130 likes | 370 Views
Data Protection – sharing i nformation with tenants 6 th November 2013 Scrutiny.net. Yvonne Davies Director, Scrutiny & Empowerment Partners Ltd. For Discussion. Information Commissioner Advice Eight principles What do we share and why? What training is offered?
E N D
Data Protection – sharing information with tenants6th November 2013Scrutiny.net Yvonne Davies Director, Scrutiny & Empowerment Partners Ltd
For Discussion • Information Commissioner Advice • Eight principles • What do we share and why? • What training is offered? • What do customers sign? www.ico.org.uk/for_organisations/data_protection
Personal data • Personal data means data which relate to a living individual who can be identified – • (a) from those data, or • (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, • and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
Sensitive personal data • Equality • Mental health or physical condition • Sex life • Trade union • Political opinion • Offence or alleged offence • Court proceedings
Personal data breach A personal data breach means "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provisions of a public electronic communications service." Forms from the ICO for reporting
Who is involved? • Data subject • Data controller – the landlord • Data processor Volunteers treated as employees, provided: • Sign a confidentiality statement • Training is expected • Appropriate action is taken on breach • Determine data at risk – give basic info only • Safeguards - security of data • Risk v benefit assessment
Stage one: keep a log • Keep a log of personal data breaches • You must keep a record of all personal data breaches in an inventory or log. It must contain: • the facts surrounding the breach; • the effects of that breach; and • remedial action taken.
Stage two – notify the ICO You must notify the Information Commissioner of any personal data breaches within 24 hours of becoming aware of the essential facts of the breach. This notification must include at least: • your name and contact details • the date and time of the breach (or an estimate) • the date and time you detected it • basic information about the type of breach • basic information about the personal data concerned
Stage three – tell those affected • your name and contact details • the estimated date of the breach • a summary of the incident • the nature and content of the personal data • likely effect on the individual • any measures you have taken to address the breach • how they can mitigate any possible adverse impact of the breach
Giving Consent • To be valid, consent must be knowingly given, clear and specific. It must involve some form of positive action – for example, ticking a box, clicking an icon, sending an email, or subscribing to a service – and the person must fully understand that they are giving consent.
Tenants as volunteers • What training is offered? • ICO material and general support • New joiners • TOR, CoC, role description and confidentiality agreement • What do customers sign? Data Protection Act – confidentiality statement • What do we share, when and why? Discuss!
Thank-you for listeningQuestions and Discussionwww.tenantadvisor.net yvonne@tenantadvisor.net Tel: 07867 974659 www.tenantadvisor.net/blog