close

Вход

Забыли?

вход по аккаунту

?

Data Protection and Information Security

код для вставкиСкачать
Data Protection
&
Information Security
Stuart Macfarlane
Information Governance Unit
Police Service of Scotland
CENTRAL SCOTLAND POLICE
Data Protection? Information Security?
What’s the difference??
CENTRAL SCOTLAND POLICE
Data Protection
Current Requirements
пЃ®
Personal Data
пЃ®
Processing of that data
Data from which a person can be
identified, e.g. name, date of birth,
reference number, video image
Applies to a living individual - the Act
itself provides no protection after death
but Force policy has an impact.
пЃ®
пЃ®
CENTRAL SCOTLAND POLICE
Data Protection
Relevant Legislation
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
Data Protection Act 1998
Human Rights Act 1998
Computer Misuse Act 1990
Copyright Designs & Patents
Act 1988
Freedom of Information
(Scotland) Act 2002
CENTRAL SCOTLAND POLICE
Data - what’s that?
CENTRAL SCOTLAND POLICE
Data Protection Act 1998
• Registered Purpose – Policing
The prevention and detection of crime
The apprehension and prosecution of
offenders
The protection of life and property
The maintenance of law and order
Rendering assistance to the public
Vetting and Licencing
Public Safety
CENTRAL SCOTLAND POLICE
Data Protection Act 1998
• The Act imposes strict conditions on the
PROCESSING of personal data
“Processing means obtaining, recording
or holding information or data or
carrying out any operation or set of
operations on the information or data”
i.e. anything we do with the data
CENTRAL SCOTLAND POLICE
Data Protection Act 1998
• The Eight Data Protection principles
•
•
•
•
•
•
Processed fairly and lawfully
Only obtained for a specified purpose
Data shall be relevant, adequate and not excessive
Data shall be accurate and kept up to date
Data shall not be kept longer than is necessary
Data shall be processed in accordance with rights of data
subjects
• Appropriate measures shall be taken against unlawful or
unauthorised processing and against loss, destruction or
damage to data
• Data shall not be transferred outside the EEA unless adequate
protection exists for the rights and freedoms of individuals
CENTRAL SCOTLAND POLICE
Data Protection Act 1998
• Sensitive personal data
пѓ�
пѓ�
пѓ�
пѓ�
пѓ�
пѓ�
пѓ�
пѓ�
Racial or ethnic origin
Political opinions
Religious beliefs or beliefs of a similar nature
Membership of a Trade Union
Details of physical or mental health
Details of sexual life
Commission or alleged commission of any offence
Details of any proceedings for any offence committed or alleged
to have been committed, the disposal of such proceedings or
the sentence of the court in such proceedings
CENTRAL SCOTLAND POLICE
Disclosing Data To Others
пЃ®
пЃ®
пЃ®
пЃ®
пЃ®
In general can only be released for a
purpose in line with Policing
Ask the 3 important questions
WHO wants the data?
WHY do they want it?
WHAT are they going to do with it?
If you get it wrong there is a
personal liability
UNLIMITED FINE
CENTRAL SCOTLAND POLICE
Data Protection
Individual Rights
пЃ®
пЃ®
пЃ®
пѓ„
Any data subject has the right of access to
their personal data
The data subject has the right to demand the
correction or deletion of inaccurate data
The data subject has the right to
compensation if they have suffered damage
or distress
SUBJECT ACCESS - ВЈ10 fee
CENTRAL SCOTLAND POLICE
Data Protection
DPO Responsibilities
The Data Protection Department
пЃµ
пЃµ
пЃµ
пЃµ
пЃµ
Ensures all force systems are compliant
Maintains Data Protection Register entries
Gives advice and assistance
Liaises with other agencies
Prepares information sharing protocols
AUDITS EVERYONE!
CENTRAL SCOTLAND POLICE
Data Protection
Responsibility of Users
п‚Ё
п‚Ё
п‚Ё
п‚Ё
YOU MUST
Have a working knowledge of the Act
Apply the principles as you work
Take notebook entries
Ensure the data you are processing is
пЃѓ Accurate
пЃѓRelevant
пЃѓUp to date
пЃѓSECURE
CENTRAL SCOTLAND POLICE
Data Protection
Questions?
CENTRAL SCOTLAND POLICE
Information Security
Information is an asset, and the lifeblood
of the Police Service.
Information security is all about
protecting Force information from a wide
range of risk sources.
CENTRAL SCOTLAND POLICE
Threats to Information
Security
Loss of information - CONFIDENTIALITY
Loss of information - INTEGRITY
Loss of information – AVAILABILITY
C.I.A.
CENTRAL SCOTLAND POLICE
Threats come from:- Risk
Sources…….
Internal – Employees
Visitors
Partner agency workers
Contractors
External - Criminals
Journalists
Information brokers
Activists
NATURAL DISASTERS
CENTRAL SCOTLAND POLICE
Information Security
Applies to….
Paper communications
Radio & telephone.
Conversation.
I.T. - Force network, PCs, Laptops, PDAs,
magnetic media.
Internet & e-mail.
CENTRAL SCOTLAND POLICE
Information Security
Covers…….
I.T.
Buildings/vehicles (Physical)
Information management
Personnel
CENTRAL SCOTLAND POLICE
The Basics
Warrant Cards/IDs.
Destruction.
Clear desk policy.
Access control.
Passwords/logging out.
E-mail/Internet use.
Viruses.
Desktop software.
CENTRAL SCOTLAND POLICE
Government Protective Marking
Scheme (G.P.M.S.)
• Information is graded into the following
grades:• NOT PROTECTIVELY MARKED
• PROTECT
• RESTRICTED
• CONFIDENTIAL
• SECRET
• TOP SECRET
CENTRAL SCOTLAND POLICE
Information Security
Questions?
CENTRAL SCOTLAND POLICE
Документ
Категория
Презентации
Просмотров
25
Размер файла
550 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа