2.1.2-confidentiality Flashcards
What is DPA 2018 and the principles and people’s rights?
Data Protection Act. It is the UK implementation of GDPR
Controls how personal information is used by organisations, businesses or government. Aims to protect aginst theft and loss of data. Improve rights and empower and improve confidentiality.
7 principles, make sure info is:
1. used fairly, lawfully and transparently
2. used for specified, explicit and legitimate purposes
3. used in a way that is adequate, relevant and limites to only what is necessary
4. accurate and, where necessary, kept up to date
5. kept for no longer than is necessary
6. handled in a way that ensures appropriat security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
7. the controller has responsibility to demonstrate compliance with the other principles.
Stronger protections for more sensitive information, special category data:
-ethnic background
-political opinions
-religious beliefs
-health
-sexual life
-criminal history
The people’s rights:
-be informed about how you data is being used
-access personal data
-have incorrect data updated
-have data erased
-stop or restrict the processing of your data
-data portability (allowing you to get and reuse your data for different services)
-object to how your data is being processed in certain circumstances
What is EU GDPR?
EU General Data Protection Regulation. It aids the flow of data between EU countries so that data can be safe and secure across borders in light of the digital age.
What is the difference between DPA and GDPR?
GDPR states a child can consent to data processing at age 16 but DPA says 13.
GDPR includes identifying info as IP addresses, cookies and DNA.
GDPR requires those processing ciminal data to have official authority whilst DPA doesn’t.
DPA allows automated decision making or profiling when there is legitimate reason and safeguards are in place to protect individual rights and freedoms (e.g. to tell DVLA)
What would you do if a px refuse consent for VCG?
make px aware that supervisor still needs to interfere if necessary
If a px is unfit to drive what is the process, keeping DPA in mind?
- Tell the px they are unfit to drive
- Tell px to legally inform the DVLA
- Give written copy of advice to px and keep a record
- VCG to notify GP
- If a px is clearly dangerous you may be able to break confidentiality and tell DVLA but get legal advice first
How does DPA relate to safeguarding?
Safeguarding of children and individuals at risk means that where legitimate and consent cannot be given then confidentiality can be breached to care schemes that can help