data protection in civil defence 2013
TRANSCRIPT
Data Protection &
Civil Defence
My Data – Your Business
Welcome
In this part of the webinar we will explore in detail how the Data Protection Actapplies to us all in Civil Defence.
When working through this section think of situations where you may:
collect and manage personnel information about fellow volunteers and /or members of the public
how you record and store this information in a secure way
how long you keep this information for
and are you retaining the information for longer than is necessary
What is Data Protection
Think about the different information we provide about ourselves to groups such as public bodies, banks, insurance companies and medical professionals so as to access their services ormeet certain entry conditions. Often this information is private and personal to ourselves and wewould not like to be available for any random person to see.
• We have just seen in the video My Data Your Business how organisations are expected to follow the eight rules.
• Civil Defence are likewise required to follow the 8 rules of the Data Protection Acts in all aspects of it activities at national and local level.
• When personal information is given to an organisation such as Civil Defence or its volunteers, we all have a duty to keep this information private and secure from unauthorised access.
Some key definitions
Data Processor: The Data Processor is someone, aside from
employees of the Data Controller, whose business consists
wholly or partly in processing personal data. This includes any
external 3rd parties under contract to the Data Controller
Both the 1988 and 2003 Data Protection
Acts underpin legal obligations in relation
to the protection of personal data.Data: Is information in a form that can be processed.
It includes automated, electronic data (any
information on computer or information recorded
with the intention of putting it on computer and
manual data (information that is recorded as part of
a relevant filing system or with the intention that it
should form part of a relevant filing system)
Personal Data: Personal Data relates to a living
individual who is or can be identified either from
the data or from the data in conjunction with
other information that is in, or is likely to come
into, the possession of the Data Controller
Data Subject; The Data Subject is the person who
can be identified by the data held
Data Controller: The Data Controller controls the
content and use of personal data. As Civil Defence is
part of the Department of Defence, the Data
Controller is Assistant Secretary Des Dowling,
Department of Defence, Newbridge, Col. Kildare
The Eight Rules of Data Protection
Lets remind ourselves of the eight rules of data protection which apply to theCivil Defence. They are to
• Obtain and process the information fairly• Keep it only for one or more specified and
lawful purposes• Process it only in ways compatible with the
purposes for which it was given to you initially• Keep it safe and secure • Keep it accurate and up-to-date • Ensure that it is adequate, relevant and not excessive • Retain it no longer than is necessary for the specified purpose or purposes• Give a copy of his/her personal data on request.
When does Data Protection Apply in Civil Defence?…….
When information about one or more persons is collected and:
• held on a computer;
• held on paper or other manual form as part of a filing system; and
• made up of photographs and/or audio visual recordings which may identity one or more individuals.
Data Protection in the Civil Defence
I am a volunteer………How is this relevant to me?
• If you collect information in your role as a member of the Civil Defence, you are required to comply with the 8 rules of the Data Protection Act.
• The extent to which the eight rules of Data Protection apply will vary from situation to situation however an awareness of each will ensure you avoid accidentally breaching one or more of the 8 Rules.
Data Protection in the Civil DefenceLets look at some examples where we collect data in the Civil Defence….
Lets explore each of the above a little further………..
Civil Defence College holds data on
your service and training records Casualty Service create records on patience care / intervention (PCR/ ACR)Members take photo’s / videos of events for training , social and promotional use.
Civil Defence Officers collect and
manage data about members and
activities
Welfare Service keep records on
compliance with Safe Catering and any
incidents that might arise with
volunteers / members of the public.Unit Instructors record details of
training attended by members and
assessment outcomes
1. THE CIVIL DEFENCE COLLEGE
Civil Defence College retains personal data on service and student training, it isrequired to comply with all 8 rules of the Data Protection Acts. It complies with theserequirements by using the following tools:
• Volunteer Register
• Secure on-site storage
• PHECC Clinical Record Management Guidelines Policy
2. CIVIL DEFENCE OFFICERS
• Collect and store information on volunteers such as service records and contact details
• Record activities undertaken by volunteers within their respective Civil Defence area
• Responsible for ensuring the Volunteer Register contains information about members which is accurate, up-to-date and necessary for the management of Civil Defence at a local and national level.
3. LOCAL INSTRUCTORS
• Collect basic information on training participants and overall performance during and after training
• Ensure training records are accurate and relevant
• Retain training records in a secure manner
• Submits training records to the CDO for inclusion on the Volunteer Register.
4. CASUALTY SERVICE
The Civil Defence College adhere to the PHECC Clinical Record ManagementGuidelines.
If you are involved in the Casualty Service the following applies to you…….
PHECC state: “Accurate recording and knowledge of the whereabouts of all records isessential if the information they contain is to be located quickly and efficiently.
One of the main reasons why records get misplaced or lost is because thedestination is not recorded. The quality of records maintained by pre-hospitalemergency care practitioners and responders is a reflection of the quality of careprovided by them to their patients. Pre-hospital emergency care practitioners andresponders are legally accountable for the standard of practice which they deliverand to which they contribute. Good practice in record management is an integral part of quality pre-hospital care.”
Types of reports covered in the PHECC Clinical Record Management guidelines include:
The following is a summary of the report types:
• Patient Care Report – paper copy (PCR)
•Ambulance Care Report(ACR)
• Cardiac First Response Report (CFR Report)
• Other images/photographs
Ref: Clinical Record Management Guidelines – PHECC (Nass, 2010) p3 (Download a copy from HERE )
PHECC further state…..
• All reports are confidential patient information and must be treated as such.
• Practitioners and responders should ensure that patient reports cannot be viewed or accessed inappropriately.
In practice: There’s an emergency……..
• The Data Protection Office stated that ‘If patient details are urgently needed to prevent injury or other damage to the health of a person, then you may disclose the details. Section 8(d) of the Act makes special provision for such disclosures’. However; ‘if the reason for the disclosure is not urgent, then you will need to obtain consent in advance’ from the patient.
What if I need to disclose patient data, and I don't have the time to obtain consent?
The principle of “need to know” applies in this case
Legal considerations for Clinical Records
Patient care can come under scrutiny where any unexpected outcome arises. It is important therefore to ensure you make a record of all interventions with a patient. The CFRR, PCR & ACR forms are there to give you an opportunity to record your appraisal and treatment of a patient. These records maybe called upon at a later date. It is therefore important you recognise that:
• All patient reports are legal documents.
• There is no limit to the range of records that may be required to aid the legal process.
• Healthcare records should be retained as long as there is a possibility of legal action being taken by the patient or on behalf of the patient.
• Remember to always submit your CFRR, PCR or ACR to your CDO. Your CDO will in turn lodge the documentation by hand with the Civil Defence College for storage and subsequent retrieval on request.
5. WELFARE SERVICE
• Record and collect information about their activities so as to prevent / report an incident with a volunteer or member of the public
• Record information to ensure that the Food Safety Authority of Ireland is satisfied that the Welfare Service is complying with food handling, preparation and storage requirements.
• That members of the Welfare Service have received the required training.
6. MEMBERS TAKE PHOTO’S / VIDEOS OF EVENTS FOR TRAINING , SOCIAL AND PROMOTIONAL USE.
Some points to consider:
• Not everyone is comfortable to have their image / recording used
• It is best to avoid using a persons image / recording without their consent
• When the subject is a child (under 18) parental consent must be sought
• Before circulating /publishing an image check back with the person / parent to confirm they are happy with the context in which it will be portrayed
• A person may request their image/ recording be removed. Do so if asked
• The internet is a powerful and positive communication tool. It is also largely unregulated in how users interact with content. Reflect on what message the content is projecting, can be taken out of context & what control do you have over how the material is used once it is published?
REMEMBER THE 8 RULES OF DATA PROTECTION
• Obtain and process the information fairly
• Keep it only for one or more specified and lawful purposes
• Process it only in ways compatible with the purposes for which it was given to you initially
• Keep it safe and secure
• Keep it accurate and up-to-date
• Ensure that it is adequate, relevant and not excessive
• Retain it no longer than is necessary for the specified purpose or purposes
• Give a copy of his/her personal data to any individual, on request.
• We have looked at the 8 rules of Data Protection• Considered how these rules might apply in a number of Civil Defence services• Importance of sensitivity to fellow volunteers and members of the public• The importance of record accuracy and retention• Using the PHECC record management guidelines for CFRR, PCR & ACR • Legal considerations• Imagery, its context and acceptable usage
Lets now move to the next web page.
LETS RECAP……