central scotland police data protection & information security stuart macfarlane information...
TRANSCRIPT
![Page 1: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/1.jpg)
CENTRAL SCOTLAND POLICE
Data Protection&
Information Security
Stuart MacfarlaneInformation Governance Unit
Police Service of Scotland
![Page 2: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/2.jpg)
CENTRAL SCOTLAND POLICE
Data Protection? Information Security?
What’s the difference??
![Page 3: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/3.jpg)
CENTRAL SCOTLAND POLICE
Data ProtectionCurrent Requirements
Personal Data Processing of that data Data from which a person can be
identified, e.g. name, date of birth, reference number, video image
Applies to a living individual - the Act itself provides no protection after death but Force policy has an impact.
![Page 4: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/4.jpg)
CENTRAL SCOTLAND POLICE
Data ProtectionRelevant Legislation
Data Protection Act 1998 Human Rights Act 1998 Computer Misuse Act 1990 Copyright Designs & Patents
Act 1988 Freedom of Information
(Scotland) Act 2002
![Page 5: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/5.jpg)
CENTRAL SCOTLAND POLICE
Data - what’s that?
![Page 6: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/6.jpg)
CENTRAL SCOTLAND POLICE
Data Protection Act 1998
• Registered Purpose – Policing
The prevention and detection of crimeThe apprehension and prosecution of offendersThe protection of life and propertyThe maintenance of law and orderRendering assistance to the publicVetting and LicencingPublic Safety
![Page 7: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/7.jpg)
CENTRAL SCOTLAND POLICE
Data Protection Act 1998
• The Act imposes strict conditions on the PROCESSING of personal data
“Processing means obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data”
i.e. anything we do with the data
![Page 8: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/8.jpg)
CENTRAL SCOTLAND POLICE
Data Protection Act 1998
• The Eight Data Protection principles
• Processed fairly and lawfully• Only obtained for a specified purpose• Data shall be relevant, adequate and not excessive• Data shall be accurate and kept up to date• Data shall not be kept longer than is necessary• Data shall be processed in accordance with rights of data
subjects• Appropriate measures shall be taken against unlawful or
unauthorised processing and against loss, destruction or damage to data
• Data shall not be transferred outside the EEA unless adequate protection exists for the rights and freedoms of individuals
![Page 9: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/9.jpg)
CENTRAL SCOTLAND POLICE
Data Protection Act 1998
• Sensitive personal data
Racial or ethnic origin Political opinions Religious beliefs or beliefs of a similar nature Membership of a Trade Union Details of physical or mental health Details of sexual life Commission or alleged commission of any offence Details of any proceedings for any offence committed or alleged
to have been committed, the disposal of such proceedings or the sentence of the court in such proceedings
![Page 10: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/10.jpg)
CENTRAL SCOTLAND POLICE
Disclosing Data To Others In general can only be released for a
purpose in line with Policing Ask the 3 important questions WHO wants the data? WHY do they want it? WHAT are they going to do with it?
If you get it wrong there is a
personal liability
UNLIMITED FINEUNLIMITED FINE
![Page 11: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/11.jpg)
CENTRAL SCOTLAND POLICE
Data ProtectionIndividual Rights
Any data subject has the right of access to their personal data
The data subject has the right to demand the correction or deletion of inaccurate data
The data subject has the right to compensation if they have suffered damage or distress
SUBJECT ACCESS - £10 fee
![Page 12: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/12.jpg)
CENTRAL SCOTLAND POLICE
Data ProtectionDPO Responsibilities
The Data Protection Department
Ensures all force systems are compliant Maintains Data Protection Register entries Gives advice and assistance Liaises with other agencies Prepares information sharing protocols
AUDITS EVERYONE!
![Page 13: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/13.jpg)
CENTRAL SCOTLAND POLICE
Data ProtectionResponsibility of Users
YOU MUST Have a working knowledge of the Act Apply the principles as you work Take notebook entries Ensure the data you are processing is
Accurate Relevant
Up to dateSECURE
![Page 14: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/14.jpg)
CENTRAL SCOTLAND POLICE
Data Protection
Questions?
![Page 15: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/15.jpg)
CENTRAL SCOTLAND POLICE
Information SecurityInformation Security
Information security is all about protecting Force information from a wide range of risk sources.
Information is an asset, and the lifeblood of the Police Service.
![Page 16: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/16.jpg)
CENTRAL SCOTLAND POLICE
Threats to Information Threats to Information SecuritySecurity
Loss of information - CONFIDENTIALITY
Loss of information - INTEGRITY
Loss of information – AVAILABILITY
C.I.A.
![Page 17: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/17.jpg)
CENTRAL SCOTLAND POLICE
Threats come from:- Risk Threats come from:- Risk Sources…….Sources…….
Internal – Employees Visitors Partner agency workers Contractors External - Criminals Journalists Information brokers Activists NATURAL DISASTERS
![Page 18: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/18.jpg)
CENTRAL SCOTLAND POLICE
Information Security Information Security Applies to….Applies to….
Paper communications
Radio & telephone.
Conversation.
I.T. - Force network, PCs, Laptops, PDAs, magnetic media.
Internet & e-mail.
![Page 19: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/19.jpg)
CENTRAL SCOTLAND POLICE
Information Security Information Security Covers…….Covers…….
I.T.
Buildings/vehicles (Physical)
Information management
Personnel
![Page 20: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/20.jpg)
CENTRAL SCOTLAND POLICE
The Basics
Warrant Cards/IDs.
Destruction.
Clear desk policy.
Passwords/logging out.
E-mail/Internet use.
Viruses.
Desktop software.
Access control.
![Page 21: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/21.jpg)
CENTRAL SCOTLAND POLICE
Government Protective Marking Scheme (G.P.M.S.)
• Information is graded into the following grades:-
• NOT PROTECTIVELY MARKED• PROTECT• RESTRICTED• CONFIDENTIAL• SECRET• TOP SECRET
![Page 22: CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland](https://reader036.vdocument.in/reader036/viewer/2022070323/56649dc65503460f94ab9f47/html5/thumbnails/22.jpg)
CENTRAL SCOTLAND POLICE
InformationInformation SecuritySecurity
Questions?