Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.
-
Upload
loren-seward -
Category
Documents
-
view
215 -
download
0
Transcript of Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.
![Page 1: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/1.jpg)
Slide 1
Wednesday, 3 July 2013Sir George Monoux College
Data Protection: Data Protection: Confident in ComplianceConfident in Compliance
![Page 2: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/2.jpg)
Slide 2
Hi!• Jason Miles-Campbell
JISC Legal Service Manager• jason.miles-campbell
@jisclegal.ac.uk• 0141 548 4939• www.jisclegal.ac.uk
![Page 3: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/3.jpg)
Slide 3
![Page 4: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/4.jpg)
Slide 4
Law, ICT and Data ProtectionLaw, ICT and Data Protection
![Page 5: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/5.jpg)
Slide 5
Have you heard of JISC Legal before?
1. 2. 3. 4. 5.
12%
18%
47%
24%
0%
1. Hello again, Jason2. Yes, fairly often3. Yes, used occasionally4. Vague acquaintance5. What’s that, then?
![Page 6: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/6.jpg)
Slide 6
When it comes to data protection...
1. 2. 3. 4. 5.
0%
94%
0%0%6%
1. I’m confident2. I’ve a fair idea3. I dabble4. I ask others5. I hide in the toilet
![Page 7: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/7.jpg)
Slide 7
Relevant LawRelevant Law
• Data Protection Act 1998
• Freedom of Information Act 2000
• Privacy and Electronic Comms Regs 2003
• Protection of Freedoms Act 2012
• www.ico.gov.uk
![Page 8: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/8.jpg)
Slide 8
Why Comply?
1. It’s the law2. Good business practice 3. Sets a good example 4. Confidence 5. Risk (id theft)
1. 2. 3. 4. 5.
75%
13% 13%
0%0%
![Page 9: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/9.jpg)
Slide 9
Common ScenariosCommon Scenarios
• A parent requests information on son’s progress
• Police request information on one of your students
• A tutor asks to see a reference supplied by her supervisor
• An employer requests information on an employee’s attendance
• Personal details of a student disclosed in confidence appear on FB
• A staff mobile phone containing sensitive data is lost
• Internal sharing of data amongst staff
• External sharing of data
- ALL have DP compliance implications
![Page 10: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/10.jpg)
Slide 10 1010
Data Protection Essentials
“Data protection ..regimes…do not seek to protect data itself, rather they seek to provide the individual with a degree of control over the use of their personal data”
“data privacy regimes do not seek to cut off the flow of data, merely to see that it is collected and used in a responsible and, above all, accountable, fashion”
Source: DP Code of Practice for FE and HE
Criminal Justice and Immigration Act 2008 – gives ICO power to impose fines direct for serious security breaches
![Page 11: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/11.jpg)
Slide 11 11
Understanding Your Duties
• Data Subject
• Data Controller
• Data Processor
• Processing
![Page 12: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/12.jpg)
Slide 12
Which one of the following is likely to be covered by the DPA?
1 2 3 4
25% 25%25%25%1. a deceased staff member’s email
account2. Student ID numbers in a VLE3. documents relating to a disciplinary
matter4. ‘John Smith’ on a post-it on a monitor
![Page 13: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/13.jpg)
Slide 13
The Age of Data Protection
1. From birth2. From age 53. From age 124. From age 165. From age 18
1. 2. 3. 4. 5.
94%
0% 0%6%
0%
From what age does DP apply to protect someone?
![Page 14: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/14.jpg)
Slide 14 14
What is Personal Data?
• Any information which relates to an
identified or identifiable person
• Living persons
• Must be significant biographical
information which affects privacy
• Sensitive personal data
![Page 15: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/15.jpg)
Slide 15
1: fair and lawful2: limited purposes3: adequate, relevant and not excessive4: accurate and current5: no kept longer than necessary6: respect the rights of the individual7: appropriate security8: transfer outside EEA needs adequate protection
The Eight DP PrinciplesThe Eight DP Principles
![Page 16: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/16.jpg)
Slide 16
The 8 Data Protection The 8 Data Protection PrinciplesPrinciples
Data Protection Act 1998
![Page 17: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/17.jpg)
Slide 17
1: Fair and Lawful
Requires:•Information•Consideration of competing interests (benefits of processing v privacy)•Judgement as to whether a ‘Schedule 2 Condition” has been met
![Page 18: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/18.jpg)
Slide 18 18
Fair and Lawful Processing
Fair processing –
• A processing notice – transparency
• Weighing up interests v privacy
• Would you be happy?
![Page 19: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/19.jpg)
Slide 19 19
Fair and Lawful Processing
Lawful processing -To process, a Schedule 2 condition must be met:• Consent• Legitimate interest of the data controller• Fulfilment of a contractual obligationMore stringent conditions for ‘sensitive’
personal data
![Page 20: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/20.jpg)
Slide 20
The Age of Data Protection
1. From birth2. From age 53. From age 124. From age 165. From age 18
1. 2. 3. 4. 5.
8%
0%
15%
62%
15%
From what age can someone give DP consent?
![Page 21: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/21.jpg)
Slide 21
One of these is fair and lawful. Which?
1 2 3
0% 0%0%
1. The college releases details on student attendance to a parent
2. The college collects name and contact details of all students
3. A tutor puts personal information about a student on Facebook
![Page 22: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/22.jpg)
Slide 22
Sensitive Personal Data
• Explicit consent• Fulfilment of employment law• Protection of vital interests• Needed for administration of justice /
legal proceedings
![Page 23: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/23.jpg)
Slide 23
2: Limited Purposes
• Consider all uses and future uses
• State the purposes when collecting the data
• Stick to using the data for those purposes
• If a further purpose arises, you need to seek further consent
![Page 24: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/24.jpg)
Slide 24
Clarity of Purpose
1. Purpose is clear2. Could be clearer3. No clarity at all
1. 2. 3.
33% 33%33%
![Page 25: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/25.jpg)
Slide 25
A SampleData Protection Statement
JISC Legal undertake to treat your personal data in accordance with the provisions of the Data Protection Act 1998. The data given will only be used to register you for the JISC Legal Newsletter on the JISCmail system. You can read the details of our Privacy policy at www.jisclegal.ac.uk/privacystate.htm
![Page 26: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/26.jpg)
Slide 26
A college decides to retain all emails for a period of 10 years. Is this in line with the
DPA?
1 2 3 4
25% 25%25%25%
1. Yes2. No3. Depends4. Don’t know
![Page 27: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/27.jpg)
Slide 27
• A college collects names and addresses of students. It outsources IT support. The students start to receive targeted emails.
ScenarioScenario
![Page 28: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/28.jpg)
Slide 28
3: Adequate, Relevant, Not Excessive
• Follows from purposes
• Good records management practice
• See Jisc infoNet
• No duties with respect to personal data you no longer hold!
![Page 29: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/29.jpg)
Slide 29
4 & 5: Accuracy and Currency
• Kept up-to-date
• Kept no longer than necessary
![Page 30: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/30.jpg)
Slide 30
6: The Individual’s Rights
• S.10 Substantial prejudice
• S.12 Right to stop automatic processing
![Page 31: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/31.jpg)
Slide 31
6: The Individual’s Rights
• S.7 the Data Subject Access Request• Allows access to personal data• Exemptions:– request not in writing, or fee not paid; requester
cannot verify identity; disclosure of third party personal data; disclosure of third party as source; certain health, education social work records
![Page 32: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/32.jpg)
Slide 32
A tutor writes a reference for a student in the college. The student doesn’t get the job and makes a S.A.R. asking the college to see the reference. What should the college do?
ScenarioScenario
![Page 33: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/33.jpg)
Slide 33
7: Security
Data must be secure
(organisationally and technically)
![Page 34: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/34.jpg)
Slide 34
• Password and access, encryption for mobile devices
• Authority to transfer/share information with third
parties – see section in Code of Practice
• Compliance with recognised standards –
what the ICO expects?
• UCISA Information Security Toolkit may help
Information SecurityInformation Security
![Page 35: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/35.jpg)
Slide 35
• A college contracts with Help4U to process staff personal data to produce pay slips. Unfortunately the names, addresses, bank details and account numbers are sent to the wrong recipient. Who is liable?
Over to YouOver to You
![Page 36: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/36.jpg)
Slide 36
Who is liable?
1 2 3 4
0% 0%0%0%
1. The college as data controller2. The processor as they caused the
error3. Both the data controller and the
processor4. Neither
![Page 37: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/37.jpg)
Slide 37
A laptop is used on site to record learner
progress. A tutor wishes to work from home
so he copies the files of five students onto a
USB and takes it home. It is accidentally
dropped in the car park of the train station......
ScenarioScenario
![Page 38: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/38.jpg)
Slide 38
Security Situations
1. At your desk2. On your laptop3. On your mobile phone4. On the train5. At home
1. 2. 3. 4. 5.
63%
19% 19%
0%0%
Where are the greatest security risks?
![Page 39: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/39.jpg)
Slide 39 39
Appropriate Security
Your PCYour laptop
Your mobile phoneYour IT infrastructure / VLE
Your deskYour rubbish
![Page 40: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/40.jpg)
Slide 40
8: Transfer Out of EEA
• Data must not be transferred out of Europe without adequate security …..
![Page 41: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/41.jpg)
Slide 41
When handling personal data in your role:
1. Purpose: why are you collecting personal data,
2. Fairness: is the reason fair to the data subject and
3. Transparency: does the data subject know about it
4. Security: at an appropriate level of security
Important PointsImportant Points
![Page 42: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/42.jpg)
Slide 42
Some Scenarios……..
Over to youOver to you
![Page 43: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/43.jpg)
Slide 43
A parent asks for information on her son’s progress. Do you…
1. 2. 3. 4.
0% 0%0%0%
1. Supply it - nothing wrong in doing this
2. Supply it – he is under 183. Withhold it as she should never
access it4. Withhold it until you have
consent of her son
![Page 44: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/44.jpg)
Slide 44
A student asks his tutor if he can see the reference the tutor wrote for him. Do you
1. 2. 3.
0% 0%0%
1. Say no - he has no right to see it under DPA
2. Say yes – he is entitled under DPA to see it
3. Not sure so seek help before replying
![Page 45: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/45.jpg)
Slide 45
The police ask for information on one of your students. Do you…
1. 2. 3.
0% 0%0%
1. Supply it because it’s the police2. Supply it only when you know
what it’s for and think it is relevant information to the investigation
3. Never supply it
![Page 46: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/46.jpg)
Slide 46
The College decides to retain all emails for a period of 10 years. Is this in line with
the DPA?
1. 2. 3. 4.
0% 0%0%0%
1. Yes2. No3. Maybe4. Can I phone a friend?
![Page 47: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/47.jpg)
Slide 47
A member of staff clicks the wrong email group and instead of sending to relevant tutors, sends info
relating to student health issues to other students.
1. 2. 3.
0% 0%0%
1. The College is liable for the breach2. There is no liability, it was an
accident, not deliberate3. The member of staff is liable
not the College
![Page 48: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/48.jpg)
Slide 48
What security should be on mobile devices holding personal data?
1. 2. 3.
0% 0%0%
1. Password protection and encryption
2. None as only used on College premises
3. It depends on the type of information
![Page 49: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/49.jpg)
Slide 49
• Establish practices to protect individuals and allow the college to carry out operational business without compromising privacy.
• Address risks of data loss and invasion of privacy.
• Build DP safeguards into day to day practice.
• Ensure that this is embedded within the college (training).
Forming a StrategyForming a Strategy
![Page 50: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/50.jpg)
Slide 50
• Implement your strategy
• Share with all staff
• Training
• Records
• Future proof (technologies)
• Consistency
• Response
Policy and ProceduresPolicy and Procedures
![Page 51: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/51.jpg)
Slide 51
What proportion of your teaching staff know about your DP policy?
1. 2. 3. 4. 5.
0% 0% 0%0%0%
1. Nearly all2. A majority3. Half4. A minority5. Hardly any
![Page 52: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/52.jpg)
Slide 52
Should have a privacy statement which• Complements full DP policy • States what is done with information
collected• Cookie regulations –
in force 26 May 2012
WebsiteWebsite
![Page 53: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/53.jpg)
Slide 53
• DP policy in place and a regular review date
New developments which may affect your DP policy:
• Mechanism for conducting a privacy impact assessment at planning stage of new project
• Guidance and training for staff/student use of social networking and web 2.0 tools laptops memory sticks and other ‘mobiles’
• Information Security standards
• Website information on privacy and cookies
What should be in place?What should be in place?
![Page 54: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/54.jpg)
Slide 54
• Where the DP policy is, how to access it and its contents
• Have awareness of DP and how it may affect students, staff etc.
• That what you’re doing is covered by the data protection notice to students, staff etc.
• How to store/share personal information on and off campus
• How to keep personal information secure(mobiles, social networking)
• Where to get help
What should you know?What should you know?
![Page 55: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/55.jpg)
Slide 55
Sources of help Sources of help
• Your institution’s DP officer• Your institutional policies and procedures• [email protected] and www.jisclegal.ac.uk
(code of practice)
![Page 56: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/56.jpg)
Slide 56
Next steps?
1. 2. 3. 4. 5. 6.
0% 0% 0%0%0%0%
1. Go back and say well done!2. Start a conversation with
management3. Re-write a few policies4. Monitor what’s in place already5. Get further support6. Point at someone else and say
‘his problem!’ or ‘her problem!’
![Page 57: Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: Confident in Compliance.](https://reader036.fdocuments.net/reader036/viewer/2022062511/551b31e1550346d41a8b4edf/html5/thumbnails/57.jpg)
Slide 57 [email protected]
0141 548 4939
Questions and Follow UpQuestions and Follow Up
http://jiscleg.al/SGMCToday!