SlideShare ist ein Scribd-Unternehmen logo

Data protection-training

Als PPT, PDF herunterladen
James Wright
James Wright
Technologie
1 von 14
Data Protection and Freedom of Information in schools Keeping data secure, safe and legal
Why? Data Protection Act 1998 Freedom of Information (FoI) Act 2000
The Data Protection Act 1998 • The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection Act 1984. • The EU Data Protection Directive (also known as Directive 95/46/EC) is a directive adopted by the European Union designed to protect the privacy and protection of all personal data collected for or about citizens of the EU, especially as it relates to processing, using, or exchanging such data. • The Data Protection Act is how the UK implements the European Directive.
The aims of the Data Protection Act • Anyone who processes personal information must comply with the eight principles • It provides individuals with important rights, including the right to find out what personal information is held about them
The eight data protection principles Information must be: • Fairly and lawfully processed • Processed for specified purposes • Adequate, relevant and not excessive • Accurate and up-to-date • Not kept for longer than is necessary • Processed in line with individuals’ rights • Secure • Not transferred outline the European Economic Area without adequate protection
Individual rights • Right of access – individuals have a right to know what information organisations hold about them on a computer or in certain filing systems. • Individuals can submit a Subject Access Request to see or have a copy of this information.
Freedom of Information Act 2000 • An Act to make provision for the disclosure of information held by public authorities or by persons providing services for them and to amend the Data Protection Act 1998 and the Public Records Act 1958; and for connected purposes
Right of access •What? Anything •Who? Anybody •Where from? Anywhere •Why? None of your business •FoIA assumes information will be disclosed
Exemptions 7 Absolute Exemptions •S21 •S23 •S32 •S34 •S40 •S41 •S44 Information accessible by other means; National security; Court records; Parliamentary privilege; Personal information about the applicant; Information provided in confidence; Prohibition on disclosure
Exemptions 15 Qualified Exemptions • • • • • • • • • • • • • • • S22 S24 S26 S27 S28 S29 S30 S31 S36 S37 S38 S39 S40 S42 S43 Future publication; National security; Defence or armed forces; International relations; Relations within the UK The economy of the UK; Investigations/proceedings; Law enforcement; Effective conduct of public affairs; Communications with Her Majesty Health & safety; Environmental information; Personal information about third party; Legal professional privilege; Commercial interests
School specifics • Impact levels • Encryption • Questions and examples
Impact levels Example data types Impact Level IL4 Confidential IL3 Restricted or NHS Confidential IL2 Protect IL1/ IL0 eGIF requirements Aggregated reports Registration level Authentication requirements • • • • Level Three ID verification with vetting and 'need to know' measures Physical/ personal/ procedural protection with appropriate authorisation • School MIS • Teacher access to learning platform/ portals • Special educational needs (with no IL 4 data elements) • Pupil characteristic • Contact point • Health records • General student data • Learning platforms/ portals Level Two ID vetting and 'need to know' measures IAO approval Mandatory twofactor user ID, password and token Internet/virtual private network (VPN) and token Level One basic ID verification User ID and password • Google search • BBC News Anonymous Authentication not required National Pupil Database Looked-after children Witness protection SEN IL4 data elements Example networks External access Gov PC Internet to www café PDA Home Gov PC LAN Bootable USB Wi-fi 3G card Bluetooth Y1 N N Y2 N N N Y3 N3 GSI GCSx CJX Y N Y4 Y5 Encrypted internet VPN Y6 Y7 N Y8 Y1 N Y Y Y Y Y2 Y Y Y GSi CJX Internet Any
Data encryption Becta guidance states “Users may not copy or remove sensitive or personal data from the school or authorised premises unless the media is encrypted and is transported securely for storage in a secure location” What does that mean to us? •Change in the way USB sticks are used •Not just USB. Additional encryption when accessing information across the internet
Data protection-training

Empfohlen

IT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkIT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkShankar Subramaniyan
 
What is the GDPR & What does it mean for YOUR business?
What is the GDPR & What does it mean for YOUR business?What is the GDPR & What does it mean for YOUR business?
What is the GDPR & What does it mean for YOUR business?Nexsen Pruet
 
Gdpr real3
Gdpr real3Gdpr real3
Gdpr real3ssuser523513
 
GDRP
GDRPGDRP
GDRPDmytroProkhorchuk
 
Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5) Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5) Hairul Hafiz Hasbullah
 
PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
PDPA 2010 (Part 4) by Hairul Hafiz HasbullahPDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
PDPA 2010 (Part 4) by Hairul Hafiz HasbullahHairul Hafiz Hasbullah
 
Zurich Insurance Plc - Data Loss
Zurich Insurance Plc - Data LossZurich Insurance Plc - Data Loss
Zurich Insurance Plc - Data LossStuart Macdonald
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
 

Empfohlen

IT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkIT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkShankar Subramaniyan
 
What is the GDPR & What does it mean for YOUR business?
What is the GDPR & What does it mean for YOUR business?What is the GDPR & What does it mean for YOUR business?
What is the GDPR & What does it mean for YOUR business?Nexsen Pruet
 
Gdpr real3
Gdpr real3Gdpr real3
Gdpr real3ssuser523513
 
GDRP
GDRPGDRP
GDRPDmytroProkhorchuk
 
Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5) Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5) Hairul Hafiz Hasbullah
 
PDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
PDPA 2010 (Part 4) by Hairul Hafiz HasbullahPDPA 2010 (Part 4) by Hairul Hafiz Hasbullah
PDPA 2010 (Part 4) by Hairul Hafiz HasbullahHairul Hafiz Hasbullah
 
Zurich Insurance Plc - Data Loss
Zurich Insurance Plc - Data LossZurich Insurance Plc - Data Loss
Zurich Insurance Plc - Data LossStuart Macdonald
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
 
Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issuesipspat
 
Introduction to the municipal freedom of information and protection of privac...
Introduction to the municipal freedom of information and protection of privac...Introduction to the municipal freedom of information and protection of privac...
Introduction to the municipal freedom of information and protection of privac...Guinsly Mondesir
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRMartyn Ripley
 
DHR GDPR Overview
DHR GDPR OverviewDHR GDPR Overview
DHR GDPR OverviewFrank Smeekes
 
Mitigation starts now
Mitigation starts nowMitigation starts now
Mitigation starts nowJisc
 
Database design dpa 1998
Database design dpa 1998Database design dpa 1998
Database design dpa 1998SabahtHussein
 
Concepts and Rights About Data Privacy and Security
Concepts and Rights About Data Privacy and SecurityConcepts and Rights About Data Privacy and Security
Concepts and Rights About Data Privacy and SecurityMaven Logix
 
LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...Natalia Monllor
 
Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Kimberly Verska
 
Legal update
Legal updateLegal update
Legal updateRachel Aldighieri
 
Gary Davis
Gary DavisGary Davis
Gary Davisdri_ireland
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researcherskclcompbio
 
Overview of the_data_protection-act
Overview of the_data_protection-actOverview of the_data_protection-act
Overview of the_data_protection-actRodamaeLBaccay
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simpleAurora Computer Studies
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptAnil Yadav
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
3e - Data Protection
3e - Data Protection3e - Data Protection
3e - Data ProtectionMISY
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptAnil Yadav
 

Weitere ähnliche Inhalte

Was ist angesagt?

Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issuesipspat
 
Introduction to the municipal freedom of information and protection of privac...
Introduction to the municipal freedom of information and protection of privac...Introduction to the municipal freedom of information and protection of privac...
Introduction to the municipal freedom of information and protection of privac...Guinsly Mondesir
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRMartyn Ripley
 
Mitigation starts now
Mitigation starts nowMitigation starts now
Mitigation starts nowJisc
 
Database design dpa 1998
Database design dpa 1998Database design dpa 1998
Database design dpa 1998SabahtHussein
 
Concepts and Rights About Data Privacy and Security
Concepts and Rights About Data Privacy and SecurityConcepts and Rights About Data Privacy and Security
Concepts and Rights About Data Privacy and SecurityMaven Logix
 
LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...Natalia Monllor
 

Was ist angesagt? (8)

Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issues
 
Introduction to the municipal freedom of information and protection of privac...
Introduction to the municipal freedom of information and protection of privac...Introduction to the municipal freedom of information and protection of privac...
Introduction to the municipal freedom of information and protection of privac...
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
DHR GDPR Overview
DHR GDPR OverviewDHR GDPR Overview
DHR GDPR Overview
 
Mitigation starts now
Mitigation starts nowMitigation starts now
Mitigation starts now
 
Database design dpa 1998
Database design dpa 1998Database design dpa 1998
Database design dpa 1998
 
Concepts and Rights About Data Privacy and Security
Concepts and Rights About Data Privacy and SecurityConcepts and Rights About Data Privacy and Security
Concepts and Rights About Data Privacy and Security
 
LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...
 

Ähnlich wie Data protection-training

Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Kimberly Verska
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researcherskclcompbio
 
Overview of the_data_protection-act
Overview of the_data_protection-actOverview of the_data_protection-act
Overview of the_data_protection-actRodamaeLBaccay
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptAnil Yadav
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
3e - Data Protection
3e - Data Protection3e - Data Protection
3e - Data ProtectionMISY
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptAnil Yadav
 
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...CharityComms
 
Ico sme-webinar-slides-090217
Ico sme-webinar-slides-090217Ico sme-webinar-slides-090217
Ico sme-webinar-slides-090217Tony Dowling
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson LLP
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteClive Rich
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 

Ähnlich wie Data protection-training (20)

Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006Worldwide Laws Privacy Presentation 2006
Worldwide Laws Privacy Presentation 2006
 
Legal update
Legal updateLegal update
Legal update
 
Gary Davis
Gary DavisGary Davis
Gary Davis
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
 
Overview of the_data_protection-act
Overview of the_data_protection-actOverview of the_data_protection-act
Overview of the_data_protection-act
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 
3e - Data Protection
3e - Data Protection3e - Data Protection
3e - Data Protection
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
 
Ico sme-webinar-slides-090217
Ico sme-webinar-slides-090217Ico sme-webinar-slides-090217
Ico sme-webinar-slides-090217
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017
 
EU Trade Secrets Directive & Data Protection Changes
EU Trade Secrets Directive & Data Protection ChangesEU Trade Secrets Directive & Data Protection Changes
EU Trade Secrets Directive & Data Protection Changes
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19
 

Kürzlich hochgeladen

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 

Kürzlich hochgeladen (20)

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 

Data protection-training

  • 1. Data Protection and Freedom of Information in schools Keeping data secure, safe and legal
  • 2. Why? Data Protection Act 1998 Freedom of Information (FoI) Act 2000
  • 3. The Data Protection Act 1998 • The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection Act 1984. • The EU Data Protection Directive (also known as Directive 95/46/EC) is a directive adopted by the European Union designed to protect the privacy and protection of all personal data collected for or about citizens of the EU, especially as it relates to processing, using, or exchanging such data. • The Data Protection Act is how the UK implements the European Directive.
  • 4. The aims of the Data Protection Act • Anyone who processes personal information must comply with the eight principles • It provides individuals with important rights, including the right to find out what personal information is held about them
  • 5. The eight data protection principles Information must be: • Fairly and lawfully processed • Processed for specified purposes • Adequate, relevant and not excessive • Accurate and up-to-date • Not kept for longer than is necessary • Processed in line with individuals’ rights • Secure • Not transferred outline the European Economic Area without adequate protection
  • 6. Individual rights • Right of access – individuals have a right to know what information organisations hold about them on a computer or in certain filing systems. • Individuals can submit a Subject Access Request to see or have a copy of this information.
  • 7. Freedom of Information Act 2000 • An Act to make provision for the disclosure of information held by public authorities or by persons providing services for them and to amend the Data Protection Act 1998 and the Public Records Act 1958; and for connected purposes
  • 8. Right of access •What? Anything •Who? Anybody •Where from? Anywhere •Why? None of your business •FoIA assumes information will be disclosed
  • 9. Exemptions 7 Absolute Exemptions •S21 •S23 •S32 •S34 •S40 •S41 •S44 Information accessible by other means; National security; Court records; Parliamentary privilege; Personal information about the applicant; Information provided in confidence; Prohibition on disclosure
  • 10. Exemptions 15 Qualified Exemptions • • • • • • • • • • • • • • • S22 S24 S26 S27 S28 S29 S30 S31 S36 S37 S38 S39 S40 S42 S43 Future publication; National security; Defence or armed forces; International relations; Relations within the UK The economy of the UK; Investigations/proceedings; Law enforcement; Effective conduct of public affairs; Communications with Her Majesty Health & safety; Environmental information; Personal information about third party; Legal professional privilege; Commercial interests
  • 11. School specifics • Impact levels • Encryption • Questions and examples
  • 12. Impact levels Example data types Impact Level IL4 Confidential IL3 Restricted or NHS Confidential IL2 Protect IL1/ IL0 eGIF requirements Aggregated reports Registration level Authentication requirements • • • • Level Three ID verification with vetting and 'need to know' measures Physical/ personal/ procedural protection with appropriate authorisation • School MIS • Teacher access to learning platform/ portals • Special educational needs (with no IL 4 data elements) • Pupil characteristic • Contact point • Health records • General student data • Learning platforms/ portals Level Two ID vetting and 'need to know' measures IAO approval Mandatory twofactor user ID, password and token Internet/virtual private network (VPN) and token Level One basic ID verification User ID and password • Google search • BBC News Anonymous Authentication not required National Pupil Database Looked-after children Witness protection SEN IL4 data elements Example networks External access Gov PC Internet to www café PDA Home Gov PC LAN Bootable USB Wi-fi 3G card Bluetooth Y1 N N Y2 N N N Y3 N3 GSI GCSx CJX Y N Y4 Y5 Encrypted internet VPN Y6 Y7 N Y8 Y1 N Y Y Y Y Y2 Y Y Y GSi CJX Internet Any
  • 13. Data encryption Becta guidance states “Users may not copy or remove sensitive or personal data from the school or authorised premises unless the media is encrypted and is transported securely for storage in a secure location” What does that mean to us? •Change in the way USB sticks are used •Not just USB. Additional encryption when accessing information across the internet