Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland &...
-
Upload
emma-osborne -
Category
Documents
-
view
216 -
download
1
Transcript of Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland &...
![Page 1: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/1.jpg)
Local Government Reformand Compliance with the DPA
Ken MacdonaldAssistant Commissioner (Scotland & Northern Ireland)Information Commissioner’s Office2 December 2014
![Page 2: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/2.jpg)
Contents
• Local Government Reorganisation
• Data Protection Principles
• Meeting the Principles
![Page 3: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/3.jpg)
Local Government Reorganisation
Existing powers
New organisation
![Page 4: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/4.jpg)
Local Government Reorganisation
Transferred powers
New organisation
![Page 5: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/5.jpg)
Data Protection Principles
The DPA is underpinned by a set of eight straightforward, common sense principles that organisations should follow. They state that personal data should be:
1) Processed fairly and lawfully2) Processed for specified purposes3) Adequate, relevant and not excessive 4) Accurate and up to date 5) Held for no longer than is necessary 6) Processed in accordance with the rights of individuals 7) Kept secure 8) Transferred outside the EEA only with adequate protection
![Page 6: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/6.jpg)
Principle 1 – Fair and LawfulProcessingPersonal data shall be processed fairly and lawfully
• Register with the ICO
• Inform service users of forthcoming change…….…………..and again after reorganisation
• Have Retention and Disposal Schedules approved
![Page 7: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/7.jpg)
Principle 2 – Processing for Specified PurposesPersonal data shall be obtained only for one or more specified
and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
• Review Privacy Policies
• Integrate where appropriate
• Ensure any new uses for the information are fair
![Page 8: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/8.jpg)
Principle 3 –Adequate, Relevant and Not ExcessivePersonal data shall be adequate, relevant and not excessive in
relation to the purpose or purposes for which they are processed.
•Undertake a data audit
•Review need
•Dip sample, where appropriate
![Page 9: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/9.jpg)
Principle 4 –Accurate and Up to DatePersonal data shall be accurate and, where necessary, kept up to date.
•Take appropriate steps to ensure accuracy
•Test new integrated systems with dummy data
•Ensure records are up-to-date where necessary
•Dip sample
![Page 10: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/10.jpg)
Principle 5 – Hold for no longer
than is necessaryPersonal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
• Use the opportunity to weed systems
• Consider statutory and business requirements
• Prepare revised and extended Retention & Disposal Schedules
![Page 11: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/11.jpg)
Principle 6 – Process in Accordancewith the Data Subject’s RightsPersonal data shall be processed in accordance with the rights of
data subjects under this Act.
•Be aware of what information is held
•Consider issues around processing likely to cause damage or distress
•Stop direct marketing if requested. Abide by PECR for electronic marketing
•Put policies and procedures in place
![Page 12: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/12.jpg)
Principle 7 - Security
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
•Secure disposal and/or transfer to new authority
•Data/system compatibility
•Encryption of all mobile devices
•Home/mobile working policies
![Page 13: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/13.jpg)
Principle 8 -Transfer outside of EEA
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
•If using cloud computing ensure the server is located within the EEA
![Page 14: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/14.jpg)
All Principles:
![Page 15: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/15.jpg)
Learn from others(what not to do)
![Page 16: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/16.jpg)
Department of Justice (NI)£185,000A monetary penalty notice of £185,000 was served on the
Department of Justice (NI) after a cabinet containing details of a terrorist incident was sold at auction.
![Page 17: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/17.jpg)
London Borough of Lewisham £70,000 CMP A CMP of £70,000 was imposed on the Council after a social worker left sensitive documents in a plastic shopping bag on a train, after taking them home to work on. The files, which were later recovered from the rail company’s lost property office, included GP and police reports and allegations of sexual abuse and neglect.
![Page 18: Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.](https://reader035.fdocuments.in/reader035/viewer/2022062720/56649f125503460f94c24cd5/html5/thumbnails/18.jpg)
Aberdeen City Council£100,000 CMP A council employee inadvertently uploaded four documents containing sensitive personal information about children and families on to the internet whilst home-working using an infected second-hand PC. A home working and data protection policy was in place at the time of the breach but the technical measures to assist staff to adhere to it were not provided. The Council was fined £100k.