Data Breach Trends October 2015

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Data Breach Trends October 2015"

Transcription

1 Data Breach Trends October 2015

2 Introduction In October 2015 the Information Commissioner s Office (ICO) published the latest data breach trends including incidents by quarter, type of incident and incidents by sector. We wanted to take the data available and turn it into an easy to read report, as we felt that the information available is something that anyone with an interest in security should have read. Typically, data security is managed by the IT team, but the impact is further reaching. It is not outside the realms of possibility that an enforcement action from the ICO could involve a financial penalty (which would have to be dealt with the finance team), additional training to be carried out (IT and HR), more than likely a disciplinary process for the person who caused the data breach (HR) and press control measures may need to be put in place too (marketing & PR functions). The point? Leaving data security up to one person (or a small team of people) is wholly unacceptable, whilst it is easy to say that everyone is responsible for managing data security, this is also not the right answer. Unfortunately, we don t have the solution - that is down to you, and your business. What we can do is give you some of the key information that the ICO has made available to make yourself better prepared of the consequences, and the types of breaches that have occured recently.

3 About the data Key information is readily available from the Information Commissioner s website Data breach trends data can be found at Notices of enforcement can be found at The most recent data was published on the 11th March 2015, comparison data was published on the 3rd November Zylpha do not have any relationship with the ICO and information is provided for information and illustrative purposes only. About the ICO The Information Commissioner s Office (ICO) is The UK s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. ICO Key Facts Total staff headcount 383 Calls to the ICO helplines 259,903 Public prompted awareness of data protection rights 87% Data Protection Cases received 14,738 Data Protection Cases closed in 30 days or less 58% Privacy and Electronic Communication Regulations Concerns reported 161,720 About Zylpha Headquartered in Southampton, Zylpha is an innovative specialist offering tools for the legal profession including secure electronic document production and delivery. The company, which was founded by CEO Tim Long, has won widespread acclaim in both the legal and local government sectors for its systems, which transform secure communications for court and case management bundles. South Wales Police The ICO has issued South Wales Police with a 160,000 fine for losing a video recording which formed part of the evidence in a sexual abuse case. The DVDs contained film of an interview with a victim, who had been sexually abused as a child. Despite the DVDs containing a graphic and disturbing account, the discs were unencrypted and left in a desk drawer. Page 3

4 Data Breach Incidents Other Local Government Legal Justice Health General Business Finance, insurance & credit Education Charitable & voluntary Central Government Ministry of Justice A monetary penalty notice has been served on the Ministry of Justice for 180,000 over serious failings in the way prisons in England and Wales have been handling people s information. On 24 May 2013, a portable hard drive stored in a prison s Security Department and used to back up the prisoner intelligence database, was discovered to be missing. The hard drive had not been password protected and was left unencrypted. The information on the hard drive related to 2,935 prisoners and included confidential and highly sensitive personal data such as their name, date of birth, length of sentence, offence(s), physical description including details of any distinguishing marks, intelligence information such as links to other prisoners or organised crime, involvement with drug use, prison discipline, establishment location and some victim and/or visitor details. Page 4

5 Incident Type Insecure webpage (inc hacking) Info uploaded to web-page Data sent by to inc rep Verbal disclosure Data posted/faxed to inc rec Loss/theft of unencrypted device Loss/theft of paperwork Insecure disposal of hardware Insecure disposal of paperwork Failure to redact Other principle 7 data failure Serious Fraud Office The Information Commissioner s Office (ICO) has fined the Serious Fraud Office 180,000 after a witness in a serious fraud, bribery and corruption investigation was mistakenly sent evidence relating to 64 other people involved in the case. Aberdeen City Council A monetary penalty notice has been served on Aberdeen City Council after inadequate homeworking arrangements led to 39 pages of personal data being uploaded onto the internet by a Council employee. Page 5

6 Incidents by Sector Charitable & Voluntary Finance, insurance & credit Education General Business Local Government Insecure disposal of hardware Verbal disclosure Information uploaded to webpage Insecure disposal of paperwork Insecure webpage (inc hacking) Failure to redact data Loss or theft of unencrypted device Other principle 7 failure Data sent by to incorrect recipient data posted or faxed to incorrect recipient Loss or theft of paperwork Direct Assist Ltd A personal injuries claims management company Direct Assist Ltd has been issued with a monetary penalty by the ICO for making direct marketing calls to people without their consent. Between January 2013 and July 2014, the ICO and the Telephone Preference Service (TPS) registered 801 concerns about the Bolton-based company which offered access to solicitors for personal injury insurance claims. Wolverhampton City Council The ICO has issued an enforcement notice against Wolverhampton City Council, following an investigation into a data breach at the council that occurred in January The breach was caused when a social worker, who had not received data protection training, sent out a report to a former service user detailing their time in care. However, the social worker failed to remove highly sensitive information about the recipient s sister that should not have been included. Page 6

7 Department of Justice Northern Ireland A monetary penalty notice has been served on Department of Justice Northern Ireland after a filing cabinet containing details of a terrorist incident was sold at auction. North East Lincolnshire Council A monetary penalty notice has been served on North East Lincolnshire Council after the loss of an unencrypted memory device containing personal data and sensitive personal data relating to 286 children. NHS Surrey A monetary penalty notice has been served on NHS Surrey following the discovery of sensitive personal data belonging to thousands of patients on hard drives sold on an online auction site. Page 7

8 For more information contact Zylpha: T: E:

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013 Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is

More information

Once more unto the breach... Dealing with Personal Data Security Breaches. Helen Williamson Information Governance Officer

Once more unto the breach... Dealing with Personal Data Security Breaches. Helen Williamson Information Governance Officer Once more unto the breach... Dealing with Personal Data Security Breaches Helen Williamson Information Governance Officer Aims of the session What are we going to look at? What is a data security breach?

More information

Incident reporting procedure

Incident reporting procedure Incident reporting procedure Responsible Officer Author Date effective from Aug 2009 Date last amended Aug 2009 Review date July 2012 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance

More information

Everyone in the workplace has a legal duty to protect the privacy of information about individuals. AEP/BELB/LJ/2010 Awareness Session

Everyone in the workplace has a legal duty to protect the privacy of information about individuals. AEP/BELB/LJ/2010 Awareness Session Everyone in the workplace has a legal duty to protect the privacy of information about individuals AEP/BELB/LJ/2010 Awareness Session During 2007 alone, 36,989,300 people in the UK have had their private

More information

External Communication to Third Parties

External Communication to Third Parties External Communication to Third Parties Egress Software Technologies Ltd Unit 16 Quadrant Business Center, 135 Salusbury Road, London, NW6 6RJ T: +44 (0)20 7624 8500 / F: +44 (0)20 7624 8200 / E: info@egress.com

More information

A GUIDE TO CRIMINAL INJURIES COMPENSATION

A GUIDE TO CRIMINAL INJURIES COMPENSATION A GUIDE TO CRIMINAL INJURIES COMPENSATION Being a victim of crime such as physical or sexual assault can have significant and long-term consequences for a woman s health and wellbeing. If you have experienced

More information

FROM CHARGE TO TRIAL: A GUIDE TO CRIMINAL PROCEEDINGS

FROM CHARGE TO TRIAL: A GUIDE TO CRIMINAL PROCEEDINGS FROM CHARGE TO TRIAL: A GUIDE TO CRIMINAL PROCEEDINGS If you are experiencing, or have experienced, domestic violence and/or sexual violence there are a number of ways the law can protect you. This includes

More information

Information Governance

Information Governance CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this

More information

The support you should get if you are a victim of crime

The support you should get if you are a victim of crime The support you should get if you are a victim of crime This is an EasyRead booklet showing you what to do. About this booklet The Ministry of Justice wrote this information. This is an EasyRead guide

More information

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE 1. INTRODUCTION Annex C 1.1 Surrey Heath Borough Council (SHBC) processes personal data and must respond appropriately against unauthorised or unlawful

More information

HIPAA and Privacy Policy Training

HIPAA and Privacy Policy Training HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

Reporting the crime to the police

Reporting the crime to the police Section 4 Reporting the crime to the police Why report the crime to the police? It is your choice whether you report the crime to the police. Some people choose not to report or may not report straight

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

GUIDANCE SOFTWARE WHITEPAPER. Tackling the Causes of Data Leakage and Data Loss

GUIDANCE SOFTWARE WHITEPAPER. Tackling the Causes of Data Leakage and Data Loss GUIDANCE SOFTWARE WHITEPAPER TACKLING THE CAUSES OF DATA LEAKAGE AND DATA LOSS Tackling the Causes of Data Leakage and Data Loss I. Introduction Sometimes people have no choice but to provide personal

More information

Contents. Introduction. How to report a fraud. What happens when you report a fraud? The investigation process

Contents. Introduction. How to report a fraud. What happens when you report a fraud? The investigation process 1 Contents Introduction How to report a fraud What happens when you report a fraud? The investigation process Who decides if the case should go to court? What is a non-court disposal? What happens at

More information

Data protection. Report on the data protection guidance we gave schools in 2012

Data protection. Report on the data protection guidance we gave schools in 2012 Data protection Report on the data protection guidance we gave schools in 2012 Contents 1. Background 2. Summary of recommendations 3. tification 4. Personal data 5. Fair processing 6. Information security

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

Incident Reporting Procedure

Incident Reporting Procedure Incident Reporting Procedure Version: Version 1 Ratified by: HEE Board Date ratified: 20 March 2014 Name and Title of Mike Jones, Corporate Secretary originator/author(s): Name of responsible Director:

More information

BYOD BRING YOUR OWN DISASTER?

BYOD BRING YOUR OWN DISASTER? BYOD BRING YOUR OWN DISASTER? Síobhra Rush, Session Chair Leman Solicitors, Ireland BYOD - INTRODUCTION! Agenda! What is BYOD?! Why should businesses consider it?! Potential downsides to BYOD! An explanation

More information

Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation

Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation 1 st June 2013 Version 2.0 Revision History Version Date Summary of Changes

More information

Policy: IG01. Information Governance Incident Reporting Policy. n/a. Date ratified: 16 th April 2014

Policy: IG01. Information Governance Incident Reporting Policy. n/a. Date ratified: 16 th April 2014 Policy: IG01 Information Governance Incident Reporting Policy Version: IG01/01 Ratified by: Trust Management Team Date ratified: 16 th April 2014 Title of Author: Head of Governance Title of responsible

More information

Photography and filming in schools Code of Practice

Photography and filming in schools Code of Practice Photography and filming in schools Code of Practice Data Protection compliance September 2010 Photography and filming in schools September 2010 1 Contents 1. About this code 3 2. Complying with the Data

More information

Will we be in trouble? How information laws are enforced

Will we be in trouble? How information laws are enforced Will we be in trouble? How information laws are enforced Max Todd Information Compliance team, Council Secretariat Wednesday 23 September 2015 Breaches of data security - read all about it London clinic

More information

Violence takes many forms. It is unacceptable whenever it happens.

Violence takes many forms. It is unacceptable whenever it happens. FAMILY VIOLENCE Violence takes many forms. It is unacceptable whenever it happens. Violence by a family member who is loved and trusted can be particularly devastating. Family violence happens where the

More information

When things go wrong: information governance breaches and the role of the ICO. David Evans, Senior Policy Officer

When things go wrong: information governance breaches and the role of the ICO. David Evans, Senior Policy Officer When things go wrong: information governance breaches and the role of the ICO David Evans, Senior Policy Officer Where it did go wrong NHS Surrey 200,000 MPN June 2013 The events leading up to the MPN

More information

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Summary of Critical Pacific Medical Centers (PMC) HIPAA Policies and Procedures For additional information or questions, please

More information

Information security incident reporting procedure

Information security incident reporting procedure Information security incident reporting procedure Responsible Officer Author Date effective from 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended

More information

A common sense guide to the Data Protection Act 1998 for volunteers

A common sense guide to the Data Protection Act 1998 for volunteers A common sense guide to the Data Protection Act 1998 for volunteers Why is it necessary? The Data Protection Act 1998 is a law introduced to control the way information held about individuals is handled

More information

Raising and escalating concerns. Guidance for nurses and midwives

Raising and escalating concerns. Guidance for nurses and midwives Raising and escalating concerns Guidance for nurses and midwives We are the nursing and midwifery regulator for England, Wales, Scotland, Northern Ireland and the Islands. We exist to safeguard the health

More information

Police Officers who Commit Domestic Violence-Related Criminal Offences 1

Police Officers who Commit Domestic Violence-Related Criminal Offences 1 PUBLIC DOCUMENT Association of Chief Police Officers of England, Wales and Northern Ireland Police Officers who Commit Domestic Violence-Related Criminal Offences 1 This is an ACPO policy relating to police

More information

Council, 14 May 2015. Information Governance Report. Introduction

Council, 14 May 2015. Information Governance Report. Introduction Council, 14 May 2015 Information Governance Report Introduction 1.1 The Information Governance function within the Secretariat Department is responsible for the HCPC s ongoing compliance with the Freedom

More information

Staff DBS Checks and Employing Exoffenders:

Staff DBS Checks and Employing Exoffenders: Staff DBS Checks and Employing Exoffenders: Guide to Policy and Procedures for Managers of Applicants 1 INDEX 1. Introduction 2. Recruiting ex-offenders 3. Disclosure and barring service (DBS) checks procedural

More information

Violence against staff

Violence against staff Violence against staff Introduction NHS staff should be able to come to work without fear of violence, abuse or harassment from patients or their relatives. In most cases, patients and their relatives

More information

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low Policy Social Media Acceptable Use Policy Date approved by - ISG Version Issue Date Review Date Executive Lead 11/6/2013 1.0 11/6/2013 11/6/2015 Mike Robson Executive Director Finance Procedure/Policy

More information

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY PROTECTING PATIENT PRIVACY and INFORMATION SECURITY 2 PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY 3 INTRODUCTION As an agency employee, student,

More information

Good Practice in Records Management and Information Security

Good Practice in Records Management and Information Security Good Practice in Records Management and Information Security BELB LJ Schools 2013 How Valuable are Records & Documents? Valuable only because of the information they contain. Usable if they can be accessed

More information

How we deal with complaints and concerns

How we deal with complaints and concerns I Data Protection Act How we deal with complaints and concerns A guide for data controllers 1 Data Protection Act How we deal with complaints and concerns The ICO is the UK s independent public authority

More information

HIPAA Orientation. Health Insurance Portability and Accountability Act

HIPAA Orientation. Health Insurance Portability and Accountability Act HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the

More information

Assessment Notices under the Data Protection Act 1998 Extension of the Information Commissioner s Powers

Assessment Notices under the Data Protection Act 1998 Extension of the Information Commissioner s Powers Assessment Notices under the Data Protection Act 1998 Extension of the Information Commissioner s Powers Consultation Paper CP9/2013 This consultation begins on 25 March 2013 This consultation ends on

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

Information Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet

Information Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet Information Management Handbook for Schools London Borough of Barnet Document Name Document Description Information Management Handbook for Schools This document is intended for use by Barnet Borough Schools.

More information

Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012

Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012 Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012 Mission of Pro Bono Partnership of Atlanta: To maximize the impact of pro bono engagement by connecting

More information

How to complain about a doctor

How to complain about a doctor How to complain about a doctor Scotland This booklet is for patients in Scotland. Our procedures are the same throughout the UK, but healthcare and support organisations do vary. We have therefore also

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

Assess the purpose of the Criminal Justice System and the role of the Ministry of Justice.

Assess the purpose of the Criminal Justice System and the role of the Ministry of Justice. Assess the purpose of the Criminal Justice System and the role of the Ministry of Justice. Introduction Justice is a concept, a concept of moral rightness based on ethics, rationality, law or religion

More information

THIS GUIDANCE APPLIES FROM 10 MARCH 2014

THIS GUIDANCE APPLIES FROM 10 MARCH 2014 THIS GUIDANCE APPLIES FROM 10 MARCH 2014 Guidance on the Rehabilitation of Offenders Act 1974 Contents: (1) INTRODUCTION: What is the Rehabilitation of Offenders Act 1974? Who benefits from the 1974 Act

More information

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013 Information Security Incident Management Policy Policy and Guidance June 2013 Project Name Information Security Incident Management Policy Product Title Policy and Guidance Version Number 1.2 Final Page

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

Contact us the different ways you can contact us are by writing to the address in the terms & conditions or call the helpline

Contact us the different ways you can contact us are by writing to the address in the terms & conditions or call the helpline We can provide this information in large print, braille and audio. Call our helpline on 0845 4400775 or 40775 (calls to speak to a colleague cost 25p) or write to us and we ll arrange this. Mobile by Sainsbury

More information

Identity Theft Data Privacy Day 2012 Dalhousie University Halifax, NS 2012-01-25

Identity Theft Data Privacy Day 2012 Dalhousie University Halifax, NS 2012-01-25 Identity Theft Data Privacy Day 2012 Dalhousie University Halifax, NS 2012-01-25 AGENDA Identity Theft & Identity Fraud Definitions Bill S4 - Offences Identity Documents Uses of Identity Information Identity

More information

Notification of data security breaches to the Information Commissioner s

Notification of data security breaches to the Information Commissioner s ICO lo Notification of data security breaches to the Information Commissioner s Data Protection Act Contents Overview... 2 What the DPA says... 2 Reporting a breach... 2 Potential detriment to data subjects...

More information

HIPAA Compliance. 2013 Annual Mandatory Education

HIPAA Compliance. 2013 Annual Mandatory Education HIPAA Compliance 2013 Annual Mandatory Education What is HIPAA? Health Insurance Portability and Accountability Act Federal Law enacted in 1996 that mandates adoption of Privacy protections for health

More information

HOW WE USE YOUR PERSONAL INFORMATION

HOW WE USE YOUR PERSONAL INFORMATION HOW WE USE YOUR PERSONAL INFORMATION Information Leaflet Your Health. Our Priority. Page 2 of 9 Introduction This Leaflet explains why the NHS collects information about you and how it is used, your right

More information

7. MY RIGHTS IN DEALING WITH CRIMINAL LAW AND THE GARDAÍ

7. MY RIGHTS IN DEALING WITH CRIMINAL LAW AND THE GARDAÍ 7. MY RIGHTS IN DEALING WITH CRIMINAL LAW AND THE GARDAÍ 7.1 Victim of a crime What are my rights if I have been the victim of a crime? As a victim of crime, you have the right to report that crime to

More information

Making a Victim Personal Statement. You have a voice in the criminal justice system and have a right to explain how the crime has affected you

Making a Victim Personal Statement. You have a voice in the criminal justice system and have a right to explain how the crime has affected you Making a Victim Personal Statement You have a voice in the criminal justice system and have a right to explain how the crime has affected you CONTENTS About this leaflet What is a Victim Personal Statement

More information

COUNCIL OF EUROPE COMMITTEE OF MINISTERS

COUNCIL OF EUROPE COMMITTEE OF MINISTERS COUNCIL OF EUROPE COMMITTEE OF MINISTERS Recommendation Rec(2006)8 of the Committee of Ministers to member states on assistance to crime victims (Adopted by the Committee of Ministers on 14 June 2006 at

More information

DOMESTIC VIOLENCE. Do the right thing see your lawyer first

DOMESTIC VIOLENCE. Do the right thing see your lawyer first DOMESTIC VIOLENCE Do the right thing see your lawyer first Contents 1. What is domestic violence? 2. What protection does the law offer? 3. Who can apply for protection? 4. What is a protection order?

More information

Victims of Crime. information leaflet. Working together for a safer Scotland

Victims of Crime. information leaflet. Working together for a safer Scotland Working together for a safer Scotland If you have been a victim of crime this leaflet is to help let you know about how to find support and help and to tell you about the criminal justice system. Support

More information

Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com

Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com Whitepaper Best Practices for Securing Your Backup Data BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com DATA PROTECTION CHALLENGE Encryption, the process of scrambling information

More information

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA)

NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES (HIPAA) THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

Information for victims of crime

Information for victims of crime This leaflet sets out what you can expect from key service providers as a victim of crime. It also contains information about organisations that you can contact for free advice, practical information or

More information

Data Security Breach Management Procedure

Data Security Breach Management Procedure Academic Services Data Security Breach Management Procedure Document Reference: Data Breach Procedure 1.1 Document Type: Document Status: Document Owner: Review Period: Procedure v1.0 Approved by ISSG

More information

How to complain about a doctor. England

How to complain about a doctor. England How to complain about a doctor England This booklet is for patients in England. Our procedures are the same throughout the UK, but healthcare and support organisations do vary. We have therefore also produced

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Information for registrants. What happens if a concern is raised about me?

Information for registrants. What happens if a concern is raised about me? Information for registrants What happens if a concern is raised about me? Contents About this brochure 1 What is fitness to practise? 1 What can I expect from you? 3 How are fitness to practise concerns

More information

You ve reported a crime so what happens next?

You ve reported a crime so what happens next? You ve reported a crime so what happens next? This booklet tells you what you can expect from the Criminal Justice System, and explains: what happens now how to get advice and support your rights where

More information

Bring Your Own Device

Bring Your Own Device Bring Your Own Device Save costs, deliver flexible working and manage the risks Gary Shipsey Managing Director 25 September 2014 Agenda Bring Your Own Device (BYOD) and your charity and how to avoid the

More information

Human Resources Author: Lou Hassen Version: 1 Review Date: Dec 2012 Page 1 of 7. Trinity Academy Disciplinary Policy

Human Resources Author: Lou Hassen Version: 1 Review Date: Dec 2012 Page 1 of 7. Trinity Academy Disciplinary Policy Page 1 of 7 Trinity Academy Disciplinary Policy Policy Statement The purpose of the Disciplinary Procedure is to give staff members every opportunity to improve standards of behaviour and conduct and to

More information

REPORTING AN OFFENCE TO THE POLICE: A GUIDE TO CRIMINAL INVESTIGATIONS

REPORTING AN OFFENCE TO THE POLICE: A GUIDE TO CRIMINAL INVESTIGATIONS REPORTING AN OFFENCE TO THE POLICE: A GUIDE TO CRIMINAL INVESTIGATIONS If you are experiencing or have experienced domestic volence and/or sexual violence there are a number of ways the law can protect

More information

Patterson Dental Supply, Inc. Sample HIPAA Notice of Privacy Practices for its Dental Practice Customers. Last Updated April 1, 2010

Patterson Dental Supply, Inc. Sample HIPAA Notice of Privacy Practices for its Dental Practice Customers. Last Updated April 1, 2010 Patterson Dental Supply, Inc. Sample HIPAA Notice of Privacy Practices for its Dental Practice Customers Last Updated April 1, 2010 This sample HIPAA Notice of Privacy Practices is being provided by Patterson

More information

A A E S C. Albuquerque Ambulatory Eye Surgery Center NOTICE OF PRIVACY PRACTICES

A A E S C. Albuquerque Ambulatory Eye Surgery Center NOTICE OF PRIVACY PRACTICES A A E S C Albuquerque Ambulatory Eye Surgery Center NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

2012 No. 1204 POLICE, ENGLAND AND WALES. The Police (Complaints and Misconduct) Regulations 2012

2012 No. 1204 POLICE, ENGLAND AND WALES. The Police (Complaints and Misconduct) Regulations 2012 STATUTORY INSTRUMENTS 2012 No. 1204 POLICE, ENGLAND AND WALES The Police (Complaints and Misconduct) Regulations 2012 Made - - - - 1st May 2012 Laid before Parliament 3rd May 2012 Coming into force - -

More information

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information. MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix

More information

Victims of Crime the help and advice that s available

Victims of Crime the help and advice that s available Details about Victim Support Your local Victim Support Scheme is: Victims of Crime the help and advice that s available You can also contact the Victim Supportline on: 0845 30 30 900 Or, if you prefer,

More information

Cooper Dental Group Notice of Privacy Practices

Cooper Dental Group Notice of Privacy Practices Cooper Dental Group Notice of Privacy Practices THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

HIPAA Basic Training for Privacy & Information Security

HIPAA Basic Training for Privacy & Information Security HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/hipaa Vanderbilt Credo We treat others as we wish to be treated Vanderbilt

More information

Cyber-safety Agreements are also an educative tool and shall be used as a resource to support the professional development of the school community.

Cyber-safety Agreements are also an educative tool and shall be used as a resource to support the professional development of the school community. Cyber Safety Policy Rationale Mannum Community College places a high priority on providing its school community with Internet facilities, ICT devices and equipment which will benefit student learning outcomes

More information

Victims of crime: Understanding the support you can expect

Victims of crime: Understanding the support you can expect Victims of crime: Understanding the support you can expect If you have been a victim of crime, you are entitled to certain information and support from criminal justice organisations such as the police

More information

How to complain about a doctor

How to complain about a doctor How to complain about a doctor England This booklet is for patients in England. Our procedures are the same throughout the UK, but healthcare and support organisations do vary. We have therefore also produced

More information

Council Tax Reduction Anti-Fraud Policy

Council Tax Reduction Anti-Fraud Policy Council Tax Reduction Anti-Fraud Policy Richard Davies Head of Revenues and Benefits, Torfaen Head of Benefits, Monmouthshire April 2015 1 Contents Section 1. 3 Background 3 Legislation and Governance

More information

Guidance on data security breach management

Guidance on data security breach management ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...

More information

ICT POLICY AND PROCEDURE

ICT POLICY AND PROCEDURE ICT POLICY AND PROCEDURE POLICY STATEMENT St Michael s College regards the integrity of its computer resources, including hardware, databases and software, as central to the needs and success of our day-to-day

More information

HIPAA Notice of Privacy Practices

HIPAA Notice of Privacy Practices This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review this notice carefully. This practice is required by law to

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and

More information

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom

More information

Information Governance in Dental Practices. Summary of findings from ICO reviews. September 2015

Information Governance in Dental Practices. Summary of findings from ICO reviews. September 2015 Information Governance in Dental Practices Summary of findings from ICO reviews September 2015 Executive summary The Information Commissioner s Office (ICO) is the regulator responsible for ensuring that

More information

Information for members of the public. How to make a complaint about a health professional

Information for members of the public. How to make a complaint about a health professional Information for members of the public How to make a complaint about a health professional Contents About this brochure 1 What is the HPC? 1 What is fitness to practise? 2 What if you are not happy with

More information

By the end of this course you will demonstrate:

By the end of this course you will demonstrate: 1 By the end of this course you will demonstrate: 1. that HIPAA privacy rules protect privacy and security of confidential information. 2. your responsibility for use and protection of protected health

More information

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards.

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards. Inspection Report We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards. Eastham Walk In Centre Eastham Clinic, Eastham Rake, Eastham,

More information

Applying appropriate sanctions consistently

Applying appropriate sanctions consistently Applying appropriate sanctions consistently Policy statement April 2013 Tackling fraud and managing security Contents 1 Introduction... 1 2 The NHS Protect approach to pursuing sanctions... 1 3 The criminal

More information

Accessing Personal Information on Patients and Staff:

Accessing Personal Information on Patients and Staff: Accessing Personal Information on Patients and Staff: A Framework for NHSScotland Purpose: Enabling access to personal and business information is a key part of the NHSScotland Information Assurance Strategy

More information

COUNCIL TAX REDUCTION, DISCOUNT & EXEMPTION ANTI- FRAUD POLICY

COUNCIL TAX REDUCTION, DISCOUNT & EXEMPTION ANTI- FRAUD POLICY COUNCIL TAX REDUCTION, DISCOUNT & EXEMPTION ANTI- FRAUD POLICY December 2014 1 Contents Section Page Council Tax Reduction, Discount & Exemption Anti-Fraud Policy 1 Introduction 3 2 Definition of Council

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

HIPAA Privacy. September 21, 2013

HIPAA Privacy. September 21, 2013 HIPAA Privacy September 21, 2013 HIPAA Privacy Workforce Training The Health Insurance Portability & Accountability Act (HIPAA) requires that the University train all workforce members (faculty, staff,

More information

Disciplinary policy INTRODUCTION

Disciplinary policy INTRODUCTION Disciplinary policy This policy forms part of your contract of employment. The councils are entitled to introduce minor and non-fundamental changes to this policy by notifying you of these changes in writing

More information

Section 56 Enforced Subject Access: Worth the wait? Jonathan Bamford Head of Strategic Liaison Information Commissioner s Office

Section 56 Enforced Subject Access: Worth the wait? Jonathan Bamford Head of Strategic Liaison Information Commissioner s Office Section 56 Enforced Subject Access: Worth the wait? Jonathan Bamford Head of Strategic Liaison Information Commissioner s Office Section 56: Key points MoJ commitment to bring into force on the 1 December

More information

Tenants and Leaseholders Home Contents Insurance Scheme Application Form

Tenants and Leaseholders Home Contents Insurance Scheme Application Form Tenants and Leaseholders Home Contents Insurance Scheme Application Form (Subject to the terms, exclusions and conditions of the policy, a specimen of which is available on request). Before you fill in

More information