2014 dpa training february nn
DESCRIPTION
Data Protection Training presentation for work. A consistent 7/7 from audience on presentation and slides. The presentation covers the 8 principles of the Act and describes the roles and responsibility of staff.TRANSCRIPT
![Page 1: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/1.jpg)
Data Protection Training Session
Information Management Team
February 2014
![Page 2: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/2.jpg)
2
Table of ContentsSection 1 Introduction: how the Act works
Section 2 Definitions
Section 3 The 8 Principles of the DPA
Section 4 Your responsibilities
Section 5 Additional information
![Page 3: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/3.jpg)
Your take aways
• Know the 8 principles
• Know your role and responsibilities.
3
![Page 4: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/4.jpg)
4
The Legal FrameworkOur use of information is governed by a range of laws principally:
• The Data Protection Act • The Freedom of
Information Act• Common Law Duty of
Confidence• Human Rights ActYou need to know how
these laws affect you!
![Page 5: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/5.jpg)
5
![Page 6: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/6.jpg)
What is the Data Protection Act?
6
![Page 7: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/7.jpg)
7
How the Act Works
As a “data controller” , you have to follow the eight principles so you protect the rights of individuals also known as “data subjects”.
The principles cover how you work with personal data and sensitive personal data.
![Page 8: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/8.jpg)
SECTION TWO: DEFINITIONS
8
![Page 9: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/9.jpg)
9
What is personal Information?Personal information is defined broadly and has two criteria:
First. It must relate to a living person. The dead do not have data protection rights. The living relatives will have a right to privacy and confidentiality.
Second, the person must be identifiable – either from the information itself or from the information plus other information which the data controller either possesses or is likely to possess in the future
The definition of personal data includes any expression of opinion about the data subject.
![Page 10: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/10.jpg)
10
What is Sensitive Personal Data? Sensitive personal information is defined by the Act. It covers the following areas:
Race ethnic originCriminal records (including CRB checks)Membership of a trade unionMedical records (such as sickness absence)Political opinionsReligious, or similar beliefs Sexual life, for example, a person’s sexual
orientation
In most cases explicit consent is needed before these can be used but other conditions may apply.
![Page 11: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/11.jpg)
11
What is a Data Subject
A data subject is any living individual who is the subject of personal data.
![Page 12: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/12.jpg)
12
What is a data controllerAn organisation, or an individual, is a data controller if it has full authority to decide how and why personal data is to be “processed” . When an organisation uses personal data or shares it with another organisation, it is acting as a data controller.
Please note that an employee working for an organisation can never be a data controller.
![Page 13: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/13.jpg)
13
What is processing?
![Page 14: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/14.jpg)
SECTION 3 THE 8 PRINCIPLES
14
![Page 15: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/15.jpg)
• If you learn nothing else on Data Protection, remember the following slide and you’ll probably be OK
15
![Page 16: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/16.jpg)
16
The 8 Data Protection Principles
1. Fairly and lawfully processed2. Processed for limited purposes.3. Adequate, relevant and not excessive4. Accurate and up to date5. Not kept for longer than is necessary. 6. Processed in line with the rights of the
data subject. 7. Stored and processed securely.8. Not transferred to countries without
adequate protection.
![Page 17: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/17.jpg)
17
Principle 1: Fair and Lawful
![Page 18: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/18.jpg)
18
Principle 2. Processed for limited purposes
![Page 19: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/19.jpg)
19
Principle 3. Adequate, relevant, not excessive
![Page 20: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/20.jpg)
20
Principle 4 Accurate
![Page 21: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/21.jpg)
21
Principle 5 Not kept for longer than is necessary.
![Page 22: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/22.jpg)
Principle 6 Rights of Data Subjects
22
![Page 23: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/23.jpg)
23
Principle 7 Secure
• VS
![Page 24: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/24.jpg)
24
Principle 8
![Page 25: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/25.jpg)
Video Breakhttp://www.youtube.com/watch?v=CdYWoLC7TNI&feature=youtu.be
25
![Page 26: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/26.jpg)
SECTION 4 YOUR RESPONSIBILITIES
26
![Page 27: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/27.jpg)
Responsibilities
• Subject Access Requests
• Security of information
• Records management
• Sharing information
27
![Page 28: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/28.jpg)
Subject Access requests
• What is a SAR?
• What do you need to do?• Educational Record• Third Party Data• Confidentiality
28
![Page 29: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/29.jpg)
Security of Paper records
29
![Page 30: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/30.jpg)
Records management
30
![Page 31: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/31.jpg)
Sharing information
31
![Page 32: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/32.jpg)
SECTION 5 CONTACT INFORMATION
32
![Page 33: 2014 dpa training february nn](https://reader033.vdocuments.net/reader033/viewer/2022052620/5579b301d8b42aca7a8b4659/html5/thumbnails/33.jpg)
33
Who to contact?
Information Commissioner’s Office
0303 123 1113
Information Management Team
03000 268 035