation v3


  • Login