1 / 23

Data Protection and Websites LawWorks for Community Groups

This resource provides community groups and charities with information on data protection laws, including FAQs, case studies, and tips on website compliance. It covers topics such as registration, consent, data security, and the consequences of non-compliance.

jbold
Download Presentation

Data Protection and Websites LawWorks for Community Groups

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Protection and Websites LawWorks for Community Groups Talk Title goes here Subtitle goes here 9 July 2013 Name Surname One Peter Wainman peter.wainman@mills-reeve.com 01223 222408 Name Surname Two

  2. Summary • Data protection • 10 FAQ for community groups and charities • Case study • Websites • 4 FAQ for community groups and charities • Any other questions

  3. 1. Does the Data Protection Act apply to us? • Personal data • Data held electronically or in certain manual files • Identifying living individuals • Data controller • Decides how and why to process personal data • Legal entity • Exemptions • Domestic affairs

  4. 2. Do we have to register with the ICO? • Information Commissioner’s Office • Register of data controllers • Fee • Classes of data, data subjects, purposes for processing • Not for profit exemption • Establishing/maintaining membership • Supporting not for profit • Activities for members or people with regular contact • Small business exemption

  5. 3. What is the most important thing for us to do to comply with the DPA? • ICO’s top five for charities • Tell people what you are doing with their data • Make sure your staff are adequately trained • Use strong passwords • Encrypt all portable devices • Only keep people’s information as long as necessary

  6. 3. (Continued) • Appropriate technical and organisational security measures • Technical measures • Use/encryption of portable devices • Passwords • Organisational measures • Training staff and volunteers • Policies • Disclosures to data processors (more later)

  7. 4. What other things can we do to improve our compliance? • Fair and lawful processing; conditions • Tell people what you’re doing • Notices and privacy policies • Consent? • Keep data accurate and up to date • Don’t keep more data than you need • Ensure you have enough data • Don’t keep data longer than you need it

  8. 5. Can we disclose personal data to anyone else? • Data processors • Act on your behalf • Mailing houses, IT hosting and support • Written contract – act on instructions and security • Other community groups/charities • Notice – consent? • Family, friends etc • The law and common sense • Police and others • Exemptions – prevention and detection of crime

  9. 6. Can we send emails to people asking them for support? • Direct marketing • Directed at individuals • Right to prevent • Electronic communications regulations • Prior consent • Soft opt-in • Notices • Telephone … fax?

  10. 7. We think we have lost some personal data. Do we need to tell anyone? • Telling the ICO • The law – no obligation • Reality – mitigating risk of enforcement • ICO guidance • Amount and sensitivity of data • Impact on data subjects • Telling data subjects • Would they want to know? • What could they do? • Other responses to breach

  11. 8. Someone has asked for a copy of the data we hold about them. What do we do? • Subject access request • Request in writing • £10 fee • 40 days to respond • What to do • Search (relevant) records • Information about individual • Exemptions – data about third parties • Provide in intelligible form

  12. 9. What is the worst that could happen if we don’t comply with the DPA? • Information notices, enforcement notices • Undertakings (eg Community Integrated Care) • Monetary penalty notices • Up to £500k for serious breaches • Criminal penalties for certain breaches • Liability of officers etc • Reputation

  13. 10. I hear that the DPA is going. What do I need to know about the new law? • More of the same • Some new concepts • Data Protection Officers, obligations on data processors, right to be forgotten, privacy by design • Slow progress • Unlikely before 2016 • Get your house in order under the DPA for now • Lobby your MP/MEP … ?

  14. Case study Drugs Are Bad (DAB) is a community service organisation providing drug dependency support in South Park. Mr Mackey runs the organisation with help from student volunteers. The volunteers staff a drop-in centre – people are offered advice and information. DAB collects information about the people who make enquiries.

  15. Case study (2) • Who is the data controller? • Does Mr Mackey need to register with the ICO? • Whose data does DAB hold?

  16. Case study (3) Mr Mackey wants to thank the volunteers for their help. He creates a new Facebook page and posts photos of the volunteers. He also adds a bit of background about what they have contributed to DAB – in some instances, telling the story of their own successful fights with addiction. He can’t find all of them on Facebook but tags the ones he can.

  17. Case study (4) • Has Mr Mackey done anything wrong?

  18. 1. Are we allowed to use cookies? • “Making a meal out of cookies and spam” • Law updated May 2011 • Prior consent to the use of cookies • Unless necessary for the provision of an information society service (eg Amazon) • Internet browser controls • A year to comply • Pop-ups

  19. 2. Do we need to adapt our website for people with disabilities? • Disability discrimination • Service providers to make reasonable adjustments • Navigation • Graphics • Guidance from W3C, the RNIB and the Rights Commission

  20. 3. Do we need to have a privacy policy? • Data protection • Fair processing information – notice and consent • Who you are and what you will do with the data • Web forms • Link to privacy policy • Other information • Tick boxes

  21. 4. Do we need to have terms of use for our website? • Companies, charities and service providers • Information requirements • Intellectual property rights • Use of information • Liability and risk • Exclusions • Children

  22. (Other) Questions

More Related