Book contents
- Frontmatter
- Contents
- Acknowledgements
- Acronyms and abbreviations
- Glossary of terms
- 1 Introduction
- 2 The laws and regulations
- 3 Data quality management
- 4 Dealing with threats
- 5 Security, risk management and business continuity
- 6 Frameworks, policies, ethics and how it all fits together
- Discussion points and exercises
- Index
Discussion points and exercises
Published online by Cambridge University Press: 08 June 2018
- Frontmatter
- Contents
- Acknowledgements
- Acronyms and abbreviations
- Glossary of terms
- 1 Introduction
- 2 The laws and regulations
- 3 Data quality management
- 4 Dealing with threats
- 5 Security, risk management and business continuity
- 6 Frameworks, policies, ethics and how it all fits together
- Discussion points and exercises
- Index
Summary
As stated in Chapter 1, there are clear answers to a few of the questions, but most are there to stimulate discussion, and some further points are made about these. Note that these are personal interpretations – don't take them as legal advice, and note that some are, in any case, ‘judgement calls’.
Chapter 2
1 You work in the Planning Department of a local authority, and receive a request for any information you hold regarding planning applications by a particular individual for a property at a particular address. What would your response be?
Although the names of applicants do appear on planning applications, there could be a data protection issue, here, in that the collected applications constitute personal data about the applicant. Local authorities are obliged to make available certain details relating to planning applications, and may choose to do so via the internet. It may be appropriate to direct the enquirer to your register. Under Section 21 of FOIA, you could respond that the information is reasonably accessible by other means. The decision should be made by your records manager.
2 What measures might you take to ensure the security of personal data held by your organization?
There are many – you might introduce a ‘clear desk’ policy regarding personal data, ensuring that hard copies are locked away securely when not in use. Personal data taken out of the workplace should be encrypted. Securely remove or destroy data held on computer equipment which is being disposed of.
3 You work in a hospital, and are asked by the mother of a 14-yearold patient for details about his treatment. How should you respond?
The young person is the person with rights to their information. If you are confident that he can understand his rights, you should respond to any requests by him. In Scotland, the law presumes that a person of 12 years old or more has the capacity to make a Subject Access request. There is no specific age stipulated in Northern Ireland, England or Wales, but the Scottish decision could be taken as a reasonable guideline. However, it would be reasonable to refer the mother to the medical team.
- Type
- Chapter
- Information
- Information Governance and AssuranceReducing risk, promoting policy, pp. 183 - 186Publisher: FacetPrint publication year: 2014