Data Protection, Freedom of Information and Information/Records Management.
-
Upload
shona-marshall -
Category
Documents
-
view
214 -
download
1
Transcript of Data Protection, Freedom of Information and Information/Records Management.
Information governance
Data Protection, Freedom of Information and Information/Records Management
What is information governance? According to Gartner:
the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals
Information governance
Complying with
Data Protection Act Freedom of Information Act Environmental Information Regulations Cookies Directive RIPA Whatever the EU and the government come up
with next
What does this mean in practice
Internal
Information security Records management
External Legislation Guidance from ICO Case law from the Information Tribunal and
other courts Standards
Tools for compliance
Covers personal information of living individuals Eight principals – fairness, specified purpose,
relevance, accuracy, retention, rights of data subjects, security, transfer outside EEA
Sensitive personal data defined e.g. health Conditions for processing
Schedule 2 for general Schedule 3 for sensitive
Subject access requests Requests for changes to personal information
Data Protection Act
Things we do
Policy coming – some guidance already available Breach procedure coming – tell us as soon as
possible Transfers outside the School procedure Embedded in project planning process
When talking to people about their IT projects, remember to raise DP issues if the system will require processing of personal information
Handle subject access requests – sometimes have to contact IT services for this
Complying with the DPA
Respond to requests in 20 working days Have to be in writing More than 18 hours work breaches cost limit Some exemptions available – public interest
test, prejudice test, time test Publication scheme Datasets – will be required to provide in
machine readable format
Freedom of Information Act
Cover environmental information only Like FoI, must respond in 20 working days Unlike FoI
Requests can be made verbally Has exceptions rather than exemptions All public interest test
Environmental Information Regulations
Records management blurring into information
management Records are evidence of decisions made and action
taken – more formal than information However, more or less treated the same these
days Main issues are:
Finding information, particularly that produced by other staff
Sharing information securely outside shared drives Disposing of information – particularly electronic
Records and information
management
Retention schedules set out how long records/info needs
to be kept legally Fairly easy with paper – box up, send to storage, destroy
when reach disposal date or use confidential waste sacks. Not so easy with electronic
Can use time trigger but when from? Date created? Date last used? What if not used for four years but relates to H&S accidents which need to be kept for 40 years?
Applying time triggers at which level? Document? Folder? Deletion from systems like SITS – can you even do it or just
wait until system is replaced? Latter not good enough for ICO
Information disposal
Any questions?