Legal aspects of incident reporting and data collection fear of the dark
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

Legal aspects of incident reporting and data collection : Fear of the Dark? PowerPoint PPT Presentation


  • 45 Views
  • Uploaded on
  • Presentation posted in: General

Legal aspects of incident reporting and data collection : Fear of the Dark?. Meeting on “ Incident Reporting in Radiotherapy ” 3rd of September – Federal Agency for Nuclear Control. 1. Clear up misunderstanding: scope of our Data Protection Act. Privacy (1). Data Protection (2). …. ….

Download Presentation

Legal aspects of incident reporting and data collection : Fear of the Dark?

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Legal aspects of incident reporting and data collection fear of the dark

Legal aspects of incident reporting and data collection :Fear of the Dark?

Meeting on “Incident Reporting in Radiotherapy”

3rd of September – Federal Agency for Nuclear Control

1


Clear up misunderstanding scope of our data protection act

Clear up misunderstanding:scope of our Data Protection Act

Privacy (1)

Data

Protection (2)

Privacy

Protection of privacy(1) in relation to the processing of personal data (2)


1 privacy article 8 echr art 22 const

1. Privacy: article 8 ECHR – art. 22 Const.

  • Protection of privacy

  • “Everyone has the right to respect for his private and family life, his home and his correspondence”

    • Private life: cultivation, serenity, secrecy, isolation,…

    • Family life: marriage, living together, starting a family...

  • Direct effect – horizontally/vertically

  • Important: protection of privacy is not absolute


Specific legal texts

Specific legal texts

  • Besides the general provisions of article 8 ECHR and article 22 Constitution, there are several specific legal provisions which protects (certain aspects of) privacy

  • F.e.:

    Act 10/4/1990 concerning private security, Act 18/7/1991 concerning private detectives, Data Protection Act, Camera Act, Act 30/6/1994 concerning telephone tap,...


2 data protection act

2. Data Protection Act

  • Act of 8 December 1992 on the protection of privacy in relation to the processing of personal data

    • Protects the citizen against the use of (his) personal data

    • States the rights and obligations of the person who’s data is being processed as of the processor

    • Just a part of “privacy”

    • Penal act (fines)


Personal data

Personal data?

  • any information relating to an identified or identifiable natural person

    • Identifiable = one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity

    • No legal person (f.e.: company)

    • F.e.: name, photo, telephone number (private/work), national register number, banc account number, e-mailadress, fingerprint, code, licence plate,...


Personal data versus anonymous data

Personal data versus anonymous data

Anonymous data = data that cannot be related to an identified or identifiable person and that is consequently not personal data

Encoded data = personal data that can only be related to an identified or identifiable person by means of a code


Processing

Processing?

  • any operation or set of operations which is performed upon personal data, whether or not by automatic means

  • F.e.: collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by means of transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of personal data


Filing system

Filing system?

  • any structured set of personal data which is accessible according to specific criteria

    • structured set of personal data

      • Logical classification

      • Systematic consultation of personal possible

  • accessible according to specific criteria

    • Name

    • National register number

    • ...


Controller

Controller?

  • any natural or legal person, un-associated organization or public authority which alone or jointly with others determines the purposes and means of the processing of personal data

    • F.e.: doctor, company, local authority, non profit organisation,...

  • Important: controller has to comply with all obligations of the Data Protection Act ( = responsability)

  • (processor)


  • Scope data protection act

    Scope Data Protection Act

    • Processing of personal data (wholly of partly) byautomaticmeans

    • Processing of personal data bynonautomaticmeansbutonly

      • Whichforms part of a filing system or

      • Is intented to form part of a filing system


    Principle of finality

    Principle of finality

    • Personal data has to be processed for specified, explicit and legitimate purposes

    • A further processing can (only) be considered compatible with the original purpose(s), considering

      • The reasonable expectations of the data subject or

      • The legal or regulatory provisions


    Principle of proportionality

    Principle of proportionality

    • Personal data has to be adequate, relevant and not excessive in relation to the purpose(s) of the processing

    • Personal data has to be kept in a form that allows for the identification of data subjects, for no longer than necessary with a view to the purposes for which the data is collected or further processed


    When can you proces personal data

    When can you proces personal data?

    • “Normal” personal data: 6 cases (exhaustive list!):

      • consent

      • necessary for the performance of a contract

      • necessary for compliance with a legal obligation

      • necessary in order to protect the vital interests

      • necessary for the performance of a task carried out in the public interest or in the exercise of the official authority

      • promotion of the legitimate interests of the controller (balance of interest)


    Special processings are prohibited but

    Special processings are prohibited… but…

    • Special processings?

      • Processing sensitive personal data

      • Processing health-related personal data

      • Processing of judicial personal data


    Health related personal data

    Health-related personal data

    • No definition

    • In practice: all personal data concerning the former, present or future physical or mental state of health

    • Processing prohibited but prohibition does not apply in some cases (exhaustive list), f.e.:

      • the processing is necessary for the promotion and protection of public health, including medical examination of the population

      • the processing is necessary for the prevention of imminent danger

      • the processing is necessary for the purposes of preventive medicine or medical diagnosis, the provision of care or treatment to the data subject, or the management of health-care services in the interest of the data subject

      • ...


    Legal aspects of incident reporting and data collection fear of the dark

    • Always under the responsibility of a health-care professional, except

      • When there is a written consent

      • When the processing is necessary for the prevention of imminent danger or for the mitigation of a specific criminal offence

  • Right of access

    • Direct

    • Through a health-care professional after a demand of the data subject or de controller


  • Notification with the privacycommission

    Notification with the Privacycommission

    • Notification for any purpose or set of related purposes for which wholly or partly automatic operations are carried out

    • Controller has to notify

    • Notification prior to processing

    • Content notification = legally determined

    • Modification of notification if important information changes

    • By paper (125 euro) or via internet (25 euro)

    • List of exemptions by Royal Decree

    • Notification is not intended to request an authorization or permission, but only to notify a processing = apart from very exceptional cases, in Belgium no authorization is needed to process personal data


    Content of the notification

    Content of the notification

    the name of the processing

    the purposes

    the categories of data being processed (not the data themselves)

    any possible legal or regulatory basis for the processing

    the categories of recipients to whom the data may be disclosed

    the safeguards established for disclosure to third parties

    the way in which the data subjects are informed of the processing

    the person the data subjects may address to exercise their right of access and the measures taken to facilitate this


    Legal aspects of incident reporting and data collection fear of the dark

    the categories of data intended to be transferred abroad, the countries of final destination and the reason why the data are transferred even if the destination countries do not ensure an adequate level of protection

    the period of time after which the data must no longer be stored used or disseminated

    organizational and technical security measures


    Public register

    Public register

    • Data base of the notifications

    • Aim: make the processings of personal data in Belgium more transparant:

      • Data subject can look up information about a processing

      • Privacycommission can audit

    • Accessible to all: through the internet, in our offices, request (extract)

    • The notification contains a description of the characteristics of the processing


    Mission privacycommission

    Mission Privacycommission

    • Since 1/01/2004: independent supervisory authority under the auspices of the Belgian House of Representatives (before that: Ministry of Justice)

    • The Commission's mission is to ensure that privacy is respected when personal data are processed:

      • Opinion and recommandation

      • Authorization (by sector committees)

      • Inspection, supervision and complaints

      • Information and assistance


    Authorizations sector comittees

    Authorizations – sector comittees

    • Specific sector committees have been established

      • Rapid evolution information society

      • Multiplicity of questions (data subjects and governement)

      • The rise of more complex cases

  • Advantage

    • Specific experts from particular domains

  • Different sector committees (6)

    • Important: Sector Committee of Social Security and of Health


  • Legal aspects of incident reporting and data collection fear of the dark

    • Role of such a committee

      • Grants an authorization when data is being exchanged electronically in the network of social security of health

        F.e.: every exchange of personal data by or to the E-health platform

      • Checks the documents and grants yes or no an authorization


    In practice

    In practice

    • To go through all this information again (but on your own pace):

      www.privacycommission.be

    • Emailadress for questions:

      [email protected]

    • Internet demo

      • Website

      • Notification

      • Sector committees


  • Login