1 / 17

Data Protection webinar: Collaborative working

Data Protection webinar: Collaborative working. Welcome. We’re just making the last few preparations for the webinar to start at 11.00. Keep your speakers or headphones turned on and you will shortly hear a voice!. 2 nd December 2014.

mmcguire
Télécharger la présentation

Data Protection webinar: Collaborative working

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Protection webinar:Collaborative working Welcome. We’re just making the last few preparations for the webinar to start at 11.00. Keep your speakers or headphones turned on and you will shortly hear a voice! 2nd December 2014

  2. This presentation is intended to help you understand aspects of the Data Protection Act 1998 and related legislation.It is not intended to provide detailed advice on specific points, and is not necessarily a full statement of the law.

  3. Programme Recap on key Data Protection points Who is responsible for what? Full joint working Close collaboration Loose collaboration Sharing data Using contractors

  4. Data Protection:the absolute basics We are trying to: Prevent harm through Good security: Keeping data only in the right hands (and being clear what ‘the right hands’ are) Holding good quality data (accurate, up to date and adequate) Reassure people so that they trust us, through Transparency: Making sure people know enough about what we are doing Giving people a choice where possible & reasonable 5

  5. The Data Protection Principles Data ‘processing’ must be ‘fair’ and legal You must limit your use of data to the purpose(s) you obtained it for Data must be adequate, relevant & not excessive Data must be accurate & up to date Data must not be held longer than necessary Data Subjects’ rights must be respected You must have appropriate security Special rules apply to transfers abroad 6

  6. Data Controller organisation organisations • “Data Controller” means … a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are … processed. • So, you can be: • Joint controllers • Controllers in common • Independent controllers

  7. Full joint working: Example • New joint client database for Refugee Council, Scottish Refugee Council, Welsh Refugee Council • Shared responsibility (and some sharing of clients) • Shared financial liability = Joint Data Controllers • Required: • Detailed negotiation • Full data sharing agreement

  8. Close collaboration: Example • Cathedral, with several associated charities • Multiple databases, overlapping, used mainly for marketing (in its broadest sense), to be consolidated into one new system • All ultimately under one authority = Joint Data Controllers • Required: • Simplified data sharing agreement

  9. Loose collaboration: Example • Advice agencies in a London borough, setting up an online referral system to pass clients to the most appropriate agency • Each responsible for their own clients = Independent Data Controllers • Required: • Simplified data sharing agreement

  10. Sharing data: Example 1 • Talent Match consortium, each agency treating clients as their own • Data to be shared with lead agency for management purposes and with central evaluator = Independent Data Controllers • Required: • Data sharing incorporated into delivery contract

  11. Sharing data: Example 2 • Funder requires personal data about the beneficiaries of a programme to be passed back to the funder = Independent Data Controllers • Required: • Data sharing incorporated into contract • Beneficiaries to be informed at the outset

  12. Ad hoc data sharing • One agency agrees that if necessary they will disclose information about one of their clients to another agency = Independent Data Controllers • Required: • Data sharing protocol • Client to be informed when the situation arises

  13. Data sharing agreement • Key headings: • Purpose(s) (Principle 2) • Roles and management of the agreement • Security obligations and procedures (Principle 7) • Transparency & choice (Principle 1) • Data quality (Principles 3 & 4) • Retention periods (Principle 5) • Subject Access (Principle 6) • Information Commissioner’s Code of Practice

  14. Conditions for Fair Processing(must meet at least one) With consent of the Data Subject (“specific, informed and freely given”) For a contract involving the Data Subject To meet a legal obligation To protect the Subject’s ‘vital interests’ Government functions In your ‘legitimate interests’ (or the interests of the organisation you disclose information to) provided the Data Subject’s rights, freedoms and interests are respected

  15. Using contractors … determines the purposes for which and the manner in which … organisation Whenever one organisation uses another to process data for the first organisation’s purposes the second organisation is likely to be a Data Processor “Data Processor” … means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.

  16. Data Processor contract • Must be in writing (Data Protection Act) • Must set out the relationship • Must cover security • Others worth looking at (checklist)

  17. Many thanks Follow-up questions: paul@paulticher.com To come by e-mail: • Link to evaluation questionnaire • Then option to download presentation and supporting documents

More Related