1 / 13

Information Governance

Information Governance. Sylvia Reynolds Senior Resources Officer / Information Governance Manager. What is Information Governance?.

amal-riggs
Télécharger la présentation

Information Governance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Information Governance Sylvia Reynolds Senior Resources Officer / Information Governance Manager

  2. What is Information Governance? • Information Governanceis an overarching term that we use to cover managing information that is held in any form – i.e. creation, handling, sharing storing and disposal Benefits Knowledge/Change Management Reduce physical and electronic storage space Enable mobile / home working Reduce risks Better service to the public Data Protection Freedom of Information Environmental Information Information Security Information Sharing Records Management Regulation of Investigatory Powers Act 2000 Information Strategy/Policies National Information Standards

  3. Ownership and Responsibility • The Council, elected members, employees and partnering organisations all have a duty to ensure that both business and personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible services • Information Commissioner has power to issue monetary penalties of up to £500,000

  4. ICO Penalties Issued • IT- Destruction - Brighton and Sussex University Hospitals NHS Trust fined £325,000. Personal data of tens of thousands of patients and staff on hard drives sold on internet • Email to wrong recipients 3 times - Surrey County Council fined £120,000 – group email, 361 addresses. • Fax to wrong recipients twice - Hertfordshire County Council was fined £100,000 - Child sex abuse. • Unencrypted laptop - Sheffield-based A4e provides information on employment and starting a business 24,000 people affected - fined £60,000. • Paper Records Theft from Home - Barnet £70,000 - names, addresses, dates of birth and details of the sexual activities of 15 vulnerable children or young people. Social worker took the paper records home to work on them out of hours.

  5. Prosecutions • Individuals – criminal or malicious intent can be fined up-to £5000 • A Slough letting agent obtained details about their tenants from an employee at Slough Borough Council - Used by the company to chase up their tenant’s outstanding debts • Selling Personal Information- A&E reception NHS patient information - to personal injury claims company. • Receptionist at a GP Surgery- on 15 separate accessing ex husbands new wife medical records • Call for custodial sentences • Call for compulsory Data Protection audits

  6. Risks in Middlesbrough • Incidents • 2 Significant incidents • 50 More incidents in 2012 • Data Protection Audit – Limited Assurance • Actions required • ICO Action Plan • Corporate ownership • Awareness/Training • Standardisation • Enforcement • Information Amnesty

  7. Roles & Responsibilities • Senior Information Risk Owner - Set strategic direction ,Ensures there is accountabilitythroughout the Council • Information Governance Manager – Develop corporate standards and policies, operational advice/guidance to staff • Information Working Group - Agreeing an ongoing programme of work to improve Information Governance within their department and within the Council • Audit - ensure compliance against corporate Standards/Policies

  8. Information Governance Team Monitor ICO /Audit Action Plans Information Requests - Supporting Service Areas Compliance audits Policy reviews Incident management Advise on investigations. Information Commissioner’s Complaints Mandatory Training Programme Develop an Information Strategy Develop a Corporate Information Sharing Protocol Facilitate a more proactive approach to developing standards, liaison with the Caldicott Guardians, ICT and transformation projects. Monitor and authorise RIPA Applications

  9. Further Information

  10. END

  11. EXAMPLES OF MBC INCIDENTS CAUSE TYPE DATA Car Break in to car window when it was parked and double locked but unattended. ID badge, an entry Fob, a diary containing 11 patients initials 8 of which also had their addresses & a notebook containing initials and assessment details of patent's/service users Memory Stick Partner information - Transferred to a third party unencrypted lap top Forensic Social care Files containing sensitive personal data of 24 service users total of 216 docs. Email Email & attachment to wrong internal group e-mail address - approx 150 recipients Child Protection / Domestic Violence Referral Filing Cabinet Files found in stored furniture redundant after office move Confidential Youth offending case files Hard drive Staff Personal hard drive sold on Ebay Containing CFL client information Partner Laptop theft - Domiciliary Care provider - Allied - broken into and 2 laptops stolen. Names and addresses of Social care clients in receipt of domiciliary care. Allied's IT support have assured them all data is safe need pin numbers and are encrypted.

  12. EXAMPLES OF MBC INCIDENTS CAUSE TYPE DATA Manual Transporting Information Gust of wind blew document out of technician's hand - unable to retrieve Sensitive personal data re a client and a name and work details of an employee Brief case An open briefcase found at the Deaf Centre. Details of 6 children with disabilities. Letter Sent to wrong address Sensitive personal data - core assessment form Courier Box of approximately 20 children’s case files left in a corridor by a courier when office it was addressed to was locked. Children's case files for archive

More Related