150 likes | 335 Vues
Information Governance. Sylvia Reynolds Senior Resources Officer / Information Governance Manager. What is Information Governance?.
E N D
Information Governance Sylvia Reynolds Senior Resources Officer / Information Governance Manager
What is Information Governance? • Information Governanceis an overarching term that we use to cover managing information that is held in any form – i.e. creation, handling, sharing storing and disposal Benefits Knowledge/Change Management Reduce physical and electronic storage space Enable mobile / home working Reduce risks Better service to the public Data Protection Freedom of Information Environmental Information Information Security Information Sharing Records Management Regulation of Investigatory Powers Act 2000 Information Strategy/Policies National Information Standards
Ownership and Responsibility • The Council, elected members, employees and partnering organisations all have a duty to ensure that both business and personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible services • Information Commissioner has power to issue monetary penalties of up to £500,000
ICO Penalties Issued • IT- Destruction - Brighton and Sussex University Hospitals NHS Trust fined £325,000. Personal data of tens of thousands of patients and staff on hard drives sold on internet • Email to wrong recipients 3 times - Surrey County Council fined £120,000 – group email, 361 addresses. • Fax to wrong recipients twice - Hertfordshire County Council was fined £100,000 - Child sex abuse. • Unencrypted laptop - Sheffield-based A4e provides information on employment and starting a business 24,000 people affected - fined £60,000. • Paper Records Theft from Home - Barnet £70,000 - names, addresses, dates of birth and details of the sexual activities of 15 vulnerable children or young people. Social worker took the paper records home to work on them out of hours.
Prosecutions • Individuals – criminal or malicious intent can be fined up-to £5000 • A Slough letting agent obtained details about their tenants from an employee at Slough Borough Council - Used by the company to chase up their tenant’s outstanding debts • Selling Personal Information- A&E reception NHS patient information - to personal injury claims company. • Receptionist at a GP Surgery- on 15 separate accessing ex husbands new wife medical records • Call for custodial sentences • Call for compulsory Data Protection audits
Risks in Middlesbrough • Incidents • 2 Significant incidents • 50 More incidents in 2012 • Data Protection Audit – Limited Assurance • Actions required • ICO Action Plan • Corporate ownership • Awareness/Training • Standardisation • Enforcement • Information Amnesty
Roles & Responsibilities • Senior Information Risk Owner - Set strategic direction ,Ensures there is accountabilitythroughout the Council • Information Governance Manager – Develop corporate standards and policies, operational advice/guidance to staff • Information Working Group - Agreeing an ongoing programme of work to improve Information Governance within their department and within the Council • Audit - ensure compliance against corporate Standards/Policies
Information Governance Team Monitor ICO /Audit Action Plans Information Requests - Supporting Service Areas Compliance audits Policy reviews Incident management Advise on investigations. Information Commissioner’s Complaints Mandatory Training Programme Develop an Information Strategy Develop a Corporate Information Sharing Protocol Facilitate a more proactive approach to developing standards, liaison with the Caldicott Guardians, ICT and transformation projects. Monitor and authorise RIPA Applications
EXAMPLES OF MBC INCIDENTS CAUSE TYPE DATA Car Break in to car window when it was parked and double locked but unattended. ID badge, an entry Fob, a diary containing 11 patients initials 8 of which also had their addresses & a notebook containing initials and assessment details of patent's/service users Memory Stick Partner information - Transferred to a third party unencrypted lap top Forensic Social care Files containing sensitive personal data of 24 service users total of 216 docs. Email Email & attachment to wrong internal group e-mail address - approx 150 recipients Child Protection / Domestic Violence Referral Filing Cabinet Files found in stored furniture redundant after office move Confidential Youth offending case files Hard drive Staff Personal hard drive sold on Ebay Containing CFL client information Partner Laptop theft - Domiciliary Care provider - Allied - broken into and 2 laptops stolen. Names and addresses of Social care clients in receipt of domiciliary care. Allied's IT support have assured them all data is safe need pin numbers and are encrypted.
EXAMPLES OF MBC INCIDENTS CAUSE TYPE DATA Manual Transporting Information Gust of wind blew document out of technician's hand - unable to retrieve Sensitive personal data re a client and a name and work details of an employee Brief case An open briefcase found at the Deaf Centre. Details of 6 children with disabilities. Letter Sent to wrong address Sensitive personal data - core assessment form Courier Box of approximately 20 children’s case files left in a corridor by a courier when office it was addressed to was locked. Children's case files for archive