data protection
play

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 - PowerPoint PPT Presentation

Jul 18, 2023 •133 likes •518 views

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main legislation in the UK governing information on individuals. It places obligations on organisations that hold and use information on

  1. DATA PROTECTION and SCRA www.scra.gov.uk

  2. Data Protection Act 1998 (DPA)  DPA is the main legislation in the UK governing information on individuals.  It places obligations on organisations that hold and use information on individuals.  It gives individuals important rights, including the right to find out what information is held about them and to ask for it.  It covers all types of records – electronic, paper, other media. www.scra.gov.uk

  3. Why is the DPA important to SCRA?  Information on children and their families is central to SCRA’s business.  SCRA also holds information on members of staff.  SCRA has a statutory duty to treat both these types of information in accordance with the DPA, and this applies to everyone in SCRA.  Breaches of the DPA can put the safety of child and/or parents at risk, and can have consequences for members of staff and the organisation. www.scra.gov.uk

  4. Eight data protection principles Anyone or any organisation that holds personal information must comply with the eight principles of good information handling that make up the DPA. www.scra.gov.uk

  5. Data Protection Principles . Personal data: 1. Must be fairly and lawfully processed. 2. Shall be obtained and processed only for specified and lawful purposes 3. Shall be adequate, relevant and not excessive. 4. Must be accurate and, where necessary, up to date. 5. Shall not be kept for longer than is necessary. 6. Must be processed in line with an individual’s rights. 7. Must be secure. 8. Not transferred outside the European Economic Area (EEA) without adequate protection. www.scra.gov.uk

  6. 1st data protection principle Personal data must be fairly and lawfully processed. SCRA must:  Have legitimate reasons for collecting and using the information.  Not use the information in ways that could cause unwarranted harm.  Be open about how the information will be used.  Handle people’s personal data only in ways they would reasonably expect.  Make sure that we do not do anything unlawful with the information. www.scra.gov.uk

  7. 2nd data protection principle Personal data shall be obtained and processed only for specified and lawful purposes. For SCRA this is: ‘ We process personal information to enable us to fulfil our statutory functions which include the development of policies and procedures for safeguarding and promoting the welfare of children, to maintain our accounts and records and to support and manage our employees .’ www.scra.gov.uk

  8. 3rd data protection principle Personal data shall be adequate, relevant and not excessive. This means that SCRA should only collect and hold the minimum amount of the personal information needed for our We have to be forthright with the public. We have to have their confidence. We have to convince purposes. them we’re working for the common good. Then we can invade their privacy. www.scra.gov.uk

  9. 4th data protection principle Personal data must be accurate and, where necessary, up to date. SCRA must:  Take reasonable steps to ensure the accuracy of any personal information we obtain.  Ensure that the source of the information is clear.  Carefully consider any The databank is slightly mistaken. I’m not challenges to the accuracy of an alcoholic. I never attempted to information. assassinate the MD. I haven’t been married 17 times. I don’t owe £86,000  Consider whether it is gambling debts.. necessary to update the information. www.scra.gov.uk

  10. 5th data protection principle Personal data shall not be kept for longer than is necessary. SCRA must:  Review the length of time it keeps personal information.  Securely delete/destroy information that is no longer needed.  Update, archive or securely delete/destroy information if it goes out of date. www.scra.gov.uk

  11. 6th data protection principle Processed in line with individuals’ rights. These rights include:  Rights to access the information we hold about them.  To object to the processing of their information.  To have inaccurate information corrected or destroyed.  Right to claim compensation for damages caused by a breach of the DPA. www.scra.gov.uk

  12. 7th data protection principle Information security Contraventions can have SERIOUS implications:  Potential harm to individuals  Damage to organisation’s reputation  Financial www.scra.gov.uk

  13. Secure Keeping information secure Paper records:  Kept in locked cabinet, desk, etc.  Not left unattended.  If taken off-site (inc. home) – must be kept securely as possible and not left unattended.  Must be shredded when no longer needed. www.scra.gov.uk

  14. Secure Keeping information secure Electronic records:  Must be held on password protected systems.  Must be deleted when no longer required.  Must be held in encrypted laptops or encrypted memory sticks if taken off site.  Must never be transmitted to/ via home email or held on home PCs, etc.  Can only be emailed to organisations that have secure email (e.g. gcsx, gsi, pnn, nhs.net, cjsm). www.scra.gov.uk

  15. What is personal data? DPA covers two types of information: 1. Personal data – relates to the identity of a living person or could be used to find out their identity. Includes any expressions of opinion about the individual. www.scra.gov.uk

  16. Personal data 2. Sensitive personal data - relates to the identity of a living person or can be used to establish their identity AND includes one or more on their: – Racial or ethnic origin – Political opinions – Religious beliefs – Trade Union Membership – Physical or mental health – Sexual life Offending or alleged offending . – www.scra.gov.uk

  17. Personal data Sensitive personal data – additional conditions  That it is in the vital interests of the individual  Necessary for legal proceedings  Necessary for administering justice or other statutory functions  It is in the public interest. This is balanced by strict conditions. www.scra.gov.uk

  18. Children’s personal data Children are data subjects in their own right – from birth Children aged 12 and over – considered mature enough to understand their rights. Parents do not have an automatic entitlement to information on their child – must be acting on the child’s behalf. ICO guidance: any court orders, duty of confidence to child, consequences of providing parents with child’s information (e.g. abusive parents), child’s views on whether parents can have access to their information, etc. www.scra.gov.uk

  19. Who is responsible in SCRA? Data Controller = SCRA  Determines how and why personal data is used.  Responsible for ensuring compliance with the DPA. Director of Support Services – Maggie McManus – has lead responsibility in SCRA. www.scra.gov.uk

  20. Who is responsible in SCRA? ALL OF US www.scra.gov.uk

  21. Information Commissioner Wide ranging powers:  Publicising breaches  Enforcement Notices  Fines  Audits www.ico.org.uk www.scra.gov.uk

  22. www.scra.gov.uk

  23. SCRA policies - DPA 1. Case Information Policy 2. Case Information Breaches Reporting 3. Non Disclosure – Practice Direction 04 4. Information Sharing Guidance 5. Records Management Policy – inc. Employment Records Management Policy and Procedures 6. Information Security Handbook All available on Data Protection page on Connect www.scra.gov.uk

  24. SCRA compliance SCRA information breaches Most common:  Incorrect addresses  Hearings papers for different children being sent together Others:  Incorrect email addresses  Office moves – documents left in filing cabinets. www.scra.gov.uk

  25. SCRA compliance Case information breaches - examples 1. Mother’s new address noted in social work report but not picked up by SCRA and CMS not updated. Member of public phoned SCRA to say that they had received papers that were not for them. Mother did not get any papers for her child’s Hearing. • How could this have been prevented? • What remedial action was needed? • Was there a breach of the DPA? www.scra.gov.uk

  26. SCRA compliance Case information breaches - examples 2. During copying of papers for forthcoming Hearings, a set of grounds was copied into another child’s papers and sent. Mother who received papers reported to SCRA that she had received grounds for another child. Both children’s mothers distressed by this breach. • How could this have been prevented? • What remedial action was needed? • Was there a breach of the DPA? www.scra.gov.uk

  27. SCRA compliance Case information breaches – examples 3. Old filing cabinets are being removed from an SCRA office. Removals company contracted to remove and dispose of old filing cabinets. Contractor contacts SCRA to say that filing cabinets he removed contain papers with names on them. • How could this have been prevented? • What remedial action was needed? • Was there a breach of the DPA? www.scra.gov.uk

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

172 views • 14 slides
The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection) and 2002/58/EC

440 views • 19 slides
Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining Data Protection People 18 th April 2016 Agenda Introduction Current Rules (DPA 98 & PECR) Overview of GDPR Business-wide impact Practical

479 views • 28 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Plan & Deploy Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline Lead - RDC Planning & Deploy Data Protection & Availability Industry Typical Data Retention Requirements Patient

662 views • 9 slides
Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

isor visor Superv Super Data protection in the EU Area of Data protection in the EU Area of ection tection freedom, security and justice under the Lisbon Treaty d th Li b T t ta Prot ta Pro ean Da an Da Bndicte Havelange

739 views • 10 slides
Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11 Staple Inn Tel: +44 (0)20 7209 2000 London Fax: +44 (0)20 7209 2001 WC1V 7QH DX 0001 London Chancery Lane Myth Busting GDPR doesnt apply to

657 views • 8 slides
Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

CONSUMER AWARENESS WORKSHOP on Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019 Kolkata OBJECTIVE Engage with the consumer and civil society organisations (CSOs) in tier II locations to

623 views • 50 slides
Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from performing illegal I/Os Memory protection Otto J. Anshus Prevent users from modifying kernel code and data (including slides from Kai Li,

350 views • 6 slides
Briefing on 25 Jan 2016 at ERA@MBSq 1 Data Protection Officer (DPO) Under the Personal Data

Briefing on 25 Jan 2016 at ERA@MBSq 1 Data Protection Officer (DPO) Under the Personal Data

Briefing on 25 Jan 2016 at ERA@MBSq 1 Data Protection Officer (DPO) Under the Personal Data Protection Act 2012 (PDPA), organisations are required to develop and implement policies and practices that are necessary to meet its obligations under

1.02k views • 24 slides
Sav aviour CACHIA IA - Commissione ner Office of the Information and Data Protection

Sav aviour CACHIA IA - Commissione ner Office of the Information and Data Protection

General Data Protection Regulation (GDPR) Sav aviour CACHIA IA - Commissione ner Office of the Information and Data Protection Commissioner Regulation (EU) 2016/679 ... on the protection of natural persons with regard to the processing of

504 views • 13 slides
Big data and the new EU data protection Regulation The role of Big Data in Healthcare Sophie

Big data and the new EU data protection Regulation The role of Big Data in Healthcare Sophie

Big data and the new EU data protection Regulation The role of Big Data in Healthcare Sophie LOUVEAUX London 14-15 November 2016 Big Data Means Opportunities More Knowledge, Large Computing and Large Availability of Better Personal Data

377 views • 18 slides
Ewan Robson Director, IG Compliance ltd 1 Todays Training Look at the History of the Data

Ewan Robson Director, IG Compliance ltd 1 Todays Training Look at the History of the Data

Data Protection Act 1998/General Data Protection Regulation 2016 Freedom of Information Act Ewan Robson Director, IG Compliance ltd 1 Todays Training Look at the History of the Data Protection Act/General Data Protection

575 views • 40 slides
Proposed EU Data Protection Regulation: Impact on Handling of Data Breach, DPOs and Staff

Proposed EU Data Protection Regulation: Impact on Handling of Data Breach, DPOs and Staff

Proposed EU Data Protection Regulation: Impact on Handling of Data Breach, DPOs and Staff Surveillance by non-EEA Financial Services Firms Cross Border Group 28 February 2013 39 Offices in 19 Countries Agenda 1) Proposed EU Data Protection

664 views • 25 slides
DATA PROTECTION ACT 2017 Tuesday 06 March 2018 from 08.30 hrs 15.30 hrs InterContinental

DATA PROTECTION ACT 2017 Tuesday 06 March 2018 from 08.30 hrs 15.30 hrs InterContinental

The Ministry of Technology, Communication and Innovation and The Data Protection Office Workshop On DATA PROTECTION ACT 2017 Tuesday 06 March 2018 from 08.30 hrs 15.30 hrs InterContinental Mauritius Resort, Balaclava Fort, Coastal Road,

931 views • 80 slides
Data integrity protection Data integrity protection with cryptsetup tools with cryptsetup tools

Data integrity protection Data integrity protection with cryptsetup tools with cryptsetup tools

Centre for Research on Cryptography and Security research.redhat.com crocs.fi.muni.cz Data integrity protection Data integrity protection with cryptsetup tools with cryptsetup tools What is the Linux dm-integrity module and What is the

883 views • 25 slides
GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq.,

GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq.,

THOMSON REUTERS GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq., and Reymond E. Yammine, Esq., K&L Gates AUGUST 3, 2018 The European Unions General Data Protection Regulation, Violations

320 views • 4 slides
GDPR what is it? Replaces the Data Protection Act 1998 European legislation will

GDPR what is it? Replaces the Data Protection Act 1998 European legislation will

GDPR what is it? Replaces the Data Protection Act 1998 European legislation will not be gold plated Comes into force 25 May 2018 BREXIT Data Protection Bill Why is GDPR relevant to me? Healthcare has been an area

692 views • 17 slides
The content in this presentation largely derives from work carried out by the UKs Information

The content in this presentation largely derives from work carried out by the UKs Information

The content in this presentation largely derives from work carried out by the UKs Information Commissioners Office THE BIGGEST THREAT TO ORGANISATIONS FROM THE GDPR IS MASSIVE FINES. THE LAW IS NOT ABOUT FINES. ITS ABOUT PUTTING THE

75 views • 7 slides
GDPR Annual Refresher Training Annual refresher training - intro It is a legal requirement that

GDPR Annual Refresher Training Annual refresher training - intro It is a legal requirement that

GDPR Annual Refresher Training Annual refresher training - intro It is a legal requirement that all staff and volunteers have GDPR refresher training on an annual basis. Logistically, it makes sense to offer refresher training electronically

682 views • 39 slides
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big datas benefits Seminar arranged by the Office for Personal Data Protection, Macao,

305 views • 8 slides
Information session for public sector Political agreement reached in mid-December Text

Information session for public sector Political agreement reached in mid-December Text

Information session for public sector Political agreement reached in mid-December Text currently being prepared in all languages, and streamlined Formal adoption expected in late April or early May Will apply from April/May 2018

548 views • 30 slides
GDPR what is it? A new data protection framework which puts individuals back in control of

GDPR what is it? A new data protection framework which puts individuals back in control of

GDPR what is it? A new data protection framework which puts individuals back in control of their personal data ICO 12 steps to GDPR compliance 7. Consent 1. Awareness 2. Document the personal data you hold 8. Children 3. Communicating

540 views • 28 slides
Solved! WHY? You take good care of your clients so you also care for their dataprivacy Your

Solved! WHY? You take good care of your clients so you also care for their dataprivacy Your

EU General Data Protection Regulation (GDPR) Solved! WHY? You take good care of your clients so you also care for their dataprivacy Your clients can feel safe and protected since you care about them The General Data Protection Regulation

436 views • 8 slides

More recommend