1 / 45

Data Protection Act 1998

The Right of Access to Information DATA PROTECTION ACT 1998 FREEDOM OF INFORMATION ACT 2000 ENVIRONMENTAL INFORMATION REGULATIONS 2004 Andy Gray (Information Management ). Data Protection Act 1998. Why you are here.

mvalentino
Télécharger la présentation

Data Protection Act 1998

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Right of Access to InformationDATA PROTECTION ACT 1998FREEDOM OF INFORMATION ACT 2000ENVIRONMENTAL INFORMATION REGULATIONS 2004Andy Gray(Information Management)

  2. Data Protection Act 1998

  3. Why you are here “all staff must be aware of the Data Protection Act and of their obligations under it.” ADC Data Protection Policy “a person must not knowingly or recklessly, without the consent of the data controller - (a) obtain or disclose personal data or the information contained in personal data, or (b) procure the disclosure to another person of the information contained in personal data” Data Protection Act 1998 Section 55 (1)

  4. What is Data Protection? The purpose of the Data Protection Act is to ensure that data relating to living people is handled responsibly.

  5. What does it do for people? The Act grants certain rights to individuals about whom data is held: • we must tell them what we are doing with their data • they can object to some of the uses we have for it • identifies a body who will investigate complaints and provide advice – Information Commissioner • they can see the data we hold about them on request

  6. What does it do for the organisation? • Provides rules that have to be followed when processing personal information • Requires organisations to publicly show what personal information they are using - Notification • Restricts the use of “sensitive” personal information

  7. Data • Computerized records • Manual filing systems

  8. Personal Data • Data which essentially relates to a living individual who can either be identified from that information on its own or from that and other information available to the Data Controller. i.e. name and address, date of birth, qualifications, income level, employment history.

  9. Sensitive Personal Data • Information deemed personal and sensitive includes- racial and ethnic origin- political opinions or trade union membership- religious or similar beliefs- health or sexual life- criminal offences • If processing this type of data it is advisable to seek guidance

  10. Isanamepersonalinformation? Mike David Mike Hall David King

  11. Processing • Any activity whatsoever that involves Personal Data, held either electronically or manually, which is undertaken by the Data Controller or on their behalf by the Data Processor.i.e. consulting information, retrieving it, disclosing it,creating copies etc

  12. Data Subject • Is the living individual that the information that is held by the Data Controller applies to.

  13. The Act’s Principles • There are eight legally enforceable principles which lie at the heart of our data protection legislation • These can be referred to as good information handling practice

  14. Over 20 Exemptions • Information for the detection or the prevention of Crime • Disclosure may result in serious harm to health • Statistical or historical information • Employment references • Information consisting of records of the intention of the data controller to carry out negotiations • Legal professional privilege

  15. ADC’s Data Protection Policy Covers - • confidentiality of personal information • staff to comply with Data Protection Code of Practice • to be aware of the Data Protection Act • council will not hold more information than is necessary for the performance of its functions • subject access requests dealt with through specified procedure • responsibility for maintaining council’s compliance undertaken via corporate function • Heads of Service responsible for compliance in each section

  16. Data Protection In Practice

  17. Data Subject Access Upon making a request in writing and upon paying the fee to the data controller an individual is entitled • To be told by the data controller whether they or someone else on their behalf is processing the individuals data • if so, to be given a description of a. the personal datab. the purposes for which they are being processed, andc. those to whom they are or may be disclosed

  18. Dealing with a Data Subject Access Request Request For Personal Information N.B. if non-personal info is requested follow Request Handling Procedure for Non-Personal Information Other Office’s Main Office Contact Designated Officer Unobtainable Issue the(Your Right To Know)leaflet

  19. Police Requests • Must be in writing • Preferably on the recognised Police Form • Must indicate the section of the Act under which access is requested • Must be countersigned by a team leader or above who must be satisfied of validity • Must relate to an individual and not be a trawl for information

  20. Councillors Access to the Authority’s Personal Data Disclosure of information to Councillors is essential if they are to carry out their (statutory) duties as a member of the council

  21. Councillors Access to the Authority’s Personal Data cont. A Councillor requesting access to information about matters dealt with by a committee of which he/she in NOT a member must demonstrate a need to know. Any use of data for purposes other than those specified could result in the Councillor acting illegally.

  22. Security - In Practice Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing and against accidental loss, damage or destruction of personal data Data Protection Act 1998 • IT Security Policy • Data Protection Code of Practice

  23. Security - In Practice contd. leaving laptops on the bus sensitive papers left on desks insecure filing taking sensitive documents home sending documents with personal information to the wrong printer or fax, leaving them on the photocopier sensitive documents on shared networks

  24. Disclosure - In Practice DO NOT disclose personal information without authority. Personal data should not be disclosed to any person except where - • disclosure is permitted under the Act’s exemptions, or • consent has been given by the data subject Unauthorised disclosure may lead to disciplinary action IF IN DOUBT CONSULT YOUR MANAGER

  25. DataProtectionOffences • It is a criminal offence to destroy or erase information after a request has been received. • It is an offence to knowingly or recklessly obtain, disclose or procure the disclosure of personal information without the consent of the data controller. • If a person has obtained personal information illegally it is an offence to offer or to sell personal information. Gross Misconduct Lose your job? And the penalty if you do? Currently – A fine of up to £5,000 per offence + £5,000 costs Recently proposed – A fine of up to £5,000 per offence + £5,000 costs AND up to 2 years imprisonment

  26. Comfort Break

  27. Freedom of Information Act 2000Environmental Information Regulations 2004

  28. Access to Information around the World 1985 1998 2005 1966 1989 1982

  29. Freedom of Information Act 2000 “to engineer change in the culture of public life from one of a need to know to one of a right to know.” Richard ThomasInformation CommissionerOctober 2004

  30. The reality • Covers all information “held”, regardless of the format • Fully retrospective • Anyone can request information, with no reason provided and we have no right to ask. • Provide “reasonable” advice and assistance • Requests for information to be dealt with in 20 working days • There is NO exemption for embarrassment!

  31. Who will make use of access? • The public • The media • Pressure groups • Commercial Organisations • Current or former employees • Anyone worldwide.

  32. ADC Information Requests • All emails between XXX officer and third party • All files you hold on me • What criteria does the Council use to determine the positioning of speed bumps • how many premises have failed food inspections • All information relation to XXX planning applications • Avg number of staff sick days • How many meeting have Councillors failed to attend • The CEO job description and salary paid • How many members of staff have been disciplined for accessing inappropriate websites • How well are you prepared against mosquito borne diseases – West Nile Virus & Malaria • Do you chip your wheelie bins and what do you use the information for 126 in 2007 risen to 234 in 2008 2009???

  33. A Request now what?

  34. Rights of the applicants • A right to be told whether the information requested is held & • To have that information communicated to them.

  35. What is a request? • Wanting access to information that the authority holds • Could be: - committee agenda - report - minutes of meeting - analysis - costs - emails or notes Held in any format.

  36. Beware!!!!! • File notes • Comments made on reports • Draft copies • Photocopies • Duplicate files/filing systems • Emails

  37. What is being asked for? Is a red car with a horse a Ferrari?

  38. Not always! Ensure you know what is being asked for

  39. When is a request valid ? • The request can be in any format –written note, (email, fax)verbal (telephone, reception, on-site) • A name and contact details are reqd • Information requested must be described.

  40. How much assistance to be given? • Section 16 mentions “reasonable” assistance • As much assistance that is required to ensure the request is understandable & • Meets the requestors need • DO NOT ask what purpose the information is required for.

  41. Request Handling Procedure for Non-Personal Information Request For Information N.B. if personal info is requested follow DP Procedure Service Area releases Via Reception Happy to release?Have done so in past? YES Via Switchboard NO Via Email/Mail/Fax Via Employee Scrutiny & Policy (Information Management) Fast track? Line Manager

  42. Fast-Track Card • Method of short-cutting request handling procedure • Provides the option for the Requestor to deal directly with Information Handling Section • Can only be suggested, must never be forced • If refused, request must still be taken.

  43. Fast-Track Card

  44. Summary • Be aware of requests • Don’t ignore them • Follow the procedure • Date stamp if possible • If in doubt ASK.

More Related