legal aspects of incident reporting and data collection fear of the dark n.
Download
Skip this Video
Download Presentation
Legal aspects of incident reporting and data collection : Fear of the Dark?

Loading in 2 Seconds...

play fullscreen
1 / 25

Legal aspects of incident reporting and data collection : Fear of the Dark? - PowerPoint PPT Presentation


  • 79 Views
  • Uploaded on

Legal aspects of incident reporting and data collection : Fear of the Dark?. Meeting on “ Incident Reporting in Radiotherapy ” 3rd of September – Federal Agency for Nuclear Control. 1. Clear up misunderstanding: scope of our Data Protection Act. Privacy (1). Data Protection (2). …. ….

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Legal aspects of incident reporting and data collection : Fear of the Dark?' - palti


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
legal aspects of incident reporting and data collection fear of the dark

Legal aspects of incident reporting and data collection :Fear of the Dark?

Meeting on “Incident Reporting in Radiotherapy”

3rd of September – Federal Agency for Nuclear Control

1

clear up misunderstanding scope of our data protection act
Clear up misunderstanding:scope of our Data Protection Act

Privacy (1)

Data

Protection (2)

Privacy

Protection of privacy(1) in relation to the processing of personal data (2)

1 privacy article 8 echr art 22 const
1. Privacy: article 8 ECHR – art. 22 Const.
  • Protection of privacy
  • “Everyone has the right to respect for his private and family life, his home and his correspondence”
    • Private life: cultivation, serenity, secrecy, isolation,…
    • Family life: marriage, living together, starting a family...
  • Direct effect – horizontally/vertically
  • Important: protection of privacy is not absolute
specific legal texts
Specific legal texts
  • Besides the general provisions of article 8 ECHR and article 22 Constitution, there are several specific legal provisions which protects (certain aspects of) privacy
  • F.e.:

Act 10/4/1990 concerning private security, Act 18/7/1991 concerning private detectives, Data Protection Act, Camera Act, Act 30/6/1994 concerning telephone tap,...

2 data protection act
2. Data Protection Act
  • Act of 8 December 1992 on the protection of privacy in relation to the processing of personal data
      • Protects the citizen against the use of (his) personal data
      • States the rights and obligations of the person who’s data is being processed as of the processor
      • Just a part of “privacy”
      • Penal act (fines)
personal data
Personal data?
  • any information relating to an identified or identifiable natural person
      • Identifiable = one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity
      • No legal person (f.e.: company)
      • F.e.: name, photo, telephone number (private/work), national register number, banc account number, e-mailadress, fingerprint, code, licence plate,...
personal data versus anonymous data
Personal data versus anonymous data

Anonymous data = data that cannot be related to an identified or identifiable person and that is consequently not personal data

Encoded data = personal data that can only be related to an identified or identifiable person by means of a code

processing
Processing?
  • any operation or set of operations which is performed upon personal data, whether or not by automatic means
  • F.e.: collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by means of transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of personal data
filing system
Filing system?
  • any structured set of personal data which is accessible according to specific criteria
    • structured set of personal data
        • Logical classification
        • Systematic consultation of personal possible
    • accessible according to specific criteria
        • Name
        • National register number
        • ...
controller
Controller?
  • any natural or legal person, un-associated organization or public authority which alone or jointly with others determines the purposes and means of the processing of personal data
      • F.e.: doctor, company, local authority, non profit organisation,...
  • Important: controller has to comply with all obligations of the Data Protection Act ( = responsability)
  • (processor)
scope data protection act
Scope Data Protection Act
  • Processing of personal data (wholly of partly) byautomaticmeans
  • Processing of personal data bynonautomaticmeansbutonly
      • Whichforms part of a filing system or
      • Is intented to form part of a filing system
principle of finality
Principle of finality
  • Personal data has to be processed for specified, explicit and legitimate purposes
  • A further processing can (only) be considered compatible with the original purpose(s), considering
      • The reasonable expectations of the data subject or
      • The legal or regulatory provisions
principle of proportionality
Principle of proportionality
  • Personal data has to be adequate, relevant and not excessive in relation to the purpose(s) of the processing
  • Personal data has to be kept in a form that allows for the identification of data subjects, for no longer than necessary with a view to the purposes for which the data is collected or further processed
when can you proces personal data
When can you proces personal data?
  • “Normal” personal data: 6 cases (exhaustive list!):
      • consent
      • necessary for the performance of a contract
      • necessary for compliance with a legal obligation
      • necessary in order to protect the vital interests
      • necessary for the performance of a task carried out in the public interest or in the exercise of the official authority
      • promotion of the legitimate interests of the controller (balance of interest)
special processings are prohibited but
Special processings are prohibited… but…
  • Special processings?
    • Processing sensitive personal data
    • Processing health-related personal data
    • Processing of judicial personal data
health related personal data
Health-related personal data
  • No definition
  • In practice: all personal data concerning the former, present or future physical or mental state of health
  • Processing prohibited but prohibition does not apply in some cases (exhaustive list), f.e.:
      • the processing is necessary for the promotion and protection of public health, including medical examination of the population
      • the processing is necessary for the prevention of imminent danger
      • the processing is necessary for the purposes of preventive medicine or medical diagnosis, the provision of care or treatment to the data subject, or the management of health-care services in the interest of the data subject
      • ...
slide17
Always under the responsibility of a health-care professional, except
      • When there is a written consent
      • When the processing is necessary for the prevention of imminent danger or for the mitigation of a specific criminal offence
  • Right of access
      • Direct
      • Through a health-care professional after a demand of the data subject or de controller
notification with the privacycommission
Notification with the Privacycommission
  • Notification for any purpose or set of related purposes for which wholly or partly automatic operations are carried out
  • Controller has to notify
  • Notification prior to processing
  • Content notification = legally determined
  • Modification of notification if important information changes
  • By paper (125 euro) or via internet (25 euro)
  • List of exemptions by Royal Decree
  • Notification is not intended to request an authorization or permission, but only to notify a processing = apart from very exceptional cases, in Belgium no authorization is needed to process personal data
content of the notification
Content of the notification

the name of the processing

the purposes

the categories of data being processed (not the data themselves)

any possible legal or regulatory basis for the processing

the categories of recipients to whom the data may be disclosed

the safeguards established for disclosure to third parties

the way in which the data subjects are informed of the processing

the person the data subjects may address to exercise their right of access and the measures taken to facilitate this

slide20

the categories of data intended to be transferred abroad, the countries of final destination and the reason why the data are transferred even if the destination countries do not ensure an adequate level of protection

the period of time after which the data must no longer be stored used or disseminated

organizational and technical security measures

public register
Public register
  • Data base of the notifications
  • Aim: make the processings of personal data in Belgium more transparant:
    • Data subject can look up information about a processing
    • Privacycommission can audit
  • Accessible to all: through the internet, in our offices, request (extract)
  • The notification contains a description of the characteristics of the processing
mission privacycommission
Mission Privacycommission
  • Since 1/01/2004: independent supervisory authority under the auspices of the Belgian House of Representatives (before that: Ministry of Justice)
  • The Commission's mission is to ensure that privacy is respected when personal data are processed:
    • Opinion and recommandation
    • Authorization (by sector committees)
    • Inspection, supervision and complaints
    • Information and assistance
authorizations sector comittees
Authorizations – sector comittees
  • Specific sector committees have been established
      • Rapid evolution information society
      • Multiplicity of questions (data subjects and governement)
      • The rise of more complex cases
  • Advantage
      • Specific experts from particular domains
  • Different sector committees (6)
      • Important: Sector Committee of Social Security and of Health
slide24

Role of such a committee

      • Grants an authorization when data is being exchanged electronically in the network of social security of health

F.e.: every exchange of personal data by or to the E-health platform

      • Checks the documents and grants yes or no an authorization
in practice
In practice
  • To go through all this information again (but on your own pace):

www.privacycommission.be

  • Emailadress for questions:

commission@privacycommission.be

  • Internet demo
      • Website
      • Notification
      • Sector committees