2018 – Page 4 – Your Front Page For Information Governance News

Act Now Launches New Certificate in IG for Health and Social Care

Act Now Certificate in Information Governance

Today ANT launched a new style of certificate course. It’s not a one day course, it’s not a practitioner certificate – it fits in between the two and is intended as a primer in all aspects of information law for the Health and Social Care sector.

The course runs for a period 3 months and uses blended learning. Students can work online and in their own time (either at home or at work) by submitting written assignments and doing online tests. There is no final exam. The course uses continuous assessment to determine the award.

There are 3 teaching days which are each followed by an online knowledge check and an assignment. Subjects covered include Data Protection (GDPR), Freedom of Information, Records Management, Cyber Security, Incident Management, Training in IG and demonstrating compliance. A detailed course structure is available on our website.

The course was developed after consultation with Blackpool Victoria Hospital and a well known NHS expert and consultant, Paul Couldrey, who will be delivering the training. Victoria Hospital have made a significant contribution to the syllabus from a user perspective.

Paul is seen as an NHS leader in Information Governance compliance. He is the former Head of IG for NHS Central Midlands Commissioning Support Unit (CMCSU), which supports over 10 CCG and overseas health authorities to comply with legislation. He is qualified in information law at Masters level, and has spoken at numerous national conferences about information governance. He was also the Black Country contributor to the Caldicott Review published in June 2013.

We expect demand for this course to be high. IG in the health sector places a heavy workload on IG teams. Newcomers in the sector need to be brought up to speed as quickly and effectively as possible. This course provides that opportunity and also a certificate to demonstrate competence. The first public course starts in late April with the teaching days in Manchester in May, June and July. The course can also be delivered in house.

Take a look at the new IG cert on our website.

Act Now Training runs many courses in all aspects Information Governance. With courses starting from as little as £20, we have a range to suit all requirements. From e-learning, full hour webinars, all the way up to expert level Practitioner courses that are accredited, we have something to suit your requirements. All our courses are flexible and can be delivered in house at your premises. Please get in touch for a bespoke quote.

Act Now Launches New GDPR E-Learning Course

Screen Shot 2018-02-13 at 10.33.40

In December, a nursing auxiliary was fined for accessing a patient’s medical records without a valid legal reason. In November a charity employee was prosecuted after he sent spreadsheets containing the information of vulnerable clients to his personal email address without the knowledge of his employer, the Rochdale Connections Trust.

Staff are often a key risk area when it comes to data protection compliance. GDPR will replace the DPA on 25^th May 2018. Failure to comply with it could lead to fines of up to 20 million Euros or 4% of global annual turnover (which ever is higher).

All staff need to know about how the law will change and how personal data should be handled. But how do employers do this without staff leaving the office or overspending the training budget?

Enter the Act Now GDPR E Learning Course.This new online training course will give staff basic GDPR knowledge in 1 hour. The target audience is frontline staff, both in the public and private sector, and those who handle personal data on a day-to-day basis who need a basic knowledge of how to comply with GDPR in their role. This includes receptionists, clerical workers, school staff, call handlers, healthcare workers, bank staff etc. etc.

The course consists of two modules in which our data protection experts explain the key messages of GDPR in a simple and jargon free way including:

The main GDPR obligations and the new Data Subject rights
How to keep personal data safe and secure

Each module is accompanied by a multiple-choice quiz containing 10 randomly generated questions based on the contents of the module. The pass mark is 60% on each quiz. A certificate of successful completion is issued to each participant.

In producing these modules we have had regard to the Information Commissioner’s data protection training checklist.

Screen Shot 2018-02-13 at 10.32.10

With the costs from as little as £20 +vat per user for up to 25 users, the Act Now GDPR E Learning Cour se is the most cost effective GDPR training solution. We can also cater for larger numbers, please get in touch for a personalised quote.

To find out more see our website or Contact Us to arrange a free demo.

And Finally…

Our 2018 course programme contains many more GDPR courses including workshops and live webinars.
Our GDPR Practitioner Certificate is proving very popular with those who need to get up to speed with GDPR as well as budding Data Protection Officers. Read about the last set of results. Two out of the next Five courses in 2018 are fully booked.
If you require tailored GDPR training delivered at your premises, please get in touch.
We have sold over 400 copies of our GDPR handbook. We are donating £1 from each sale the DEC Rohingya Crisis Appeal.

Download our e-learning flyer here

Freedom of Information: New Draft S.45 Code of Practice

Amongst all the hype about GDPR it is easy to miss developments in other areas of information law. In November 2017, the Cabinet Office published the revised code of practice (under section 45 of the Freedom of Information Act 2000) for consultation.

In July 2015 the Independent Commission on Freedom of Information was established by the Cabinet Office to examine FOI’s operation. In its report the Commission concluded that FOI was working well. It did though make twenty-one recommendations to enhance the Act and further the aims of transparency and openness.

In its response to the Commission’s report, the government agreed to update the S.45 Code of Practice. The draft code provides new, updated or expanded guidance on a variety of issues, including:

Transparency about public authorities’ FOI performance and senior pay and benefits, to mandate FOI Commission recommendations for greater openness in both areas.
The handling of vexatious and repeated requests. The FOI Commission specifically recommended the inclusion of guidance on vexatious requests.
Fundamental principles of FOI not currently included in the Code, e.g. generalprinciples about how to define “information” and that which is “held” for the purposes of the Act.

The code is not law but the Information Commissioner can issue Practice Recommendations where she considers that public authorities have not complied with the guidance set out in this Code. The Commissioner can also refer to non -compliance with the Code in Decision and Enforcement Notices.

As well as giving more guidance on advice ad assistance, costs, vexatious requests and consultation the code places new “burdens” on public authorities including the following:

Public authorities should produce a guide to their Publication Scheme.
Those authorities with over 100 Full Time Equivalent (FTE) employees should, as a matter of best practice, publish details of their performance on handling FOI requests.
Pay (salaries over £90,000), expenses and benefits of senior staff at director level and equivalents should be published at regular intervals. Of course local authorities are already required to publish some of this information by the Local Government Transparency Code.
The public interest test extension to the time limit for responding to an FOI request should normally be no more than 20 working days.
Internal reviews should normally be completed within 20 working days.

Furthermore, the other S.45 Code covering datasets will be merged with the main section 45 Code so that statutory guidance under section 45 can be found in one place. There will also be an annex explaining the link between the FOI dataset provisions and the Re-use of Public Sector Information Regulations 2015.

Public authorities need to consider the draft code carefully and decide whether the additional obligations are workable given pressures on resources, especially due to GDPR’s pending implementation.

The deadline for consultation responses is 2^nd February 2018.

We will be discussing this and other recent FOI decisions in our forthcoming FOI workshops and webinars. For those wanting an internationally recognised qualification the BCS Certificate in Freedom of Information starts in February 2018 in Manchester and London.

GDPR Training Courses in Dubai

dubai-architecture-beach-boat-buildings-hotel-nature-ocean-peaceful-sand-sea

Act Now Training is pleased to announce three forthcoming GDPR training workshops in Dubai (UAE).

The General Data Protection Regulation (GDPR) will not just have an impact on Data Controllers and Data Processors in the European Union (EU). It will also apply to organisations in the rest of world that are:

processing personal data of individuals living in the EU;
offering goods or services to individuals in the EU, even if there is no charge for such goods or services; or
engaging in monitoring or profiling activities of individuals in the EU (for example, the use of cookies/behavioural advertising).

Failure to comply with GDPR could lead to massive reputational damage and a fine of up to 20 million Euros or 4% of global annual turnover (whichever is higher).

Our Dubai workshops will examine the legal and practical impact of GDPR on Middle East/GCC based organisations. All the key issues for Data Controllers as well as Data Processors will be discussed including international transfers, contract clauses and guarantees, security and breach notification and when a Data Protection Officer needs to be appointed. Crucially we will discuss how GDPR is a business opportunity rather than a threat. By the end of the workshop delegates will be able to write their own action plan for GDPR compliance.

Ibrahim Hasan, solicitor and Director of Act Now Training, will deliver the first two workshops in Dubai. He said:

“I am really pleased to design and deliver this new GDPR workshop in Dubai. It will add to our growing experience of delivering data protection training abroad. Dubai is the latest addition to our increasing international portfolio. We plan to use it as a platform to showcase our other GDPR courses and consultancy services.”

More details and a course outline here

Our 2018 course programme contains many more GDPR courses and live webinars which are held in locations throughout the UK. Our GDPR Practitioner Certificate is proving very popular with those who need to get up to speed with GDPR as well as budding Data Protection Officers. If you require these courses delivered at your premises, tailored to your needs, please get in touch.

Finally, we have sold over 350 copies of our GDPR handbook. We are donating £1 from each sale to the DEC Rohingya Crisis Appeal.

Happy New Year!

RIPA Surveillance Oversight and Inspection Regime Changes

By Steve Morris

On 1^st September 2017 Lord Justice Fulford commenced his new role as the Investigatory Powers Commissioner. Assisted by the Investigatory Powers Commissioner’s Office (IPCO), he will undertake the oversight functions of three previous Commissioners under the Regulation of Investigatory Powers Act 2000 namely the Chief Surveillance Commissioner, Interception of Communications Commissioner and the Intelligence Services Commissioner.

This marks a major milestone in establishing a new oversight regime set out in the Investigatory Powers Act, which was given Royal Assent in 2016. The Act, amongst other things, provides new powers for the police to access communications data e.g. telephone records, internet usage information etc. More on the Act in further blog posts.

Not only does the new commissioner take over the inspection and oversight functions carried out by the previous commissioners, he takes on responsibility for the pre-approval of certain police activities authorised under the Police Act 1997.

The Investigatory Powers Commissioner’s Office will consist of around 70 staff. This will be made up of:

Around 15 Judicial Commissioners, current and recently retired High Court, Court of Appeal and Supreme Court Judges;
A Technical Advisory Panel, of scientific experts; and
Almost 50 official staff, including inspectors, lawyers and communications experts.

Over the next 12 months Judicial Commissioners will start to take on their prior approval functions relating to the Investigatory Powers Act 2016, including interception, equipment interference, bulk personal datasets, bulk acquisition of communications data, national security notices, technical capability notices and communications data retention notices. The Judicial Commissioners will be supported in this work by the Technology Advisory Panel.

What impact will this new commissioner have on local authority inspections under Part 2 of RIPA carried out previously by the Office of the Surveillance Commissioners (OSC)? I suspect not a lot. The same issues will be considered as previously. The final OSC annual report once again highlights the recurring issue of investigations using social networks e.g. Facebook.

If you have an inspection coming up read our guide here.

Steve Morris is a former police officer who delivers our RIPA Courses as well as a course on Internet Investigations.

Now is the time to consider refresher training for RIPA investigators and authorisers. Please see our full program of RIPA Courses which have been revised to take account of all the latest developments. We can also deliver these courses at your premises, tailored to the audience. Finally, if you want to avoid re inventing the wheel, our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. Over 200 different organisations have bought this document (available on CD as well).