data protection act 1998
play

Data Protection Act 1998 WBro Martin P Roche - ProvGSec/ScE April - PowerPoint PPT Presentation

Jan 06, 2024 •173 likes •397 views

The Provincial Grand Lodge and Chapter of East Lancashire Data Protection Act 1998 WBro Martin P Roche - ProvGSec/ScE April 2017 Why do I need to read this? If you have access to the systems and records that the Province holds about our

  1. The Provincial Grand Lodge and Chapter of East Lancashire Data Protection Act 1998 WBro Martin P Roche - ProvGSec/ScE April 2017

  2. Why do I need to read this? • If you have access to the systems and records that the Province holds about our members, or • The purpose of this presentation is to simply remind you: – Of the existence of the Data Protection Act – How the Act applies to you when undertaking the work of the Province and your role within it – That it affects all those who have legitimate business access (i.e. when carrying out the duties of your role) to the information we hold concerning our members – That there are consequences in the case of non-compliance – Of best practice to ensure we all comply with our obligations WBro Martin P Roche - ProvGSec/ScE April 2017

  3. The Data Protection ... Why is it important to me? • Our members have disclosed to us for the purpose of their membership, certain personal information relating to their identity and how they may be contacted • That information is stored, primarily in an electronic format on our own system (Keystone), but as a consequence, on the Grand Lodge system we access for business use (Adelphi 2) • Because of your role, you have been given access to those systems and that brings with it a personal and organisational responsibility to ensure we all protect the private information of our members • We all therefore have a duty of care to our members to ensure their personal information is accurate, stored securely, used properly and disposed of appropriately if no longer required. WBro Martin P Roche - ProvGSec/ScE April 2017

  4. How does the law protect personal data? WBro Martin P Roche - ProvGSec/ScE April 2017

  5. The Data Protection Act (DPA) is designed to protect personal data concerning living individuals which is stored on computers or in an organised paper filing system. For us that includes: • Keystone • Adelphi 2 • And any associated paper records WBro Martin P Roche - ProvGSec/ScE April 2017

  6. How the DPA works • The Data Protection Act 1998 was brought in to control the way personal information is handled and to give legal rights to people who have information stored about them. • Basically it works by: • setting up rules that people have to follow • having an Information Commissioner to enforce the rules • Ensuring that organisations such as ours follow those rules • It does not prevent us from storing and using information about our members. It just means we that we have to follow a set of rules to – Protect our members and their personal information – Protect ourselves WBro Martin P Roche - ProvGSec/ScE April 2017

  7. The 3 Main Roles  Information Commissioner (IoC)  Data Controller (The Province)  Data subject (The Member) WBro Martin P Roche - ProvGSec/ScE April 2017

  8. Types of data There are distinct types of data involved: 1. Personal data For us, that only includes: Name, address, date of birth, occupation, membership records, contact details 2. Sensitive personal data: The Province does not hold this type of data If someone who is not entitled to see this data can obtain access without permission, it is deemed and termed, unauthorised access and may constitute a breach of the Act WBro Martin P Roche - ProvGSec/ScE April 2017

  9. The Data Protection Act A number of issues need considering:  Who can access our information?  How do they access it?  How accurate is it?  How do we ensure it is stored securely?  Do we keep it up to date?  Do we use it properly? WBro Martin P Roche - ProvGSec/ScE April 2017

  10. What does it actually mean? • Who can access our information? – All staff/volunteers/Officers of the Province who have been authorised to do so because of their role, must have signed a declaration in respect of the DPA and been provided with the Provincial Policy (which is also available on our website) • How do they access it and keep it secure? – By a secure log on either within the Provincial Office or remotely from home. Either way, users must ensure that they protect their log on details and password and do not leave open systems unattended so that unauthorised users such as visitors – and family – can see or access it. – If a user feels their log on/ID has been compromised, they must contact the Secretariat as soon as possible – Keeping secure also means controlling any paper records or printouts of personal information. If you are disposing of paper records which contain personal information, it must be shredded. This MUST be borne in mind when accessing systems from home. WBro Martin P Roche - ProvGSec/ScE April 2017

  11. What does it actually mean? • How do we make sure it is accurate and up to date? – We ask our members and Secretaries/Scribes to update us of any changes in member’s details – We must then update our records in a timely manner – If we identify any errors, we have an obligation to highlight it. If in doubt, raise the issue with staff in the Secretariat. – We publish a policy (on the Provincial website) which sets out how we do this and our approach to the management and storage of personal information WBro Martin P Roche - ProvGSec/ScE April 2017

  12. What does it actually mean? • What does ‘using it properly’ mean? – That we only ever access our systems for a legitimate business reason which is related to our specific role – That we only ever use the information we obtain from our systems for the purpose it was provided by the member i.e. For the administration of their memberships – That we do not disclose any aspect of a members details other than to a person who has a legitimate reason to know it because of their role/function within the Province. – That we question any request for a member’s personal information – That we do not disclose personal information to persons or organisations outside of the Province. – If in doubt ALWAYS ask a member of staff in the Secretariat. WBro Martin P Roche - ProvGSec/ScE April 2017

  13. The Eight Principles The personal data that we store and processes must be: 1. Collected and used fairly and within the law 2. Only be held and used for the reasons we have given to the Information Commissioner (i.e. as a ‘not for profit’ membership organisation) 3. Only used for our registered purposes and then, only disclosed to those people who have a right to process it 4. Adequate, relevant and not excessive when compared with the purpose stated in the register 5. Accurate and be kept up to date 6. Retained (kept) only for as long as is necessary for our registered purpose 7. Stored safely and securely 8. Not be transferred outside of the European Economic Area unless the country that the data is being sent to has a suitable data protection law – This point might not seem relevant, but we actually have hundreds of East Lancashire members all over the world WBro Martin P Roche - ProvGSec/ScE April 2017

  14. Some of the Data Subject’s rights 1. Amongst other things, the Data Subjects (our members) have a right to enquire about what information we hold concerning them. This is called Subject Access 2. They have a right to ask that records are amended where found to be incorrect 3. They have a right to expect that we will, by virtue of holding that information, not cause them any distress 4. That they will not be subject to Direct Marketing 5. They have recourse of complaint to the Information Commissioner 6. They also have the right to claim compensation if we get it wrong WBro Martin P Roche - ProvGSec/ScE April 2017

  15. Exemptions Complete exemptions 1. Any personal data that is held for a national security reason is not covered – thankfully, not an issue for the Province! 2. Personal data held for domestic purposes only at home, e.g. a list of your friends' names, birthdays and addresses does not have to keep to the rules. Partial exemptions e.g. HMRC, school pupils, company planning documents, health notes, statistics, employer references The Provincial Grand Lodge and Chapter of East Lancashire may be registered with the Information Commissioner as a ‘not for profit’ membership organisation, but we are not exempt from the Act WBro Martin P Roche - ProvGSec/ScE April 2017

  16. What can go wrong? • Individuals as well as the Province can be prosecuted under the legislation if we: – use or disclose information about other people without their consent or authorisation • This could happen if we used members personal information for a purpose which was outside our legitimate business use or in a manner which the member did not agree to or reasonably expect – give personal information to another person who does not have a right to have it, even if it was accidental • Unauthorised disclosure is a serious breach of the legislation WBro Martin P Roche - ProvGSec/ScE April 2017

  17. Social Networking • Social Media ‘posts’ are subject to Data Protection legislation! • THINK : Are you sharing information in a social environment/ setting, only known to you because of your business role? • THINK : before updating or posting that status as you may be disclosing personal information inappropriately – and illegally • REMEMBER : the internet does not forget! WBro Martin P Roche - ProvGSec/ScE April 2017

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main legislation in the UK governing information on individuals. It places obligations on organisations that hold and use information on

518 views • 37 slides
GDPR what is it? Replaces the Data Protection Act 1998 European legislation will

GDPR what is it? Replaces the Data Protection Act 1998 European legislation will

GDPR what is it? Replaces the Data Protection Act 1998 European legislation will not be gold plated Comes into force 25 May 2018 BREXIT Data Protection Bill Why is GDPR relevant to me? Healthcare has been an area

692 views • 17 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Ewan Robson Director, IG Compliance ltd 1 Todays Training Look at the History of the Data

Ewan Robson Director, IG Compliance ltd 1 Todays Training Look at the History of the Data

Data Protection Act 1998/General Data Protection Regulation 2016 Freedom of Information Act Ewan Robson Director, IG Compliance ltd 1 Todays Training Look at the History of the Data Protection Act/General Data Protection

575 views • 40 slides
New Data Protection law - Impact on the University LSBUs compliance roadmap Roadmap -

New Data Protection law - Impact on the University LSBUs compliance roadmap Roadmap -

New Data Protection law - Impact on the University LSBUs compliance roadmap Roadmap - continuity, change, uncertainty Data Protection Act 1998 GDPR 2016 Agreed Dec 2015 Approved Apr 2016 In force 25 May 2018 Still to be resolved

478 views • 10 slides
GDPR General Data Protection Regulations Members briefing 9 May 2019 Comparison DPA 1998

GDPR General Data Protection Regulations Members briefing 9 May 2019 Comparison DPA 1998

GDPR General Data Protection Regulations Members briefing 9 May 2019 Comparison DPA 1998 GDPR Fines up to 500K Fines up to 20M SARs 10 SARS Free SARs 40 days SARs up to a month Data breaches reported

251 views • 6 slides
5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

172 views • 14 slides
The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection) and 2002/58/EC

440 views • 19 slides
Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining Data Protection People 18 th April 2016 Agenda Introduction Current Rules (DPA 98 & PECR) Overview of GDPR Business-wide impact Practical

479 views • 28 slides
(The new Data Protection Act) A presentation by Lian Stibbs Access Manager Staffordshire County

(The new Data Protection Act) A presentation by Lian Stibbs Access Manager Staffordshire County

GDPR (The new Data Protection Act) A presentation by Lian Stibbs Access Manager Staffordshire County Council GDPR Context 1998 Act established concept of citizen privacy rights in a very different technological world 2018

254 views • 7 slides
Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Plan & Deploy Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline Lead - RDC Planning & Deploy Data Protection & Availability Industry Typical Data Retention Requirements Patient

662 views • 9 slides
Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

isor visor Superv Super Data protection in the EU Area of Data protection in the EU Area of ection tection freedom, security and justice under the Lisbon Treaty d th Li b T t ta Prot ta Pro ean Da an Da Bndicte Havelange

739 views • 10 slides
Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11 Staple Inn Tel: +44 (0)20 7209 2000 London Fax: +44 (0)20 7209 2001 WC1V 7QH DX 0001 London Chancery Lane Myth Busting GDPR doesnt apply to

657 views • 8 slides
INFO 1998: Introduction to Machine Learning Lecture 3: Data Visualization INFO 1998: Introduction

INFO 1998: Introduction to Machine Learning Lecture 3: Data Visualization INFO 1998: Introduction

INFO 1998: Introduction to Machine Learning Lecture 3: Data Visualization INFO 1998: Introduction to Machine Learning Agenda 1. Why Data Visualization is Important 2. Data Visualization Libraries 3. Basic Visualizations 4. Advanced Visualizations

546 views • 28 slides
Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

CONSUMER AWARENESS WORKSHOP on Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019 Kolkata OBJECTIVE Engage with the consumer and civil society organisations (CSOs) in tier II locations to

623 views • 50 slides
Fake ke WhatsA tsAPP Mess ssag ages Information Security Education and Awareness (ISEA)

Fake ke WhatsA tsAPP Mess ssag ages Information Security Education and Awareness (ISEA)

Fake ke WhatsA tsAPP Mess ssag ages Information Security Education and Awareness (ISEA) Project Phase-II Check Fake WhatsApp messages before you forward You may receive many spam emails. Fake WhatsApp forwards in a day while using

390 views • 21 slides
We Welcome! WNY RPC Board of Directors Meeting August 21, 2019 200 Dunham Avenue Jamestown (The

We Welcome! WNY RPC Board of Directors Meeting August 21, 2019 200 Dunham Avenue Jamestown (The

We Welcome! WNY RPC Board of Directors Meeting August 21, 2019 200 Dunham Avenue Jamestown (The Resource Center) 10AM 12:30PM What are w we d doing t today? Introductions/New Board Members Updates from State Partners 2020

463 views • 22 slides
Pre-WWI: India mixed country franking postal history Pr Prese sente nted B d By: y:

Pre-WWI: India mixed country franking postal history Pr Prese sente nted B d By: y:

Pre-WWI: India mixed country franking postal history Pr Prese sente nted B d By: y: Ravi V vi Vor ora 26 Ma May 2 y 2018 ROMPEX, OMPEX, DEN ENVER VER. C . COL OLOR ORADO O ORGANIZATION AROUND THE WORLD VIA INDIA

584 views • 31 slides
AHS COMPUTING Userid... You have been given a unique userid so that you can logon to Quest

AHS COMPUTING Userid... You have been given a unique userid so that you can logon to Quest

Introduction to Computing AHS COMPUTING Userid... You have been given a unique userid so that you can logon to Quest (course selection) This is the only userid you will use while you are at UW! Know your userid! WATIAM

455 views • 18 slides
the Workplace September 15, 2014 Dr. Jan C. Kircher Objectives: What. Is workplace

the Workplace September 15, 2014 Dr. Jan C. Kircher Objectives: What. Is workplace

Behind Office Doors: Bullying in the Workplace September 15, 2014 Dr. Jan C. Kircher Objectives: What. Is workplace bullying? Are behaviors are associated with workplace bullying? Is the impact of workplace bullying? Are

504 views • 26 slides
Cyber-bullying

Cyber-bullying

Educating Our Students On Cyber-bullying http://www.google.com/imgres?imgurl=&imgrefurl=http%3A%2F%2Finfo.uknowkids.com%2Fblog%2Fbid%2F159164%2FGlobal- 1

557 views • 18 slides
How to use Microsoft Teams to participate in the HTSM 2020 online conference 1. Click this link to

How to use Microsoft Teams to participate in the HTSM 2020 online conference 1. Click this link to

How to use Microsoft Teams to participate in the HTSM 2020 online conference 1. Click this link to pay your registration fee. 2. Use your email to create a Microsoft Account if you dont already have one. 3. Use your Microsoft Account to sign into

279 views • 3 slides
ECCV Papers and Presentations Site How to login and upload content Click the link to connect with

ECCV Papers and Presentations Site How to login and upload content Click the link to connect with

ECCV Papers and Presentations Site How to login and upload content Click the link to connect with the site https://papers.eccv2020.eu/login/ Enter your email associated with your paper Success, please check your inbox Your email contains a

451 views • 14 slides

More recommend