1 / 28

Data Protection Act 1998

Data Protection Act 1998. I am not stupid you know!. But …. 1 in 3 people admit they throw away documents containing important personal information without shredding them Lancashire County Council left social work records in a filing cabinet that was sold at auction

faraji
Download Presentation

Data Protection Act 1998

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Protection Act 1998

  2. I am not stupid you know!

  3. But … • 1 in 3 people admit they throw away documents containing important personal information without shredding them • Lancashire County Council left social work records in a filing cabinet that was sold at auction • 62,000 Bank of Scotland mortgage customer details were put on a CD and put in the post but it never turned up ... 

  4. People are aware of their rights! • A senior academic at Lancaster University has received a written warning for making "illicit disclosures" after he responded to a mother's complaint about her son's tuition. • The professor replied immediately, listing the student's modules, contact time etc. BUT • When the student became aware of the exchange, he complained to the university that it had released the information without his consent.

  5. How does the law protect personal data?

  6. The Data Protection Act (DPA) is designed to protect personal data stored on computers or in an organised paper filing system.

  7. The DPA A number of concerns needed addressing: • Who could access this information? • How accurate is it? • Could it be copied? • Is it possible to store information without the individual’s knowledge or permission? • Was a record kept of any changes?

  8. Exercise 1You are on your own in the office one lunchtime, the phone rings…what do you do? You answer the phone … ‘‘Hello I am a lawyer with Grabbitand Runne acting in a criminal case. I need to know the address of one of your members of staff as they are key witnesses in a trial, please can you give me their contact details? Without them the defence will collapse and you may be prosecuted for obstruction…

  9. Exercise 1 • Summary

  10. How the DPA works • The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give legal rights to people who have information stored about them. • Basically it works by: • setting up rules that people have to follow • having an Information Commissioner to enforce the rules It does not stop organisations storing and using information about people. It just makes them follow rules.

  11. The 3 Main Roles • Information Commissioner • Data Controller • Data subject

  12. Types of data There are distinct types of personal data 1. Personal data 2. Sensitivepersonal data If someone who is not entitled to see these details can obtain access without permission it is unauthorised access.

  13. Exercise 2It’s late, you want to go home, you’re the last one in the office, the phone rings (why you again?)…what do you do? You pick up the phone… ‘‘Hello is that the University? I am phoning about my nephew, I want to know how well he is doing, his mother is so worried about him. I also want to know his address so I can send his birthday present …’’

  14. Exercise 2 • Summary

  15. The Eight Principles For the personal data that Data Controllers store and process: • It must be collected and used fairly and inside the law. • It must only be held and used for the reasons given to the Information Commissioner. • It can only be used for those registered purposes and only be disclosed to those people mentioned in the register entry. • The information held must be adequate, relevant and not excessive when compared with the purpose stated in the register. • It must be accurate and be kept up to date. • It must not be kept longer than is necessary for the registered purpose. • The information must be kept safe and secure. • The files may not be transferred outside of the European Economic Area unless the country that the data is being sent to has a suitable data protection law.

  16. Data Subject’s rights • A Right of Subject Access • A Right of Correction • A Right to Prevent Distress • A Right to Prevent Direct Marketing • A Right to Prevent Automatic Decisions • A Right of Complaint to the Information Commissioner • A Right to Compensation

  17. Exemptions Complete exemptions • Any personal data that is held for a national security reason is not covered. • Personal data held for domestic purposes only at home, e.g. a list of your friends' names, birthdays and addresses does not have to keep to the rules. Partial exemptions e.g. HMRC, school pupils, company planning documents, health notes, statistics, employer references

  18. Yes OK Tim, but what does it all mean? • You can be prosecuted for unlawful action under the legislation if: • you use or disclose information about other people without consent or authorisation • you give information to another employee or student who does not need the details to carry out their legitimate duties, even if it was accidental

  19. Think! • Who can hear your phone call? • Who are you really talking to? • Do they really need to know? • Who can see your pc screen? • Where does waste paper end up? • What information is on your desk or in-tray?

  20. You should remember these points: • Do not leave people's information out on your desk. • Lock filing cabinets. • Do not leave data displayed on screen, (use a screensaver?). • Do not leave your computer logged on and unattended. • Do not choose a password that's easy to guess. • Do not give your password to anyone, ever. • Never send anything by fax or e-mail that you wouldn't put on the back of a postcard. • Do not disclose any personal information without the data subject’s consent or verifying the enquirer (e.g. phone the police officer back via the station switch board).

  21. Exercise 3 • Please see Case Study “Lost Laptop” in your notes.

  22. Exercise 3 • Summary

  23. Social Networking

  24. What social media tools are you using? • Are they for work or social purposes? • Or is the line a bit

  25. Social Networking • Social Media ‘posts’ are subject to Data Protection legislation • So, think before updating that Facebook status!

  26. The Internet Doesn’t Forget!

  27. Email: data-protection@bradford.ac.uk with any queries you may have. Exercise 4 What did you get from this session? Please write down 3 things that you are going to do when you get back to the office regarding the DPA issues raised here today.

  28. Thank You! Please email: data-protection@bradford.ac.uk with any queries you may have. www.bradford.ac.uk/data-protection

More Related