Data Protection and Information Security Training

This content provides insights into data protection laws, personal data, risks, and special categories of personal data. Understand the importance of safeguarding personal information and the key principles of data protection. Learn about the consequences of mishandling data and ways to maintain information security.

• Data protection
• Information security
• Personal data
• Data risks
• Legal rights

theo_39 Follow

Uploaded on Mar 09, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Data Protection and Information Security Annual Training 2018

2. Learning Outcomes By the end of this session, you will: Understand why the Council, and you, need to take care of personal information Know more about the key concepts in data protection law, including the 6 principles Be reminded of your duty of confidentiality Know what can happen if we get things wrong Understand ways you can keep information safe and secure

3. What does data protection law do? It controls the way personal information about individuals is handled It gives legal rights to people who have information stored about them It sets out rules that those who hold personal information (data controllers) have to follow It sets up an Information Commissioner s Office (ICO) to enforce the rules, led by the Information Commissioner. It does not stop us storing and using information it just makes us follow rules to protect that information.

4. Examples of Data Protection Risks Paper records (day sheets, rotas) left lying in vehicles or public places Confidential conversations in public areas Unknown visitors to Council buildings Computer screens left unlocked Mobile devices with no security Letters or emails sent to wrong person or with wrong attachment

5. What is personal data? Information about a living individual Who can be identified from that information Or from that information when matched with other information held And includes any expression of opinion PERSONAL DATA

6. What is special categories personal data? Racial or ethnic origin Political opinions Religious beliefs Trade union membership Physical of mental health Sex life or sexual orientation Genetic or biometric data TAKEPARTICULARCARE WITH THIS KIND OF DATA

7. Which of these is your personal data? Personal data? Personal data? Your name Yes or no? Yes or no? Yes Your name Yes Your address Your address Yes Yes Salary for your post Salary for your post No No Your salary grading Your salary grading Yes Yes Professional qualification for the job you do do No No Professional qualification for the job you Your professional qualifications Your professional qualifications Yes Yes Duties of your post Duties of your post No No

8. But Do not hesitate to share information in order to prevent abuse or serious harm to the service user or others in an emergency or in a life-or-death situation

9. Data protection principles Personal information Must be processed lawfully, fairly and transparently Must be processed for specified, explicit and legitimate purposes Must be adequate, relevant and limited to what is necessary Must be accurate and up-to-date Must not be kept for longer than is necessary Must be kept securely

10. 1. Fair, lawful and transparent There must be good reason to use personal information and we should be clear with service users and citizens what we are doing with it, by using notices on application forms, web sites and leaflets called privacy notices. Can you think of a situation where you do this, or could do it better?

11. 2. Specified, explicit and legitimate purposes If you collect information for one purpose, you should think carefully before you use it for another unrelated purpose (unless you have consent to do that). Are there cases where we could actually provide a better, joined-up service, if we asked for consent to share the information with a different part of the Council?

12. 3. Adequate, relevant and limited to what is necessary Think carefully before you ask for information. Personal information must not be collected just because it has always been collected. Do you really need to ask for someone's gender or date of birth? Can you think of a situation where you no longer need to ask for certain personal information?

13. 4. Accurate and up-to-date We must take reasonable steps to check the accuracy of information we both receive and hold. What steps could you take to ensure that personal information you hold (whether in paper or electronic format) is kept up-to-date and destroyed after an appropriate amount of time? This links to the next principle.

14. 5. Kept for no longer than necessary You must follow the Council's records management policies and procedures, which set out how long different types of records should be retained. This applies to electronic records as well as to paper records. What records do you have in databases, information systems and emails which you should no longer hold? How could you and/or your team tackle this issue and improve on your record management practices?

15. 6. Kept securely Personal information in all formats must be kept securely paper, electronic and CCTV records are all covered by data protection law. How could you and/or your team improve on the security of information, in the office or when carrying information? Where there has been a data breach, have you reported this?

16. Duty of confidentiality Linked to the 6th principle keep information secure. Arises when one person discloses information to another in circumstances where it is reasonable to expect that the information will be held in confidence. The Council's Code of Conduct for Members and Officers provides that: All official information acquired by employees in the course of their duties will be regarded as confidential. Employees should never disclose or use confidential Council information for their own advantage or for the benefit of anyone associated with them or to the disadvantage or discredit of the Council or anyone else. Any breaches will be investigated and, where appropriate, dealt with in line with the Council's Disciplinary Policy

17. Whats the worst that can happen? Information Commissioner s investigation of data breach financial penalties are possible Prosecution of individuals who have breached the DPA Breaches of codes of practice on confidentiality Damage and distress caused to our service users and citizens Loss of reputation and trust Operational disruption Media coverage

18. Whats the worst that can happen?

19. Whats the worst that can happen?

20. Whats the worst that can happen?

21. Whats the worst that can happen? You can be prosecuted as an individual for a breach of the DPA rules:

22. Practical tips Always double check the name and address of the recipient, whether on a paper letter or an email. Ensure email attachments containing personal information are password-protected. Lock computer screens

23. Practical tips (continued) Who are you really talking to? Never give out personal information over the phone unless you are sure of the person's identity. Who can hear you? Do not speak about confidential matters in public places. What information is lying around? Keep papers safe, particularly those containing special categories personal information. Where does your waste paper end up? Ensure confidential paper documents are shredded and disposed of securely.

24. Practical tips (continued) Personal data should never be left visible on a screen or papers left unattended, whether in the office or outside. Papers taken out of the office should be transported securely. Always challenge any unknown persons in Council buildings if they don't have a security badge. Follow the Council's guidance on dealing with requests for personal data, when dealing with a request.

25. Data protection : key points Take care of personal information. Take particular care when dealing with special categories personal data. Take care when recording information as individuals may have the right to see it including any expressions of opinion about them. Remember your duty of confidentiality. But do not hesitate to share information if there is a risk of serious harm to the service user or others

26. Information security: key points We are all responsible for keeping information secure and must comply with the Council s policies and procedures. Breach of information security can lead to consequences for the Council and the employee concerned. Always report breaches or near misses. Always look for ways to improve on systems and procedures.

27. Further information Inside Falkirk data protection pages, including: Data protection and confidentiality guidelines Requests for personal data Confidentiality Sharing personal data Data breach notification form Information security policy Contact: Wendy Barber Information Governance Manager x6124