New GDPR Health Check Service Launched!

stethoscope, computer, keyboard, data, chart.jpg

 

Act Now is pleased to announce the launch of its GDPR health check service.

GDPR represents the biggest change to the European data protection regime in 20 years. It will take effect on 25th May 2018 and the Information Commissioner’s Office (ICO) has already confirmed that there will be no grace period after that date.

Now is the time to get your GDPR house in order.  There are many practical steps that can be taken quite easily. Some sectors are getting there; recent report by the ICO shows that local government is trying its best but there is more to do.

For those who have started (and may be stalled) or need a customised GDPR action plan, our experts are at hand. Our GDPR health check service will provide your organisation with:

  • A preliminary assessment of your current level of preparedness for GDPR;
  • A prioritised and specific compliance action plan;
  • Pointers to guidance, models and good practice resources relevant to your needs.

If required, we can also discuss how Act Now can assist you with implementation, through our acclaimed training offers or expert consultancy support.

Act Now has a proven track record in this area. We have undertaken many data protection consultancy projects in the last few years. In 2016 we won a contract to deliver consultancy services to a major organisation in the regulatory sector.

Our reputation is international. In 2015 Ibrahim Hasan and Paul Gibbons delivered data protection audit training to the Government of Brunei and our forthcoming GDPR Practitioner Certificate course in London has delegates from Spain and the USA!

Feel free to get in touch to discuss your requirements.

Brunei or Bust

mosque-84493_1920

In January 2015 the Act Now team will be flying out to Brunei to deliver data protection audit training to staff working for the Government of Brunei.

Negara Brunei Darussalam, to give Brunei its full name, is a small country located in Southeast Asia. It is surrounded by Malaysia and has two parts physically separated by Malaysia. Here is the BBC’s guide to the country.

This is phase 2 of our Brunei consultancy project. Phase 1 involved developing a Data Protection Audit Manual based on the Data Protection Policy released by the Brunei Government. This included guidance on DP audit planning, preparation and the use of DP audit templates.

Ibrahim Hasan and Paul Gibbons, well known experts and trainers in this field, will lead the Brunei training project. Ibrahim said:

“I am looking forward to going out there to showcase our training expertise to an international audience. As more countries enact data protection legislation, we hope to be at the forefront of developing products and services that will enable those working in this field to develop their skills.”

This is one of many recent consultancy projects. Last year Act Now won a tender to deliver information rights consultancy services to The Rural Payments Agency. We were tasked with reviewing the RPA’s information rights handling policies and procedures in the light of best practice and legislative developments.

This latest project enhances our reputation as one of the UK’s leading providers of in-house training and consultancy in information law and information management. We pride ourselves on having the most well known experts who have all worked in the public sector for many years. We particularly specialise in:

  • Conducting information management audits
  • Writing policies, procedures and protocols
  • Conducting information risk assessments
  • Providing best practice advice on handling requests for information
  • Writing reports for senior managers and decision makers

Please take a moment to browse our in-house training and consultancy pages. Feel free to get in touch to discuss your requirements in this area.

RIPA Part 2 Inspections: Common Criticisms by the OSC

examThe Office of Surveillance Commissioners (OSC) is responsible for overseeing the use of covert surveillance by designated public authorities by carrying out regular inspections. (Appendix E of the Chief Surveillance Commissioner’s Annual Report (2012-13) lists those whom the OSC inspects and how often.) In the UK the inspections check councils’ compliance with Part 2 of the Regulation of Investigatory Powers Act 2000(RIPA) (and in Scotland The Regulation of Investigatory Powers (Scotland) Act 2000 (RIP(S)A)) for use directed surveillance, intrusive surveillance and covert human intelligence sources (CHIS).

As part of our provision of tailored in house training, we have to read OSC inspection reports. The following is a list of common mistakes highlighted by the OSC. They are not attributable to any particular organisation.

FORMS

  • Use of out of date forms
  • No Unique Reference Number (URN)
  • Not amending forms so that only those grounds are present which are available to the public authority e.g. councils – preventing or detecting crime
  • Pre completed forms
  • Use of cut and paste in boxes/repetitive narrative

AUTHORISATION PROCESS

  • Rubber stamping – no real thought given to authorisation
  • Necessity, proportionality and collateral intrusion not fully understood/considered by investigators and authorisers
  • Likelihood of obtaining Confidential Information not fully considered
  • Some ‘open source’ internet research is being conducted which may actually meet the criteria of Directed Surveillance and therefore require authorisation
  • Confusion re: reviews and renewals
  • Lack of understanding of when a person is a CHIS
  • Two many Authorising Officers
  • Authorising Officers are not making adequate provision for destruction of product that is collateral intrusion or of no value to the operation
  • Several authorities are pooling resources but then not obtaining authorisations and keeping records in relation to a proper designated authority
  • Confusion about interference with property powers under Police Act 
1997
  • NB councils cannot do this
  • More robust management and quality assurance procedures required 


RECORD KEEPING

  • Central records not compliant with the Code of Practice
  • Inadequate monitoring, recording and audit of surveillance equipment
  • Inadequate handling and storage of surveillance product/evidence 


POLICIES AND PROCEDURE DOCUMENTS

  • Inadequate/no RIPA policy
  • In adequate guidance document (or out of date)
  • No CCTV protocol/procedure
  • OSC may wish to visit your CCTV control room

TRAINING AND AWARENESS

  • Inadequate training
  • Lack of regular training/refresher trainer
  • Inadequate record of those who have been trained
  • OSC may ask to see recent training materials

If you are considering refresher training for RIPA investigators and authorisers, please see our full program of RIPA Courses and our online webinars. We can also deliver tailored in house training at your premises.

Ever since the changes to the council surveillance regime, which came into force on 1st November 2012, the OSC has taken an interest in ensuring councils do not authorise surveillance under RIPA for “minor offences.” In addition they have been keen to ensure that council’s have an agreed protocol and procedure for presenting authorisation applications to the Magistrates’ Courts. Finally where surveillance needs to be done outside the scope of RIPA then a Non RIPA authorisation policy should be implemented and followed.

Do your RIPA documents need revision? Avoid re inventing the wheel! Our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. Over 200 different organisations have bought this document (available on CD as well).

Act Now Appointed to Deliver Information Rights Consultancy Project

Act Now Training is pleased to announce that it has won a tender to deliver information rights consultancy services to an executive agency of a UK Government Department.

FOI1

The Rural Payments Agency (RPA) is an executive agency of Defra, and operates as the single accredited CAP paying agency in England on behalf of Defra and the Devolved Administrations. It delivers £2.3 billion of CAP payments each year to the businesses and organisations which supply our food, maintain our rural economy, cultural heritage and environmental landscapes. In total, it is responsible for over 40 EU CAP schemes, some of which apply across GB and the UK.

RPA is subject to the full range of information access legislation including the Data Protection Act, Freedom of Information Act and the Environmental Information Regulations. Act Now has been tasked with reviewing the RPA’s information rights handling policies and procedures in the light of best practice and legislative developments. By the end of March we will be delivering a report setting out our recommendations.

Paul Simpkins and Tim Turner, well known experts and trainers in this field, will lead this project. Commenting on the award of the contract, Ibrahim Hasan (director of Act Now Training) said:

“I am very pleased that we have won yet another consultancy project for a major government agency. Our services will contribute to the good work already being done in the RPA to ensure that information governance processes and procedures follow industry best practice. ”

This is one of many recent consultancy projects Act Now has undertaken and enhances our reputation as one of the UK’s leading providers of in house training and consultancy in information law and information management. We pride ourselves on having the most well known experts who have all worked in the public sector for many years. We particularly specialise in:

  • Conducting information management audits
  • Writing policies, procedures and protocols
  • Conducting information risk assessments
  • Providing best practice advice on handling requests for information
  • Writing reports for senior managers and decision makers

We are also starting to develop an international reputation. In January 2014 we won a contract to deliver data protection consultancy services to the Government of Brunei.

Please take a moment to browse our in house training and consultancy pages. Feel free to get in touch to discuss your requirements in this area.

%d