SlideShare une entreprise Scribd logo

Challenges and opportunities in the paperless NHS & beyond - A data protection perspective

Osborne Clarke
Osborne Clarke
TechnologieSanté & Médecine
1  sur  11
osborneclarke.com 0 Challenges and Opportunities in the Paperless NHS and Beyond: A Data Protection Perspective Emily Jones, Partner 4 June 2014
Data protection compliance in context osborneclarke.com
osborneclarke.com 2 Challenges Private & Confidential NHS is facing: 1. Huge increase in volumes of sensitive data 2. Public perception issues 3. Fines and enforcement action 4. Political and public pressure to improve data handling A paperless NHS will bring new challenges in these areas.
osborneclarke.com 3 Snapshot of recent health sector audit 19 audits carried out primarily with NHS Trusts by the ICO during 2013: Private & Confidential Passwords Lack of simple password controls Policies In place but compliance not always effectively monitored Record tracking • Records tracked but not all conduct audits for missing files • Concerns regarding security of physical records Fax machines Concern regarding use of fax machines for sending personal information Information governance • Appropriate risk registers • Risk assessments • Regular review
osborneclarke.com 4 Impact on suppliers Private & Confidential • Demonstrating compliance is key • The Data Protection Act 1998 says: "Appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage" • Competitive advantage for suppliers with a focussed approach to data protection using: - Data retention practices - Good management of data storage and destruction - Careful and well managed use of sub-contractors - Robust security measures - Staff reliability processes - Barriers to overseas data transfers - Regular audits and disaster recovery
osborneclarke.com 5 Improving compliance and mitigating risk Private & Confidential 1. Assign responsibility to a DPO 2. Implement a training programme 3. Review and update policies 4. Review approach to hiring sub-contractors 5. Use of encryption 6. Security breach notification 7. Insurance
osborneclarke.com 6 Non-compliance – the "so what?" question It's not only about the fines and contract breaches Private & Confidential 1. Negative impact on share value 2. Negative impact on current and future customers (private and public sector) 3. Breach of contract (liability) 4. Diversion of time and resources 5. Staff trust
osborneclarke.com 7 Opportunities Private & Confidential Big data: • Commercial use and benefits vs. concerns about identification Anonymisation: • Concern about "true anonymisation" Mobile health/agile working: • Drives efficiencies • Security and monitoring issues Tracking access to records: • Improvements to audits
osborneclarke.com 8 Private & Confidential Potential future data protection obligations Restrictions on transfers outside the EEA Keep data accurate & up-to-date Retain data for an appropriate period Respond to data subject requests Annual notification obligation Get opt in / out consent for email / SMS marketing Screen against TPS/FPS "do not call" lists Get opt-in consent to use cookies Data must be relevant and not excessive Notify ICO of security breaches (not yet compulsory for all) Knowledge/ Consent Data protection obligations DPO requirement Enhanced data subject rights: - right to be forgotten - data portability 24 / 72 hours to notify data / cyber breaches Fines to increase (>2% world- wide turnover or €1m) Expanded definition of personal data Data processor responsibility Higher level of consent required Increased use of Privacy Impact Assessments (PIAs) and emphasis on accountability Processor BCRS Annual notification scrapped
osborneclarke.com 9 Contact Emily Jones Partner T +44 (0) 117 917 3652 M +44 (0) 7824 491 293 emily.jones@osborneclarke.com
Paste end slide graphics over this grey box in slide deck

Recommandé

Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Hernan Huwyler, MBA CPA
 
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Hernan Huwyler, MBA CPA
 
Lessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy ComplianceLessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy Compliance
Black Duck by Synopsys
 
DPIA
DPIADPIA
DPIA
Martyn Ripley
 
Seeley "Necessary Protections of Privacy"
Seeley "Necessary Protections of Privacy"Seeley "Necessary Protections of Privacy"
Seeley "Necessary Protections of Privacy"
National Information Standards Organization (NISO)
 
GDPR Readiness for Software Usage Analytics
GDPR Readiness for Software Usage AnalyticsGDPR Readiness for Software Usage Analytics
GDPR Readiness for Software Usage Analytics
Revulytics Inc.
 
Hipaa privacy and security 03192014
Hipaa privacy and security 03192014Hipaa privacy and security 03192014
Hipaa privacy and security 03192014
Samantha Haas
 
MobileSecurity WhitePaper
MobileSecurity WhitePaperMobileSecurity WhitePaper
MobileSecurity WhitePaper
Hudson Valley Public Relations
 

Recommandé

Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Hernan Huwyler, MBA CPA
 
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Privacy and Money Laundering Prof. Hernan Huwyler CPA MBA
Hernan Huwyler, MBA CPA
 
Lessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy ComplianceLessons from Equifax: Open Source Security & Data Privacy Compliance
Lessons from Equifax: Open Source Security & Data Privacy Compliance
Black Duck by Synopsys
 
DPIA
DPIADPIA
DPIA
Martyn Ripley
 
Seeley "Necessary Protections of Privacy"
Seeley "Necessary Protections of Privacy"Seeley "Necessary Protections of Privacy"
Seeley "Necessary Protections of Privacy"
National Information Standards Organization (NISO)
 
GDPR Readiness for Software Usage Analytics
GDPR Readiness for Software Usage AnalyticsGDPR Readiness for Software Usage Analytics
GDPR Readiness for Software Usage Analytics
Revulytics Inc.
 
Hipaa privacy and security 03192014
Hipaa privacy and security 03192014Hipaa privacy and security 03192014
Hipaa privacy and security 03192014
Samantha Haas
 
MobileSecurity WhitePaper
MobileSecurity WhitePaperMobileSecurity WhitePaper
MobileSecurity WhitePaper
Hudson Valley Public Relations
 
cloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott JenkinscloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott Jenkins
Cloud Thing
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
Tripwire
 
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantCloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Blancco
 
Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]
Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]
Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]
Skyword Inc.
 
Keeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor ManagementKeeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor Management
Paige Rasid
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
Public Safety and Accuracy of IP Address WHOIS
Public Safety and Accuracy of IP Address WHOISPublic Safety and Accuracy of IP Address WHOIS
Public Safety and Accuracy of IP Address WHOIS
APNIC
 
Clare Sanderon, IG Solutions
Clare Sanderon, IG SolutionsClare Sanderon, IG Solutions
Clare Sanderon, IG Solutions
Investnet
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64
Alexander Davis
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
TrustArc
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?
Patrick Soenen
 
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
Rea & Associates
 
How safe and reliable are information systems?
How safe and reliable are information systems?How safe and reliable are information systems?
How safe and reliable are information systems?
blogzilla
 
The Perfect Storm - The perfect storm when cyber-attacks meet GDPR - Hernan H...
The Perfect Storm - The perfect storm when cyber-attacks meet GDPR - Hernan H...The Perfect Storm - The perfect storm when cyber-attacks meet GDPR - Hernan H...
The Perfect Storm - The perfect storm when cyber-attacks meet GDPR - Hernan H...
Hernan Huwyler, MBA CPA
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
Adrian Dumitrescu
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.
James Seville
 
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M RizviGeneral Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
Sharique Rizvi
 
Boot Camp PSD II – Third Party Access To Accounts
Boot Camp PSD II – Third Party Access To Accounts Boot Camp PSD II – Third Party Access To Accounts
Boot Camp PSD II – Third Party Access To Accounts
Osborne Clarke
 
Boot Camp - European Interchange Regulation: State of Play
Boot Camp - European Interchange Regulation: State of PlayBoot Camp - European Interchange Regulation: State of Play
Boot Camp - European Interchange Regulation: State of Play
Osborne Clarke
 
Combustibile solido secondario (CSS)
Combustibile solido secondario (CSS)Combustibile solido secondario (CSS)
Combustibile solido secondario (CSS)
Osborne Clarke
 
AeroDocs Aviation Document Control Software
AeroDocs Aviation Document Control SoftwareAeroDocs Aviation Document Control Software
AeroDocs Aviation Document Control Software
Gary Byrnes
 
Duke Energy Brand Standards Manual
Duke Energy Brand Standards ManualDuke Energy Brand Standards Manual
Duke Energy Brand Standards Manual
Bill Smith
 

Contenu connexe

Tendances

An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
Tripwire
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
TrustArc
 
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
Rea & Associates
 
How safe and reliable are information systems?
How safe and reliable are information systems?How safe and reliable are information systems?
How safe and reliable are information systems?
blogzilla
 

Tendances (17)

cloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott JenkinscloudThing GDPR Information Guide - Scott Jenkins
cloudThing GDPR Information Guide - Scott Jenkins
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
 
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay CompliantCloud Storage: How to Fight Off Data Security Threats & Stay Compliant
Cloud Storage: How to Fight Off Data Security Threats & Stay Compliant
 
Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]
Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]
Inspiring Trust and Transparency: Skyword's Compliance with GDPR [Webinar]
 
Keeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor ManagementKeeping Control: Data Security and Vendor Management
Keeping Control: Data Security and Vendor Management
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Public Safety and Accuracy of IP Address WHOIS
Public Safety and Accuracy of IP Address WHOISPublic Safety and Accuracy of IP Address WHOIS
Public Safety and Accuracy of IP Address WHOIS
 
Clare Sanderon, IG Solutions
Clare Sanderon, IG SolutionsClare Sanderon, IG Solutions
Clare Sanderon, IG Solutions
 
Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64Québec's Privacy Modernization: Bill 64
Québec's Privacy Modernization: Bill 64
 
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?
 
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
 
How safe and reliable are information systems?
How safe and reliable are information systems?How safe and reliable are information systems?
How safe and reliable are information systems?
 
The Perfect Storm - The perfect storm when cyber-attacks meet GDPR - Hernan H...
The Perfect Storm - The perfect storm when cyber-attacks meet GDPR - Hernan H...The Perfect Storm - The perfect storm when cyber-attacks meet GDPR - Hernan H...
The Perfect Storm - The perfect storm when cyber-attacks meet GDPR - Hernan H...
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.
 
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M RizviGeneral Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
General Data Protection Regulation and Compliance - GDPR: Sharique M Rizvi
 

En vedette

PSD2: Making it actionable
PSD2: Making it actionablePSD2: Making it actionable
PSD2: Making it actionable
Backbase
 

En vedette (9)

Boot Camp PSD II – Third Party Access To Accounts
Boot Camp PSD II – Third Party Access To Accounts Boot Camp PSD II – Third Party Access To Accounts
Boot Camp PSD II – Third Party Access To Accounts
 
Boot Camp - European Interchange Regulation: State of Play
Boot Camp - European Interchange Regulation: State of PlayBoot Camp - European Interchange Regulation: State of Play
Boot Camp - European Interchange Regulation: State of Play
 
Combustibile solido secondario (CSS)
Combustibile solido secondario (CSS)Combustibile solido secondario (CSS)
Combustibile solido secondario (CSS)
 
AeroDocs Aviation Document Control Software
AeroDocs Aviation Document Control SoftwareAeroDocs Aviation Document Control Software
AeroDocs Aviation Document Control Software
 
Duke Energy Brand Standards Manual
Duke Energy Brand Standards ManualDuke Energy Brand Standards Manual
Duke Energy Brand Standards Manual
 
OSHA demolition
OSHA demolitionOSHA demolition
OSHA demolition
 
Mobilizing the utility workforce: How mobile technology and analytics will tr...
Mobilizing the utility workforce: How mobile technology and analytics will tr...Mobilizing the utility workforce: How mobile technology and analytics will tr...
Mobilizing the utility workforce: How mobile technology and analytics will tr...
 
PSD2: Making it actionable
PSD2: Making it actionablePSD2: Making it actionable
PSD2: Making it actionable
 
Big Data Analytics in Energy & Utilities
Big Data Analytics in Energy & UtilitiesBig Data Analytics in Energy & Utilities
Big Data Analytics in Energy & Utilities
 

Similaire à Challenges and opportunities in the paperless NHS & beyond - A data protection perspective

Data Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical TrialsData Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical Trials
ClinosolIndia
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
Asad Zaman
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkes
healthcareisi
 

Similaire à Challenges and opportunities in the paperless NHS & beyond - A data protection perspective (20)

[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois
 
Data Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical TrialsData Protection & Data Security in Clinical Trials
Data Protection & Data Security in Clinical Trials
 
CASE STUDY: New EU legislation: how to avoid data disaster
CASE STUDY: New EU legislation: how to avoid data disasterCASE STUDY: New EU legislation: how to avoid data disaster
CASE STUDY: New EU legislation: how to avoid data disaster
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 sept
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
Ensuring Data Protection Compliance.docx.pdf
Ensuring Data Protection Compliance.docx.pdfEnsuring Data Protection Compliance.docx.pdf
Ensuring Data Protection Compliance.docx.pdf
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in Healthcare
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...Data Privacy Program – a customized solution for the new EU General Regulatio...
Data Privacy Program – a customized solution for the new EU General Regulatio...
 
Information Risk Management Overview
Information Risk Management OverviewInformation Risk Management Overview
Information Risk Management Overview
 
DLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The ChallengesDLP: Monitoring Legal Obligations, Managing The Challenges
DLP: Monitoring Legal Obligations, Managing The Challenges
 
Governance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy HawkesGovernance And Data Protection In The Health Sector - Billy Hawkes
Governance And Data Protection In The Health Sector - Billy Hawkes
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Media
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptx
 

Dernier

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Dernier (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 

Challenges and opportunities in the paperless NHS & beyond - A data protection perspective

  • 1. osborneclarke.com 0 Challenges and Opportunities in the Paperless NHS and Beyond: A Data Protection Perspective Emily Jones, Partner 4 June 2014
  • 2. Data protection compliance in context osborneclarke.com
  • 3. osborneclarke.com 2 Challenges Private & Confidential NHS is facing: 1. Huge increase in volumes of sensitive data 2. Public perception issues 3. Fines and enforcement action 4. Political and public pressure to improve data handling A paperless NHS will bring new challenges in these areas.
  • 4. osborneclarke.com 3 Snapshot of recent health sector audit 19 audits carried out primarily with NHS Trusts by the ICO during 2013: Private & Confidential Passwords Lack of simple password controls Policies In place but compliance not always effectively monitored Record tracking • Records tracked but not all conduct audits for missing files • Concerns regarding security of physical records Fax machines Concern regarding use of fax machines for sending personal information Information governance • Appropriate risk registers • Risk assessments • Regular review
  • 5. osborneclarke.com 4 Impact on suppliers Private & Confidential • Demonstrating compliance is key • The Data Protection Act 1998 says: "Appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage" • Competitive advantage for suppliers with a focussed approach to data protection using: - Data retention practices - Good management of data storage and destruction - Careful and well managed use of sub-contractors - Robust security measures - Staff reliability processes - Barriers to overseas data transfers - Regular audits and disaster recovery
  • 6. osborneclarke.com 5 Improving compliance and mitigating risk Private & Confidential 1. Assign responsibility to a DPO 2. Implement a training programme 3. Review and update policies 4. Review approach to hiring sub-contractors 5. Use of encryption 6. Security breach notification 7. Insurance
  • 7. osborneclarke.com 6 Non-compliance – the "so what?" question It's not only about the fines and contract breaches Private & Confidential 1. Negative impact on share value 2. Negative impact on current and future customers (private and public sector) 3. Breach of contract (liability) 4. Diversion of time and resources 5. Staff trust
  • 8. osborneclarke.com 7 Opportunities Private & Confidential Big data: • Commercial use and benefits vs. concerns about identification Anonymisation: • Concern about "true anonymisation" Mobile health/agile working: • Drives efficiencies • Security and monitoring issues Tracking access to records: • Improvements to audits
  • 9. osborneclarke.com 8 Private & Confidential Potential future data protection obligations Restrictions on transfers outside the EEA Keep data accurate & up-to-date Retain data for an appropriate period Respond to data subject requests Annual notification obligation Get opt in / out consent for email / SMS marketing Screen against TPS/FPS "do not call" lists Get opt-in consent to use cookies Data must be relevant and not excessive Notify ICO of security breaches (not yet compulsory for all) Knowledge/ Consent Data protection obligations DPO requirement Enhanced data subject rights: - right to be forgotten - data portability 24 / 72 hours to notify data / cyber breaches Fines to increase (>2% world- wide turnover or €1m) Expanded definition of personal data Data processor responsibility Higher level of consent required Increased use of Privacy Impact Assessments (PIAs) and emphasis on accountability Processor BCRS Annual notification scrapped
  • 10. osborneclarke.com 9 Contact Emily Jones Partner T +44 (0) 117 917 3652 M +44 (0) 7824 491 293 emily.jones@osborneclarke.com
  • 11. Paste end slide graphics over this grey box in slide deck