Date post: | 25-Dec-2015 |
Category: |
Documents |
Upload: | claud-miles |
View: | 214 times |
Download: | 0 times |
Information Governance
Sylvia Reynolds
Senior Resources Officer / Information Governance Manager
What is Information Governance? • Information Governance is an overarching
term that we use to cover managing information that is held in any form – i.e. creation, handling, sharing storing and disposal
BenefitsKnowledge/Change Management
Reduce physical and electronic storage space
Enable mobile / home working
Reduce risks
Better service to the public
Data Protection
Freedom of Information
Environmental Information
Information Security
Information Sharing
Records Management
Regulation of Investigatory
Powers Act 2000
Information Strategy/Policies
National Information
Standards
Ownership and Responsibility• The Council, elected members, employees
and partnering organisations all have a duty to ensure that both business and personal information is dealt with legally, securely, efficiently and effectively, in order to deliver the best possible services
• Information Commissioner has power to issue monetary penalties of up to £500,000
IT- Destruction - Brighton and Sussex University Hospitals NHS Trust fined £325,000. Personal data of tens of thousands of patients and staff on hard drives sold on internet
Email to wrong recipients 3 times - Surrey County Council fined £120,000 – group email, 361 addresses.
Fax to wrong recipients twice - Hertfordshire County Council was fined £100,000 - Child sex abuse.
Unencrypted laptop - Sheffield-based A4e provides information on employment and starting a business 24,000 people affected - fined £60,000.
Paper Records Theft from Home - Barnet £70,000 - names, addresses, dates of birth and details of the sexual activities of 15 vulnerable children or young people. Social worker took the paper records home to work on them out of hours.
ICO Penalties Issued
Prosecutions
Individuals – criminal or malicious intent can be fined up-to £5000
• A Slough letting agent obtained details about their tenants from an employee at Slough Borough Council - Used by the company to chase up their tenant’s outstanding debts
• Selling Personal Information- A&E reception NHS patient information - to personal injury claims company.
• Receptionist at a GP Surgery- on 15 separate accessing ex husbands new wife medical records
Call for custodial sentences
Call for compulsory Data Protection audits
Incidents2 Significant incidents 50 More incidents in 2012
Data Protection Audit – Limited Assurance
Actions required•ICO Action Plan
•Corporate ownership•Awareness/Training•Standardisation•Enforcement•Information Amnesty
Risks in Middlesbrough
Roles & Responsibilities• Senior Information Risk Owner - Set strategic
direction ,Ensures there is accountability throughout the Council
• Information Governance Manager – Develop corporate standards and policies, operational advice/guidance to staff
• Information Working Group - Agreeing an ongoing programme of work to improve Information Governance within their department and within the Council
• Audit - ensure compliance against corporate Standards/Policies
Information Governance Team
Monitor ICO /Audit Action Plans
Information Requests - Supporting Service Areas
Compliance audits
Policy reviews
Incident management
Advise on investigations.
Information Commissioner’s Complaints
Mandatory Training Programme
Develop an Information Strategy
Develop a Corporate Information Sharing Protocol
Facilitate a more proactive approach to developing standards, liaison with the Caldicott Guardians, ICT and transformation projects.
Monitor and authorise RIPA Applications
Cases/Requests 2012
Data Protection/Subject Access Requests
42
Freedom of Information/Environmental Information
1064
Information Security Incidents 52
RIPA applications 24
Further Information
END
EXAMPLES OF MBC INCIDENTS CAUSE TYPE DATA
Car Break in to car window when it was parked and double locked but unattended.
ID badge, an entry Fob, a diary containing 11 patients initials 8 of which also had their addresses & a notebook containing initials and assessment details of patent's/service users
Memory Stick
Partner information - Transferred to a third party unencrypted lap top
Forensic Social care Files containing sensitive personal data of 24 service users total of 216 docs.
Email Email & attachment to wrong internal group e-mail address - approx 150 recipients
Child Protection / Domestic Violence Referral
Filing Cabinet
Files found in stored furniture redundant after office move
Confidential Youth offending case files
Hard drive Staff Personal hard drive sold on Ebay
Containing CFL client information
Partner Laptop theft -
Domiciliary Care provider - Allied - broken into and 2 laptops stolen.
Names and addresses of Social care clients in receipt of domiciliary care. Allied's IT support have assured them all data is safe need pin numbers and are encrypted.
EXAMPLES OF MBC INCIDENTS
CAUSE TYPE DATA
Manual Transporting Information
Gust of wind blew document out of technician's hand - unable to retrieve
Sensitive personal data re a client and a name and work details of an employee
Brief case An open briefcase found at the Deaf Centre.
Details of 6 children with disabilities.
Letter Sent to wrong address Sensitive personal data - core assessment form
Courier Box of approximately 20 children’s case files left in a corridor by a courier when office it was addressed to was locked.
Children's case files for archive