Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Ig what&why

U
UOPITtraining

This document discusses the importance of properly managing records and information within an organization. It emphasizes that records contain essential information that allows an organization to function and must be treated carefully. Personal data and sensitive personal data about individuals require special protection under data protection laws. The consequences of not properly managing records and data leakage can be severe for a university, impacting its reputation, compliance, and ability to operate. Proper records management is a growing challenge in the digital age across many formats where records exist.

1 of 14
What & Why A lot of information has little or no long term value, suchas lunchinvites, post-it notes, leaflets advertising particular events etc. YES NO
in every organisation there willbe a core of records that make upthe corporate memory of that organisation. Within this core of records is the smaller subset of Vital Records. These are the records without which the organisation cannot function.
So what’s the difference? Information ought to be managed efficiently but records must be managed efficiently and effectively. When we understand the value of the information we hold, its value to us, to the University and other people, then it is easier to understand why we need to treat it carefully. Take an interest in its welfare!
Because the University owns the information with which we work, we are merely the custodians for the duration of our employment. It is our collective responsibility to ensure that, wherever we work, records are being organised and processed correctly. We are not the owners of the information with which we work. Even if you are an academic with an exemption clause in your contract, this only relates to a small, predefined part of your work. The rest remains the property of the University and the University has a legal obligation to manage its information and records in accordance with the legal and regulatory framework in which it operates.
Records share a certain set of characteristics. They are authentic, reliable, have integrity and usability.Pneumonic = GANDALF Genuine Accurate Necessary Durable Auditable Legally Admissible Findable
It is our responsibility to ensure that the University’s records retain these characteristics, regardless of format. Records are no longer just paper files, on dusty shelves… they are not even restricted to corporate databases, MS Office documents or PDFs… records can be emails, chat messages, tape cassettes, DVDs, social media posts, website content and even tweets. Applying records management principles to records in all these formats and more is the growing challenge of the 21st Century.
Technology is now an essential part of our lives – buttechnology has a dark side – cyber-crime, identitytheft, phishing, denial of service, these all resultin ‘data leakage’. Data leakage means the loss of privacy, identity, money, intellectual property or reputation. The most common cause of data leakage is human error (e.g. laptops left in taxis, weak passwords, hard drive bought on EBay).
Data Protection The Universityprocesses many differenttypes of informationandwe need to knowwhichtype we aredealingwith. The Data ProtectionAct 1998defines two types ofinformation...
This the data we hold about individuals, whether applicants, students, graduates or members of staff (past and present). Not only does personal data relate to facts, but also to opinions, so we should all take care to write in a professional and neutral way, regardless of how informal the communication medium (emails, chat etc.) may appear.
Sensitive Personal Data This is further data about these same individuals, but relating to certain defined categories of sensitive data, that is: Physical and mental health conditions Religious beliefs or beliefs of a similar nature Racial or ethnic origin Sexual life Political opinions Whether or not a person is a member of a trade union The commission or alleged commission of any offence Or Any sentences from that offence The Data Protection Act 1998 (DPA) only allows us to process this data in certain circumstances, in order to protect the data and the individuals to whom it applies. This means that we only ask for the minimum amount of information for our needs on collection, that we keep that data even more securely than personal data, and only use it in specific circumstances.
When we are collecting data, we need to consider what personal and sensitive personal data we are collecting. If we think of this before we collect it, then we only collect what we need. The Data Protection Act requires us to only collect the data we need to carry out our jobs. We also need to think about the data we hold as the work progresses over the years, as we may need to collect new data, or we may no longer need some of the data we originally collected. When we collect data from individuals, the DPA requires us to tell people what we’re going to do with their data [data protectionstatements http://www.port.ac.uk/accesstoinformation/policies/information/]. We can’t then, use that data foranything new without first asking the individuals, whether staff or students for theirconsent. So its best to think about what you need the data for when first collecting it.
There are other types of restricted data, not covered by the DPA, such as commercially confidential records or intellectual property that also need to be given suitable protection and/or extra thought when we collect, hold and use it. The HE sector faces a growing challenge from cyber threats - targeted at our Intellectual Property (IP). IP is vital to innovation and our economic development as a nation. Remember to hold, use and store restricted data on secure UoP computers only.
For most otherorganisations theconsequences are less terminal in a humansense, butcould well cause big problems in a businesssense. There has recently beena lot of publicityover a University that didn’t keep accurate records of its international students. As a result it had its sponsor status temporarily suspended, had to make arrangements for all of its international students currently in thecountry and could notaccept any new students for at least a term. This has had a massive effect on its reputation as a University.
So longas we have a goodreason for whywe are collectinginformation,whether personaland sensitive personal data, ordata relatingto the University, then we can collect it. However,just because we thinkit might be useful orwe might want itinthe future is not a goodenough reason for processingthe information. When thinking about the data we need to process, it helps to think about why we need it. There may be legal or funding requirements outside of our control that mean we have to collect data, or we may need the information for our own reasons. We need to know the details of a student's qualifications, to know that they are capable of getting on their course, and we have to provide this qualification information to HEFCE. We also need to collect for our own purposes though, student and staff emergency contact details, in case we need to contact someone if something happens to you.

More Related Content

Ig what&why

  • 1. What & Why A lot of information has little or no long term value, suchas lunchinvites, post-it notes, leaflets advertising particular events etc. YES NO
  • 2. in every organisation there willbe a core of records that make upthe corporate memory of that organisation. Within this core of records is the smaller subset of Vital Records. These are the records without which the organisation cannot function.
  • 3. So what’s the difference? Information ought to be managed efficiently but records must be managed efficiently and effectively. When we understand the value of the information we hold, its value to us, to the University and other people, then it is easier to understand why we need to treat it carefully. Take an interest in its welfare!
  • 4. Because the University owns the information with which we work, we are merely the custodians for the duration of our employment. It is our collective responsibility to ensure that, wherever we work, records are being organised and processed correctly. We are not the owners of the information with which we work. Even if you are an academic with an exemption clause in your contract, this only relates to a small, predefined part of your work. The rest remains the property of the University and the University has a legal obligation to manage its information and records in accordance with the legal and regulatory framework in which it operates.
  • 5. Records share a certain set of characteristics. They are authentic, reliable, have integrity and usability.Pneumonic = GANDALF Genuine Accurate Necessary Durable Auditable Legally Admissible Findable
  • 6. It is our responsibility to ensure that the University’s records retain these characteristics, regardless of format. Records are no longer just paper files, on dusty shelves… they are not even restricted to corporate databases, MS Office documents or PDFs… records can be emails, chat messages, tape cassettes, DVDs, social media posts, website content and even tweets. Applying records management principles to records in all these formats and more is the growing challenge of the 21st Century.
  • 7. Technology is now an essential part of our lives – buttechnology has a dark side – cyber-crime, identitytheft, phishing, denial of service, these all resultin ‘data leakage’. Data leakage means the loss of privacy, identity, money, intellectual property or reputation. The most common cause of data leakage is human error (e.g. laptops left in taxis, weak passwords, hard drive bought on EBay).
  • 8. Data Protection The Universityprocesses many differenttypes of informationandwe need to knowwhichtype we aredealingwith. The Data ProtectionAct 1998defines two types ofinformation...
  • 9. This the data we hold about individuals, whether applicants, students, graduates or members of staff (past and present). Not only does personal data relate to facts, but also to opinions, so we should all take care to write in a professional and neutral way, regardless of how informal the communication medium (emails, chat etc.) may appear.
  • 10. Sensitive Personal Data This is further data about these same individuals, but relating to certain defined categories of sensitive data, that is: Physical and mental health conditions Religious beliefs or beliefs of a similar nature Racial or ethnic origin Sexual life Political opinions Whether or not a person is a member of a trade union The commission or alleged commission of any offence Or Any sentences from that offence The Data Protection Act 1998 (DPA) only allows us to process this data in certain circumstances, in order to protect the data and the individuals to whom it applies. This means that we only ask for the minimum amount of information for our needs on collection, that we keep that data even more securely than personal data, and only use it in specific circumstances.
  • 11. When we are collecting data, we need to consider what personal and sensitive personal data we are collecting. If we think of this before we collect it, then we only collect what we need. The Data Protection Act requires us to only collect the data we need to carry out our jobs. We also need to think about the data we hold as the work progresses over the years, as we may need to collect new data, or we may no longer need some of the data we originally collected. When we collect data from individuals, the DPA requires us to tell people what we’re going to do with their data [data protectionstatements http://www.port.ac.uk/accesstoinformation/policies/information/]. We can’t then, use that data foranything new without first asking the individuals, whether staff or students for theirconsent. So its best to think about what you need the data for when first collecting it.
  • 12. There are other types of restricted data, not covered by the DPA, such as commercially confidential records or intellectual property that also need to be given suitable protection and/or extra thought when we collect, hold and use it. The HE sector faces a growing challenge from cyber threats - targeted at our Intellectual Property (IP). IP is vital to innovation and our economic development as a nation. Remember to hold, use and store restricted data on secure UoP computers only.
  • 13. For most otherorganisations theconsequences are less terminal in a humansense, butcould well cause big problems in a businesssense. There has recently beena lot of publicityover a University that didn’t keep accurate records of its international students. As a result it had its sponsor status temporarily suspended, had to make arrangements for all of its international students currently in thecountry and could notaccept any new students for at least a term. This has had a massive effect on its reputation as a University.
  • 14. So longas we have a goodreason for whywe are collectinginformation,whether personaland sensitive personal data, ordata relatingto the University, then we can collect it. However,just because we thinkit might be useful orwe might want itinthe future is not a goodenough reason for processingthe information. When thinking about the data we need to process, it helps to think about why we need it. There may be legal or funding requirements outside of our control that mean we have to collect data, or we may need the information for our own reasons. We need to know the details of a student's qualifications, to know that they are capable of getting on their course, and we have to provide this qualification information to HEFCE. We also need to collect for our own purposes though, student and staff emergency contact details, in case we need to contact someone if something happens to you.