1 / 28

Introduction to Data Protection

Introduction to Data Protection. Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do. Main Points.

hasana
Download Presentation

Introduction to Data Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Data Protection Training prepared by Geoff Webb Information Security & Governance Consultant Data Protection isn’t a choice, it’s the law What all CPH staff must do DPA Presentation v3

  2. Main Points Person Identifiable Data (PID) - the information that would enable a person’s identity to be established DPA Presentation v3

  3. Person Identifiable Data (PID) The term applies to a combination of some of the following data items wherever it/they may appear and irrespective of the name of any data field in which it/they may appear, allowing that patient to be identified: Name - including last name and any forename or aliases Address – including any current or past address of residence Postcode - including any current or past postcode of residence Telephone number Date of birth NHS number Ethnic category Local Patient identifier Hospital Encounter number Patient pathway identifier SUS spell ID Unique booking reference number Date of death DPA Presentation v3

  4. Main Points Person Identifiable Data (PID) - the information that would enable a person’s identity to be established Security and confidentiality of PID DPA Presentation v3

  5. Security and confidentiality of PID Keep it safe Don’t let someone else have it Don’t give someone’s secrets away DPA Presentation v3

  6. Security and confidentiality of PID Why not? The Data Protection Act is the law that protects us against illegal and inappropriate use of our personal information without our consent, and the same applies to us using the information of others DPA Presentation v3

  7. Data Protection Act Principles Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is: Fairly and lawfully processed Processed for limited purposes Adequate, relevant and not excessive Accurate and up to date Not kept for longer than is necessary Processed in line with your rights Secure  Not transferred to other countries without adequate protection DPA Presentation v3

  8. Main Points Person Identifiable Data (PID) - the information that would enable a person’s identity to be established Security and confidentiality of PID The need to identify individual data subjects DPA Presentation v3

  9. The need to identify individuals Do you really need to know who they are? If so, they must give informed consent Anonymisation and Pseudonymisation DPA Presentation v3

  10. Reasons to be careful – part 1 Data Protection Act Civil Rights Freedom of Information DPA Presentation v3

  11. Reasons to be careful – part 2 Information Commissioner’s Office (ICO) Wrath of the ICO Legal and Financial penalties DPA Presentation v3

  12. Data Protection Act and the ICO If we breach any of the DPA Principles, the ICO can impose heavy financial penalties, up to £500,000 a time. If a person thinks that we are not doing all we should with their personal data they can ask the ICO to investigate. The ICO will arrive unannounced and will carry out a stringent audit on all our processes for handling Personal Data. DPA Presentation v3

  13. What can you do? Information Security Maintain Confidentiality Always keep on the right side of the law DPA Presentation v3

  14. Information Security Electronic data security Physical security What to watch out for DPA Presentation v3

  15. Maintain Confidentiality Don’t gossip DPA Presentation v3

  16. Stay safe online What’s at risk? Personal information Corporate information DPA Presentation v3

  17. Stay safe online Source of risk? Virus writers Email attachments Software DPA Presentation v3

  18. Stay safe online Types of risk? Worms Trojan Horses Botnet Phishing DPA Presentation v3

  19. Stay safe online Types of risk? Worms Trojan Horses Botnet Phishing DPA Presentation v3

  20. Stay safe online If you click on My Account Activityyou will go to somewhere quite unexpected Types of risk? Worms Trojan Horses Botnet Phishing DPA Presentation v3

  21. Stay safe online Can you avoid the risk? DPA Presentation v3

  22. Stay safe online Can you avoid the risk? Not really DPA Presentation v3

  23. Stay safe online Can you avoid the risk? Not really Damage limitation DPA Presentation v3

  24. Stay safe online Can you avoid the risk? Not really Damage limitation Use Encryption DPA Presentation v3

  25. Stay safe online Avoid being the risk Email protocol Using social media Follow the rules DPA Presentation v3

  26. Stay safe online What if you are targeted? SPAM Suspected Malware You said something you shouldn’t have DPA Presentation v3

  27. Stay safe online What you need to do Think before you Send Don’t fall for hoaxes Take care with social media DPA Presentation v3

  28. Always keep on the right side of the law Finally If a process isn’t intuitive, use a Checklist Know where the Policies, Procedures and Guidelines are stored When in doubt, ask! DPA Presentation v3

More Related