Data Breach Trends October 2015

Size: px
Start display at page:

Download "Data Breach Trends October 2015"

Transcription

1 Data Breach Trends October 2015

2 Introduction In October 2015 the Information Commissioner s Office (ICO) published the latest data breach trends including incidents by quarter, type of incident and incidents by sector. We wanted to take the data available and turn it into an easy to read report, as we felt that the information available is something that anyone with an interest in security should have read. Typically, data security is managed by the IT team, but the impact is further reaching. It is not outside the realms of possibility that an enforcement action from the ICO could involve a financial penalty (which would have to be dealt with the finance team), additional training to be carried out (IT and HR), more than likely a disciplinary process for the person who caused the data breach (HR) and press control measures may need to be put in place too (marketing & PR functions). The point? Leaving data security up to one person (or a small team of people) is wholly unacceptable, whilst it is easy to say that everyone is responsible for managing data security, this is also not the right answer. Unfortunately, we don t have the solution - that is down to you, and your business. What we can do is give you some of the key information that the ICO has made available to make yourself better prepared of the consequences, and the types of breaches that have occured recently.

3 About the data Key information is readily available from the Information Commissioner s website Data breach trends data can be found at Notices of enforcement can be found at The most recent data was published on the 11th March 2015, comparison data was published on the 3rd November Zylpha do not have any relationship with the ICO and information is provided for information and illustrative purposes only. About the ICO The Information Commissioner s Office (ICO) is The UK s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. ICO Key Facts Total staff headcount 383 Calls to the ICO helplines 259,903 Public prompted awareness of data protection rights 87% Data Protection Cases received 14,738 Data Protection Cases closed in 30 days or less 58% Privacy and Electronic Communication Regulations Concerns reported 161,720 About Zylpha Headquartered in Southampton, Zylpha is an innovative specialist offering tools for the legal profession including secure electronic document production and delivery. The company, which was founded by CEO Tim Long, has won widespread acclaim in both the legal and local government sectors for its systems, which transform secure communications for court and case management bundles. South Wales Police The ICO has issued South Wales Police with a 160,000 fine for losing a video recording which formed part of the evidence in a sexual abuse case. The DVDs contained film of an interview with a victim, who had been sexually abused as a child. Despite the DVDs containing a graphic and disturbing account, the discs were unencrypted and left in a desk drawer. Page 3

4 Data Breach Incidents Other Local Government Legal Justice Health General Business Finance, insurance & credit Education Charitable & voluntary Central Government Ministry of Justice A monetary penalty notice has been served on the Ministry of Justice for 180,000 over serious failings in the way prisons in England and Wales have been handling people s information. On 24 May 2013, a portable hard drive stored in a prison s Security Department and used to back up the prisoner intelligence database, was discovered to be missing. The hard drive had not been password protected and was left unencrypted. The information on the hard drive related to 2,935 prisoners and included confidential and highly sensitive personal data such as their name, date of birth, length of sentence, offence(s), physical description including details of any distinguishing marks, intelligence information such as links to other prisoners or organised crime, involvement with drug use, prison discipline, establishment location and some victim and/or visitor details. Page 4

5 Incident Type Insecure webpage (inc hacking) Info uploaded to web-page Data sent by to inc rep Verbal disclosure Data posted/faxed to inc rec Loss/theft of unencrypted device Loss/theft of paperwork Insecure disposal of hardware Insecure disposal of paperwork Failure to redact Other principle 7 data failure Serious Fraud Office The Information Commissioner s Office (ICO) has fined the Serious Fraud Office 180,000 after a witness in a serious fraud, bribery and corruption investigation was mistakenly sent evidence relating to 64 other people involved in the case. Aberdeen City Council A monetary penalty notice has been served on Aberdeen City Council after inadequate homeworking arrangements led to 39 pages of personal data being uploaded onto the internet by a Council employee. Page 5

6 Incidents by Sector Charitable & Voluntary Finance, insurance & credit Education General Business Local Government Insecure disposal of hardware Verbal disclosure Information uploaded to webpage Insecure disposal of paperwork Insecure webpage (inc hacking) Failure to redact data Loss or theft of unencrypted device Other principle 7 failure Data sent by to incorrect recipient data posted or faxed to incorrect recipient Loss or theft of paperwork Direct Assist Ltd A personal injuries claims management company Direct Assist Ltd has been issued with a monetary penalty by the ICO for making direct marketing calls to people without their consent. Between January 2013 and July 2014, the ICO and the Telephone Preference Service (TPS) registered 801 concerns about the Bolton-based company which offered access to solicitors for personal injury insurance claims. Wolverhampton City Council The ICO has issued an enforcement notice against Wolverhampton City Council, following an investigation into a data breach at the council that occurred in January The breach was caused when a social worker, who had not received data protection training, sent out a report to a former service user detailing their time in care. However, the social worker failed to remove highly sensitive information about the recipient s sister that should not have been included. Page 6

7 Department of Justice Northern Ireland A monetary penalty notice has been served on Department of Justice Northern Ireland after a filing cabinet containing details of a terrorist incident was sold at auction. North East Lincolnshire Council A monetary penalty notice has been served on North East Lincolnshire Council after the loss of an unencrypted memory device containing personal data and sensitive personal data relating to 286 children. NHS Surrey A monetary penalty notice has been served on NHS Surrey following the discovery of sensitive personal data belonging to thousands of patients on hard drives sold on an online auction site. Page 7

8 For more information contact Zylpha: T: E:

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013 Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is

More information

Once more unto the breach... Dealing with Personal Data Security Breaches. Helen Williamson Information Governance Officer

Once more unto the breach... Dealing with Personal Data Security Breaches. Helen Williamson Information Governance Officer Once more unto the breach... Dealing with Personal Data Security Breaches Helen Williamson Information Governance Officer Aims of the session What are we going to look at? What is a data security breach?

More information

Everyone in the workplace has a legal duty to protect the privacy of information about individuals. AEP/BELB/LJ/2010 Awareness Session

Everyone in the workplace has a legal duty to protect the privacy of information about individuals. AEP/BELB/LJ/2010 Awareness Session Everyone in the workplace has a legal duty to protect the privacy of information about individuals AEP/BELB/LJ/2010 Awareness Session During 2007 alone, 36,989,300 people in the UK have had their private

More information

External Communication to Third Parties

External Communication to Third Parties External Communication to Third Parties Egress Software Technologies Ltd Unit 16 Quadrant Business Center, 135 Salusbury Road, London, NW6 6RJ T: +44 (0)20 7624 8500 / F: +44 (0)20 7624 8200 / E: info@egress.com

More information

HIPAA and Privacy Policy Training

HIPAA and Privacy Policy Training HIPAA and Privacy Policy Training July 2015 1 This training addresses the requirements for maintaining the privacy of confidential information received from HFS and DHS (the Agencies). During this training

More information

Incident reporting procedure

Incident reporting procedure Incident reporting procedure Responsible Officer Author Date effective from Aug 2009 Date last amended Aug 2009 Review date July 2012 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance

More information

Information Governance

Information Governance CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

A GUIDE TO CRIMINAL INJURIES COMPENSATION

A GUIDE TO CRIMINAL INJURIES COMPENSATION A GUIDE TO CRIMINAL INJURIES COMPENSATION Being a victim of crime such as physical or sexual assault can have significant and long-term consequences for a woman s health and wellbeing. If you have experienced

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

The support you should get if you are a victim of crime

The support you should get if you are a victim of crime The support you should get if you are a victim of crime This is an EasyRead booklet showing you what to do. About this booklet The Ministry of Justice wrote this information. This is an EasyRead guide

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE 1. INTRODUCTION Annex C 1.1 Surrey Heath Borough Council (SHBC) processes personal data and must respond appropriately against unauthorised or unlawful

More information

FROM CHARGE TO TRIAL: A GUIDE TO CRIMINAL PROCEEDINGS

FROM CHARGE TO TRIAL: A GUIDE TO CRIMINAL PROCEEDINGS FROM CHARGE TO TRIAL: A GUIDE TO CRIMINAL PROCEEDINGS If you are experiencing, or have experienced, domestic violence and/or sexual violence there are a number of ways the law can protect you. This includes

More information

GUIDANCE SOFTWARE WHITEPAPER. Tackling the Causes of Data Leakage and Data Loss

GUIDANCE SOFTWARE WHITEPAPER. Tackling the Causes of Data Leakage and Data Loss GUIDANCE SOFTWARE WHITEPAPER TACKLING THE CAUSES OF DATA LEAKAGE AND DATA LOSS Tackling the Causes of Data Leakage and Data Loss I. Introduction Sometimes people have no choice but to provide personal

More information

Photography and filming in schools Code of Practice

Photography and filming in schools Code of Practice Photography and filming in schools Code of Practice Data Protection compliance September 2010 Photography and filming in schools September 2010 1 Contents 1. About this code 3 2. Complying with the Data

More information

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others

Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Pacific Medical Centers HIPAA Training for Residents, Fellows and Others Summary of Critical Pacific Medical Centers (PMC) HIPAA Policies and Procedures For additional information or questions, please

More information

Reporting the crime to the police

Reporting the crime to the police Section 4 Reporting the crime to the police Why report the crime to the police? It is your choice whether you report the crime to the police. Some people choose not to report or may not report straight

More information

BYOD BRING YOUR OWN DISASTER?

BYOD BRING YOUR OWN DISASTER? BYOD BRING YOUR OWN DISASTER? Síobhra Rush, Session Chair Leman Solicitors, Ireland BYOD - INTRODUCTION! Agenda! What is BYOD?! Why should businesses consider it?! Potential downsides to BYOD! An explanation

More information

Contents. Introduction. How to report a fraud. What happens when you report a fraud? The investigation process

Contents. Introduction. How to report a fraud. What happens when you report a fraud? The investigation process 1 Contents Introduction How to report a fraud What happens when you report a fraud? The investigation process Who decides if the case should go to court? What is a non-court disposal? What happens at

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation

Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation 1 st June 2013 Version 2.0 Revision History Version Date Summary of Changes

More information

Data Protection and Information Security Policy and Procedure

Data Protection and Information Security Policy and Procedure Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May

More information

Policy: IG01. Information Governance Incident Reporting Policy. n/a. Date ratified: 16 th April 2014

Policy: IG01. Information Governance Incident Reporting Policy. n/a. Date ratified: 16 th April 2014 Policy: IG01 Information Governance Incident Reporting Policy Version: IG01/01 Ratified by: Trust Management Team Date ratified: 16 th April 2014 Title of Author: Head of Governance Title of responsible

More information

Staff DBS Checks and Employing Exoffenders:

Staff DBS Checks and Employing Exoffenders: Staff DBS Checks and Employing Exoffenders: Guide to Policy and Procedures for Managers of Applicants 1 INDEX 1. Introduction 2. Recruiting ex-offenders 3. Disclosure and barring service (DBS) checks procedural

More information

Police Officers who Commit Domestic Violence-Related Criminal Offences 1

Police Officers who Commit Domestic Violence-Related Criminal Offences 1 PUBLIC DOCUMENT Association of Chief Police Officers of England, Wales and Northern Ireland Police Officers who Commit Domestic Violence-Related Criminal Offences 1 This is an ACPO policy relating to police

More information

Will we be in trouble? How information laws are enforced

Will we be in trouble? How information laws are enforced Will we be in trouble? How information laws are enforced Max Todd Information Compliance team, Council Secretariat Wednesday 23 September 2015 Breaches of data security - read all about it London clinic

More information

Data protection. Report on the data protection guidance we gave schools in 2012

Data protection. Report on the data protection guidance we gave schools in 2012 Data protection Report on the data protection guidance we gave schools in 2012 Contents 1. Background 2. Summary of recommendations 3. tification 4. Personal data 5. Fair processing 6. Information security

More information

Information Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet

Information Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet Information Management Handbook for Schools London Borough of Barnet Document Name Document Description Information Management Handbook for Schools This document is intended for use by Barnet Borough Schools.

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012

Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012 Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012 Mission of Pro Bono Partnership of Atlanta: To maximize the impact of pro bono engagement by connecting

More information

HIPAA Orientation. Health Insurance Portability and Accountability Act

HIPAA Orientation. Health Insurance Portability and Accountability Act HIPAA Orientation Health Insurance Portability and Accountability Act HIPAA Federal legislation enacted in 1996 to improve the efficiency and effectiveness of electronic information transfers used in the

More information

Incident Reporting Procedure

Incident Reporting Procedure Incident Reporting Procedure Version: Version 1 Ratified by: HEE Board Date ratified: 20 March 2014 Name and Title of Mike Jones, Corporate Secretary originator/author(s): Name of responsible Director:

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

THIS GUIDANCE APPLIES FROM 10 MARCH 2014

THIS GUIDANCE APPLIES FROM 10 MARCH 2014 THIS GUIDANCE APPLIES FROM 10 MARCH 2014 Guidance on the Rehabilitation of Offenders Act 1974 Contents: (1) INTRODUCTION: What is the Rehabilitation of Offenders Act 1974? Who benefits from the 1974 Act

More information

You ve reported a crime so what happens next?

You ve reported a crime so what happens next? You ve reported a crime so what happens next? This booklet tells you what you can expect from the Criminal Justice System, and explains: what happens now how to get advice and support your rights where

More information

Contact us the different ways you can contact us are by writing to the address in the terms & conditions or call the helpline

Contact us the different ways you can contact us are by writing to the address in the terms & conditions or call the helpline We can provide this information in large print, braille and audio. Call our helpline on 0845 4400775 or 40775 (calls to speak to a colleague cost 25p) or write to us and we ll arrange this. Mobile by Sainsbury

More information

Assess the purpose of the Criminal Justice System and the role of the Ministry of Justice.

Assess the purpose of the Criminal Justice System and the role of the Ministry of Justice. Assess the purpose of the Criminal Justice System and the role of the Ministry of Justice. Introduction Justice is a concept, a concept of moral rightness based on ethics, rationality, law or religion

More information

Assessment Notices under the Data Protection Act 1998 Extension of the Information Commissioner s Powers

Assessment Notices under the Data Protection Act 1998 Extension of the Information Commissioner s Powers Assessment Notices under the Data Protection Act 1998 Extension of the Information Commissioner s Powers Consultation Paper CP9/2013 This consultation begins on 25 March 2013 This consultation ends on

More information

When things go wrong: information governance breaches and the role of the ICO. David Evans, Senior Policy Officer

When things go wrong: information governance breaches and the role of the ICO. David Evans, Senior Policy Officer When things go wrong: information governance breaches and the role of the ICO David Evans, Senior Policy Officer Where it did go wrong NHS Surrey 200,000 MPN June 2013 The events leading up to the MPN

More information

A common sense guide to the Data Protection Act 1998 for volunteers

A common sense guide to the Data Protection Act 1998 for volunteers A common sense guide to the Data Protection Act 1998 for volunteers Why is it necessary? The Data Protection Act 1998 is a law introduced to control the way information held about individuals is handled

More information

Identity Theft Data Privacy Day 2012 Dalhousie University Halifax, NS 2012-01-25

Identity Theft Data Privacy Day 2012 Dalhousie University Halifax, NS 2012-01-25 Identity Theft Data Privacy Day 2012 Dalhousie University Halifax, NS 2012-01-25 AGENDA Identity Theft & Identity Fraud Definitions Bill S4 - Offences Identity Documents Uses of Identity Information Identity

More information

Disciplinary policy INTRODUCTION

Disciplinary policy INTRODUCTION Disciplinary policy This policy forms part of your contract of employment. The councils are entitled to introduce minor and non-fundamental changes to this policy by notifying you of these changes in writing

More information

Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com

Whitepaper. Best Practices for Securing Your Backup Data. BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com Whitepaper Best Practices for Securing Your Backup Data BOSaNOVA Phone: 866-865-5250 Email: info@theq3.com Web: www.theq3.com DATA PROTECTION CHALLENGE Encryption, the process of scrambling information

More information

Information security incident reporting procedure

Information security incident reporting procedure Information security incident reporting procedure Responsible Officer Author Date effective from 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information. MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix

More information

COUNCIL OF EUROPE COMMITTEE OF MINISTERS

COUNCIL OF EUROPE COMMITTEE OF MINISTERS COUNCIL OF EUROPE COMMITTEE OF MINISTERS Recommendation Rec(2006)8 of the Committee of Ministers to member states on assistance to crime victims (Adopted by the Committee of Ministers on 14 June 2006 at

More information

Tenants and Leaseholders Home Contents Insurance Scheme Application Form

Tenants and Leaseholders Home Contents Insurance Scheme Application Form Tenants and Leaseholders Home Contents Insurance Scheme Application Form (Subject to the terms, exclusions and conditions of the policy, a specimen of which is available on request). Before you fill in

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

CRIMINAL JUSTICE AND COURTS BILL. Factsheet Revenge Pornography

CRIMINAL JUSTICE AND COURTS BILL. Factsheet Revenge Pornography CRIMINAL JUSTICE AND COURTS BILL Factsheet Revenge Pornography Background 1. The Government has looked carefully at the concerns raised by campaigners and Parliamentarians about the uploading or sharing

More information

Information for victims of crime

Information for victims of crime This leaflet sets out what you can expect from key service providers as a victim of crime. It also contains information about organisations that you can contact for free advice, practical information or

More information

Human Resources Author: Lou Hassen Version: 1 Review Date: Dec 2012 Page 1 of 7. Trinity Academy Disciplinary Policy

Human Resources Author: Lou Hassen Version: 1 Review Date: Dec 2012 Page 1 of 7. Trinity Academy Disciplinary Policy Page 1 of 7 Trinity Academy Disciplinary Policy Policy Statement The purpose of the Disciplinary Procedure is to give staff members every opportunity to improve standards of behaviour and conduct and to

More information

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established Network Security ProPosal Form Important Please answer all questions from each section and complete in block capitals. Tick the appropriate boxes where necessary and supply any further information requested.

More information

Thinking about using a hidden camera or other equipment to monitor someone s care?

Thinking about using a hidden camera or other equipment to monitor someone s care? Thinking about using a hidden camera or other equipment to monitor someone s care? FEBRUARY 2015 We are the Care Quality Commission. Our job is to inspect health and social care services such as your local

More information

Victims of Crime the help and advice that s available

Victims of Crime the help and advice that s available Details about Victim Support Your local Victim Support Scheme is: Victims of Crime the help and advice that s available You can also contact the Victim Supportline on: 0845 30 30 900 Or, if you prefer,

More information

Enforced subject access (section 56)

Enforced subject access (section 56) ICO lo Enforced subject access (section 56) Data Protection Act Contents Introduction... 2 Overview.3 The criminal offence.... 3 Exceptions and penalties.... 7 Relevant records....... 8 Other considerations

More information

How To Protect Yourself From Violence

How To Protect Yourself From Violence FAMILY VIOLENCE Violence takes many forms. It is unacceptable whenever it happens. Violence by a family member who is loved and trusted can be particularly devastating. Family violence happens where the

More information

Cyber-safety Agreements are also an educative tool and shall be used as a resource to support the professional development of the school community.

Cyber-safety Agreements are also an educative tool and shall be used as a resource to support the professional development of the school community. Cyber Safety Policy Rationale Mannum Community College places a high priority on providing its school community with Internet facilities, ICT devices and equipment which will benefit student learning outcomes

More information

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low

Policy. Social Media Acceptable Use Policy. Executive Lead. Review Date. Low Policy Social Media Acceptable Use Policy Date approved by - ISG Version Issue Date Review Date Executive Lead 11/6/2013 1.0 11/6/2013 11/6/2015 Mike Robson Executive Director Finance Procedure/Policy

More information

Council Tax Reduction Anti-Fraud Policy

Council Tax Reduction Anti-Fraud Policy Council Tax Reduction Anti-Fraud Policy Richard Davies Head of Revenues and Benefits, Torfaen Head of Benefits, Monmouthshire April 2015 1 Contents Section 1. 3 Background 3 Legislation and Governance

More information

MRS Policy Unit. Submission to Which? task force on consent and lead generation in the direct marketing industry

MRS Policy Unit. Submission to Which? task force on consent and lead generation in the direct marketing industry MRS Policy Unit Submission to Which? task force on consent and lead generation in the direct marketing industry Introduction: About MRS and the research market 1. The Market Research Society (MRS) is the

More information

How to complain about a doctor

How to complain about a doctor How to complain about a doctor Scotland This booklet is for patients in Scotland. Our procedures are the same throughout the UK, but healthcare and support organisations do vary. We have therefore also

More information

Council, 14 May 2015. Information Governance Report. Introduction

Council, 14 May 2015. Information Governance Report. Introduction Council, 14 May 2015 Information Governance Report Introduction 1.1 The Information Governance function within the Secretariat Department is responsible for the HCPC s ongoing compliance with the Freedom

More information

ICT POLICY AND PROCEDURE

ICT POLICY AND PROCEDURE ICT POLICY AND PROCEDURE POLICY STATEMENT St Michael s College regards the integrity of its computer resources, including hardware, databases and software, as central to the needs and success of our day-to-day

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and

More information

Good Practice in Records Management and Information Security

Good Practice in Records Management and Information Security Good Practice in Records Management and Information Security BELB LJ Schools 2013 How Valuable are Records & Documents? Valuable only because of the information they contain. Usable if they can be accessed

More information

Dealing With Information Rights Concerns

Dealing With Information Rights Concerns I Data Protection Act How we deal with complaints and concerns A guide for data controllers 1 Data Protection Act How we deal with complaints and concerns The ICO is the UK s independent public authority

More information

Applying appropriate sanctions consistently

Applying appropriate sanctions consistently Applying appropriate sanctions consistently Policy statement April 2013 Tackling fraud and managing security Contents 1 Introduction... 1 2 The NHS Protect approach to pursuing sanctions... 1 3 The criminal

More information

Criminal appeals. Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015

Criminal appeals. Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015 Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015 About this guidance An overview of appeals Appeals relating to immigration enforcement investigation cases The

More information

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom

More information

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving

More information

Protection of Computer Data and Software

Protection of Computer Data and Software April 2011 Country of Origin: United Kingdom Protection of Computer Data and Software Introduction... 1 Responsibilities...2 User Control... 2 Storage of Data and Software... 3 Printed Data... 4 Personal

More information

Information Security Policy for Associates and Contractors

Information Security Policy for Associates and Contractors Policy for Associates and Contractors Version: 1.12 Status: Issued Date: 30 July 2015 Reference: 61418080 Location: Livelink Review cycle: Annual Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...

More information

COUNCIL TAX REDUCTION, DISCOUNT & EXEMPTION ANTI- FRAUD POLICY

COUNCIL TAX REDUCTION, DISCOUNT & EXEMPTION ANTI- FRAUD POLICY COUNCIL TAX REDUCTION, DISCOUNT & EXEMPTION ANTI- FRAUD POLICY December 2014 1 Contents Section Page Council Tax Reduction, Discount & Exemption Anti-Fraud Policy 1 Introduction 3 2 Definition of Council

More information

Raising and escalating concerns. Guidance for nurses and midwives

Raising and escalating concerns. Guidance for nurses and midwives Raising and escalating concerns Guidance for nurses and midwives We are the nursing and midwifery regulator for England, Wales, Scotland, Northern Ireland and the Islands. We exist to safeguard the health

More information

Guidance on data security breach management

Guidance on data security breach management ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...

More information

REPORTING AN OFFENCE TO THE POLICE: A GUIDE TO CRIMINAL INVESTIGATIONS

REPORTING AN OFFENCE TO THE POLICE: A GUIDE TO CRIMINAL INVESTIGATIONS REPORTING AN OFFENCE TO THE POLICE: A GUIDE TO CRIMINAL INVESTIGATIONS If you are experiencing or have experienced domestic volence and/or sexual violence there are a number of ways the law can protect

More information

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT

More information

Policing Together. A quick guide for businesses to Information Security and Cyber Crime

Policing Together. A quick guide for businesses to Information Security and Cyber Crime Policing Together A quick guide for businesses to Information Security and Cyber Crime This leaflet has been produced by the Surrey and Sussex Cyber Crime Unit Who is this leaflet for? This leaflet will

More information

NORTHERN IRELAND OFFICE CONSULTATION CRIMINAL INJURIES COMPENSATION (NI) ORDER 2001 A RESPONSE BY THE ASSOCIATION OF PERSONAL INJURY LAWYERS

NORTHERN IRELAND OFFICE CONSULTATION CRIMINAL INJURIES COMPENSATION (NI) ORDER 2001 A RESPONSE BY THE ASSOCIATION OF PERSONAL INJURY LAWYERS NORTHERN IRELAND OFFICE CONSULTATION CRIMINAL INJURIES COMPENSATION (NI) ORDER 2001 A RESPONSE BY THE ASSOCIATION OF PERSONAL INJURY LAWYERS NOVEMBER 2001 The executive committee would like to acknowledge

More information

Information for registrants. What happens if a concern is raised about me?

Information for registrants. What happens if a concern is raised about me? Information for registrants What happens if a concern is raised about me? Contents About this brochure 1 What is fitness to practise? 1 What can I expect from you? 3 How are fitness to practise concerns

More information

Document Name Disciplinary Policy Accountable Body RADIUS Trust Reference HR.P2 Date Ratified 13 th August 2015 Version 1.5 Last Update August 2015

Document Name Disciplinary Policy Accountable Body RADIUS Trust Reference HR.P2 Date Ratified 13 th August 2015 Version 1.5 Last Update August 2015 Category Human Resources Document Name Disciplinary Policy Accountable Body RADIUS Trust Reference HR.P2 Date Ratified 13 th August 2015 Version 1.5 Last Update August 2015 Related Documents Name Support

More information

Information Security Incident Management Policy September 2013

Information Security Incident Management Policy September 2013 Information Security Incident Management Policy September 2013 Approving authority: University Executive Consultation via: Secretary's Board REALISM Project Board Approval date: September 2013 Effective

More information

Client complaint management policy

Client complaint management policy Client complaint management policy 1. Policy purpose This policy implements section 219A of the Public Service Act 2008 in the Department of Justice and Attorney-General (DJAG). Under this section, Queensland

More information

M&T BANK CANADIAN PRIVACY POLICY

M&T BANK CANADIAN PRIVACY POLICY M&T BANK CANADIAN PRIVACY POLICY At M&T Bank, we are committed to safeguarding your personal information and maintaining your privacy. This has always been a priority for us and this is why M&T Bank (

More information

MARYLAND IDENTITY THEFT RANKING BY STATE: Rank 10, 85.8 Complaints Per 100,000 Population, 4821 Complaints (2007) Updated January 29, 2009

MARYLAND IDENTITY THEFT RANKING BY STATE: Rank 10, 85.8 Complaints Per 100,000 Population, 4821 Complaints (2007) Updated January 29, 2009 MARYLAND IDENTITY THEFT RANKING BY STATE: Rank 10, 85.8 Complaints Per 100,000 Population, 4821 Complaints (2007) Updated January 29, 2009 Current Laws: A person may not knowingly, willfully, and with

More information

How to complain about a doctor. England

How to complain about a doctor. England How to complain about a doctor England This booklet is for patients in England. Our procedures are the same throughout the UK, but healthcare and support organisations do vary. We have therefore also produced

More information

Policy C11 Staff Disciplinary Policy and Procedure

Policy C11 Staff Disciplinary Policy and Procedure Policy C11 Staff Disciplinary Policy and Procedure Providing a Clear Framework to Help Promote Good Employment Relations Disciplinary rules and procedures provide guidance to employees on the standards

More information

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY

PROTECTING PATIENT PRIVACY and INFORMATION SECURITY PROTECTING PATIENT PRIVACY and INFORMATION SECURITY 2 PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY PROTECTING PATIENT PRIVACY AND INFORMATION SECURITY 3 INTRODUCTION As an agency employee, student,

More information

DSHS CA Security For Providers

DSHS CA Security For Providers DSHS CA Security For Providers Pablo F Matute DSHS Children's Information Security Officer 7/21/2015 1 Data Categories: An Overview All DSHS-owned data falls into one of four categories: Category 1 - Public

More information

Victims of Crime. information leaflet. Working together for a safer Scotland

Victims of Crime. information leaflet. Working together for a safer Scotland Working together for a safer Scotland If you have been a victim of crime this leaflet is to help let you know about how to find support and help and to tell you about the criminal justice system. Support

More information

PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009

PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009 PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009 Current Laws: A person commits the offense of identity theft

More information

MOTOR LEGAL EXPENSES POLICY WORDING TERMS OF COVER

MOTOR LEGAL EXPENSES POLICY WORDING TERMS OF COVER Motor Legal Expenses provides:- 24/7 Legal Advice Insurance for legal costs for certain types of disputes HELPLINE SERVICES Legal Helpline MOTOR LEGAL EXPENSES Use the 24 hour advisory service for telephone

More information

HIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING

HIPAA PRIVACY POLICIES & PROCEDURES. Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING HIPAA PRIVACY POLICIES & PROCEDURES Department of Behavioral Health and Developmental Services DBHHDS GENERAL AWARENESS TRAINING March 2012 HIPAA Humor (North Dakota Dept of Health) 2 HIPAA-Ectomy - the

More information

Complaints. against nurses and midwives. Record keeping. Guidance for nurses and midwives. Helping you support patients and the public

Complaints. against nurses and midwives. Record keeping. Guidance for nurses and midwives. Helping you support patients and the public Complaints Record keeping against nurses and midwives Guidance for nurses and midwives Helping you support patients and the public 1 15105_Record Keeping_A5_proof 3.indd 1 09/03/2010 09:47 We are the nursing

More information

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison Security breaches: A regulatory overview Jonathan Bamford Head of Strategic Liaison Security breaches and the DPA Data controllers security obligation - principle 7 of the DPA o Appropriate technical and

More information

Notification of data security breaches to the Information Commissioner s

Notification of data security breaches to the Information Commissioner s ICO lo Notification of data security breaches to the Information Commissioner s Data Protection Act Contents Overview... 2 What the DPA says... 2 Reporting a breach... 2 Potential detriment to data subjects...

More information

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies

INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies INFORMATION UPDATE: Removable media - Storage and Retention of Data - Research Studies REMOVABLE MEDIA: NSW MoH are currently undergoing review with a state-wide working party developing the Draft NSW

More information