1 / 14

Data Protection Act – Myths & Musts

Data Protection Act – Myths & Musts. Rick Byers Head of Operations, CTI Group. Brought to you in conjunction with Edugeek. Welcome to Education Innovation. Who am I?

royal
Download Presentation

Data Protection Act – Myths & Musts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Protection Act – Myths & Musts Rick Byers Head of Operations, CTI Group Brought to you in conjunction with Edugeek

  2. Welcome to Education Innovation • Who am I? • Head of Operations for the CTI Group, an international software house, dealing this most of the worlds mobile tier 1 telcos and their data • Member of the British Computer Society Information Security Group (BCS ISSG) • Certified ISO27001:2005 Lead Implementer • What Are we going to talk about in this session? • DPA, what, why, who, where etc • Impact on schools • FUD – Fear, Uncertainty and Doubt

  3. Disclaimer • I am not a lawyer! • If you have a question around certain parts of law, seek professional, legal advise • It might not be any different, but because you’ve paid for it, you’ll feel better! • I am a cynic

  4. Data Protection Act • What is it? • It’s a piece of legislation, across the EEA (not just the EU), that is supposed to allow the free transfer of personal data, whilst safeguarding that data. • What is it not? • It’s not designed to stop the flow of data • Although some countries implement more stringent laws than others • It’s not designed to stop people knowing things

  5. The 8 Principles • Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless: (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. • Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. • Personal data shall be accurate and, where necessary, kept up to date. • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. • Personal data shall be processed in accordance with the rights of data subjects under this Act. • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. • Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

  6. OK – But what is meant by Personal Data? • Personal data means data which relate to a living individual who can be identified – • (a) from those data, or • (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, • and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

  7. OK, what are my responsibilities? - Musts • You must obey the law – sort of goes without saying • The law can be found here: http://www.legislation.gov.uk/ukpga/1998/29/contents • You (your organisation) must be registered with the DPA, if it processes Personal Data

  8. Myths #1 • “The Data Protection Act stops parents from taking photos in schools” - False • “The Data Protection Act stops parents from finding out their children’s exam results” - False • “Data protection law aims to protect people’s privacy.” - False • Or rather, half false • “Laws across the EU provide the same level of data protection.” - False • “Personal data” is… well, private information about a person, surely?" - False • “'Processing' personal data involves doing something with it.” - False

  9. Myths #2 • "You can process personal data freely if it's already public knowledge." – False • “Only personal data of EU residents is protected.” - False • "Only EU organisations are caught by EU data protection laws." – False • "You can easily get hold of all documents an organisation holds that contain your personal data." - False • "If someone processes your personal data without your consent • you can get compensation  • they're committing a criminal offence."  • - False x 2

  10. Myths #3 • “You can stop others from processing your personal data if you don’t want them to.” - False • “Posting other people’s personal data on Facebook etc is fine.” - False • “Journalists and bloggers can freely publish personal data.” - False Myths taken from: http://zine.openrightsgroup.org/features/2010/data-protection:-myths-and-misses

  11. Recent DPA Related News • North Lincolnshire Council – Lost USB stick • Bay House School – Hacked • Freehold Community School – laptop and paperwork stolen from a car • Norwich City College – Sensitive data not disposed of appropriately • Here we can see 4 different types of data breach – Loss, hacking, theft & mismanagement You can find all this information, and more, at: breachwatch.com

  12. Summary • The DPA is here to protect us, not hinder us – intentionally anyway • We all benefit from the act • We are all bound by the act • As Data Controllers we have special responsibilities • Remember you can delegate tasks, but not responsibility • The ICO has lots of good advice

  13. Useful Information • ICO Docs: • Guidance on Exams: http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/data_protection_good_practice_note_access_to_exam_results.pdf • Sample lessons – complete with PowerPoint presentations – how easy is that? http://ico.org.uk/schools • Specific guidance for schools: http://ico.org.uk/for_organisations/sector_guides/~/media/documents/library/Data_Protection/Research_and_reports/report_dp_guidance_for_schools.ashx • Breach watch: http://Breachwatch.com

  14. Thank You for your time – any questions?

More Related