The Data Protection Act 1998 - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

The Data Protection Act 1998

Description:

UCL is the corporate body controlling data under the Data Protection Act (DPA) 1998 ... Do not photocopy or remove files of their contents without specific permission ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 14
Provided by: martinfer
Category:

less

Transcript and Presenter's Notes

Title: The Data Protection Act 1998


1
The Data Protection Act1998
  • Information for academic and clinical researchers

2
Responsibility of UCL
  • UCL is the corporate body controlling data under
    the Data Protection Act (DPA) 1998
  • UCL Data Protection Officer
  • Rosamund Cummings (r.cummings_at_ucl.ac.uk)
  • IOMS Data Protection Coordinator
  • Martin Ferguson-Pell (m.ferguson-pell_at_ucl.ac.uk)

3
Data Protection Coordinator
  • Informs Data Protection Officer of types of
    personal data held in IOMS and any changes in
    holdings

4
Staff and Students
  • Entitled to know what personal information is
    held by UCL and how and why it is processed
  • Know how to gain access to personal information
    held
  • Know how to keep it up to date
  • What UCL does to stay in compliance with DPA

5
Staff Responsibilities
  • Check information they provide that is connected
    with their employment to ensure that it is
    accurate. Must inform Personnel if there are
    changes to information provided or of any
    inaccuracies
  • Ensure that all information they hold (e.g.
    research data regarding subject participants) is
    registered with UCL
  • Agree to personal information being placed on UCL
    websites etc unless individual indicates they do
    not wish this

6
Staff Responsibilities for Data Security
  • Any data, whether electronic or in paper format
    must be secure
  • Personal information must not be disclosed
    orally, in writing or otherwise to third parties
    without consent

7
Department Coordinators
  • Must ensure that appropriate technical measures
    and organisational measures are taken within
    department to ensure against
  • Unauthorised or unlawful access to data
  • Accidental loss or destruction of data
  • Damage to data

8
Use of data in research (1)
  • All research involving data collected from human
    subjects must be registered with the Data
    Protection Officer (through the Coordinator)
  • Subjects must give explicit consent for data to
    be processed. Invariably this requires the
    approval of the protocol by an ethics committee
    for the intended purpose. If the purpose changes
    an amended to the protocol or a waiver of consent
    would be required from the ethics committee
  • Only obtain the minimum information necessary to
    conduct the research effectively

9
Use of data in research (2)
  • Data cannot be transferred to a third party
    unless consent is obtained or the data is fully
    anonymised
  • Data cannot be transferred outside EU unless
    there is an adequate level of protection of
    rights and freedoms of subjects guaranteed in the
    participating country

10
Anonymising
  • Fully anonymous data has no identifiers that
    would allow the person using the data to discover
    the individuals identity (e.g. patient number,
    name, post-code etc)
  • Linked data Person using the data can determine
    the identity of the individual through use of
    additional information (a key) held by an
    authorised person or held in a separate location
    from the dataset

11
Data Security - Electronic Storage
  • If personal data is stored on a computer make
    sure it is only accessible through use of a user
    name and password
  • Databases should be separately pass-worded
  • Log-off computer when not using it
  • Do not disclose password to others
  • Personal data relating to patients can only be
    e-mailed using NHSNet or using an NHS approved
    encryption technology
  • Avoid storing personal data on laptops

12
Data Security - Paper Storage
  • Make sure files are signed out and stored
    securely. Ensure that unauthorised persons do
    not have access to them.
  • Do not photocopy or remove files of their
    contents without specific permission

13
Summary of 8 Principles of DPA
  • Data must be obtained and used fairly and
    lawfully
  • Data should only be used for the purpose that was
    intended
  • Data must be relevant and adequate without being
    excessive
  • Data should be accurate and where necessary kept
    up to date. Makes of disputes of accuracy.
  • Data should be kept no longer than necessary
  • Data use must not violate the rights of those
    about whom the information is stored.
  • Data must be suitably safeguarded
  • Data must not be transferred from the EU to
    another country unless that country has adequate
    data protection standards
Write a Comment
User Comments (0)
About PowerShow.com