(Attachment: 4)Presentation (2M/bytes)

Information Governance
Sylvia Reynolds
Senior Resources Officer / Information
Governance Manager
What is Information Governance?
• Information Governance is an
overarching term that we use to
cover managing information that is
held in any form – i.e. creation,
handling, sharing storing and
disposal
Data Protection
Freedom of Information
Environmental Information
Information Security
Information Sharing
Benefits
Records Management
Knowledge/Change Management
Reduce physical and electronic storage
space
Enable mobile / home working
Reduce risks
Better service to the public
Regulation of Investigatory
Powers Act 2000
Information Strategy/Policies
National Information
Standards
Ownership and Responsibility
• The Council, elected members, employees
and partnering organisations all have a
duty to ensure that both business and
personal information is dealt with legally,
securely, efficiently and effectively, in
order to deliver the best possible services
• Information Commissioner has power
to issue monetary penalties of up to
£500,000
ICO Penalties Issued
 IT- Destruction - Brighton and Sussex University Hospitals
NHS Trust fined £325,000. Personal data of tens of thousands
of patients and staff on hard drives sold on internet
 Email to wrong recipients 3 times - Surrey County Council fined
£120,000 – group email, 361 addresses.
 Fax to wrong recipients twice - Hertfordshire County Council
was fined £100,000 - Child sex abuse.
 Unencrypted laptop - Sheffield-based A4e provides information
on employment and starting a business 24,000 people affected
- fined £60,000.
 Paper Records Theft from Home - Barnet £70,000 - names,
addresses, dates of birth and details of the sexual activities of
15 vulnerable children or young people. Social worker took the
paper records home to work on them out of hours.
Prosecutions
Individuals – criminal or malicious intent
can be fined up-to £5000
•
A Slough letting agent obtained details about their
tenants from an employee at Slough Borough Council Used by the company to chase up their tenant’s
outstanding debts
•
Selling Personal Information- A&E reception NHS
patient information - to personal injury claims company.
•
Receptionist at a GP Surgery- on 15 separate
accessing ex husbands new wife medical records
Call for custodial sentences
Call for compulsory Data Protection audits
Risks in Middlesbrough
Incidents
2 Significant incidents
50 More incidents in 2012
Data Protection Audit – Limited Assurance
Actions required
•ICO Action Plan
•Corporate ownership
•Awareness/Training
•Standardisation
•Enforcement
•Information Amnesty
Roles & Responsibilities
•
Senior Information Risk Owner -
•
Information Governance Manager – Develop
Set strategic
direction ,Ensures there is accountability throughout the Council
corporate standards and policies, operational advice/guidance
to staff
•
Information Working Group - Agreeing an
ongoing programme of work to improve Information
Governance within their department and within the
Council
•
Audit - ensure compliance against corporate
Standards/Policies
Information Governance Team
Monitor ICO /Audit Action Plans
Mandatory Training Programme
Information Requests - Supporting
Service Areas
Develop an Information Strategy
Compliance audits
Policy reviews
Incident management
Advise on investigations.
Information Commissioner’s
Complaints
Develop a Corporate Information
Sharing Protocol
Facilitate a more proactive
approach to developing standards,
liaison with the Caldicott
Guardians, ICT and transformation
projects.
Monitor and authorise RIPA
Applications
Cases/Requests
2012
Data Protection/Subject Access
Requests
42
Freedom of
Information/Environmental
Information
1064
Information Security Incidents
52
RIPA applications
24
Further Information
END
EXAMPLES OF MBC INCIDENTS
CAUSE
TYPE DATA
Car
Break in to car window when it was
parked and double locked but unattended.
ID badge, an entry Fob, a diary containing 11
patients initials 8 of which also had their
addresses & a notebook containing initials and
assessment details of patent's/service users
Memory
Stick
Partner information - Transferred to a third
party unencrypted lap top
Email
Email & attachment to wrong internal
group e-mail address - approx 150
recipients
Forensic Social care Files containing sensitive
personal data of 24 service users total of 216
docs.
Child Protection / Domestic Violence Referral
Filing
Cabinet
Files found in stored furniture redundant
after office move
Hard drive
Partner
Laptop
theft -
Staff Personal hard drive sold on Ebay
Domiciliary Care provider - Allied - broken
into and 2 laptops stolen.
Confidential Youth offending case files
Containing CFL client information
Names and addresses of Social care clients in
receipt of domiciliary care. Allied's IT support
have assured them all data is safe need pin
numbers and are encrypted.
EXAMPLES OF MBC INCIDENTS
CAUSE
TYPE DATA
Manual
Transporting
Information
Gust of wind blew document out of
technician's hand - unable to retrieve
Sensitive personal data re a client and a name
and work details of an employee
Brief case
An open briefcase found at the Deaf
Centre.
Details of 6 children with disabilities.
Letter
Sent to wrong address
Sensitive personal data - core assessment form
Courier
Box of approximately 20 children’s
case files left in a corridor by a courier
when office it was addressed to was
locked.
Children's case files for archive
Download
Related flashcards

Management

– Cards

Corporate governance

– Cards

Corporate governance

– Cards

Create flashcards