IHRIM

70 Years of IHRIM - Commemorative Scrapbook

Please click the following link to download

Read more...

NHS Networks - News Stories

NHS NETWORKS daily news stories:
11:39am, 22 August 2018
Practical tools for problem-solving
Professionals at every level

Read more...

PDP - FOI News Update - 15 August 2018

Campaign groups take legal action over police refusal to disclose information on spying tools
 
FOI email header
  Issue: 15/08/2018

News

Campaign groups take legal action over police refusal to disclose information on spying tools
Privacy International has filed an appeal to the first tier Tribunal challenging UK police forces' refusal to disclose information on their purchase and use of IMSI catchers. IMSI catchers are surveillance tools which mimic mobile phone towers, tricking phones into connecting with them and revealing personal information. In 2016, Privacy International submitted FOI requests to police forces identified as having purchased the monitoring tools. Each force refused every category of the request on grounds that they could neither confirm nor deny whether they held the information, which was later supported by the ICO. Megan Goulding, lawyer for Liberty and solicitor for Privacy International, said: "We welcome the tribunal's examination of an inept system where public bodies are free to 'neither confirm nor deny' they hold significant information with next to no rigorous scrutiny of their position. It is vital the public is able to access information on the indiscriminate surveillance technology used against us. We hope the Tribunal acknowledges the threat to our rights and encourages a more diligent approach from the Information Commissioner's Office." 
West Midlands Police refuse to reveal gift figures
West Midlands Police has apparently refused to reveal information regarding gifts, gratuities and hospitality given to its officers. An FOI request lodged by the Local Democracy Reporting Service ('LDRS') in July requested a full list of gifts and hospitality given to police staff between January 2015 and June 2018. The force had previously published similar information under its proactive publication scheme, yet no figures have been published on its website since January 2015. The response stated: "Under section 22 of the Act, we are not required to provide information in response to a request if it is already scheduled to be released into the public domain. The information you requested is due to be made available on the following website. The LDRS is appealing the decision.   
Senate Democrats file FOIA for documents on Trump's Supreme Court nominee
Senate Democrats on the Judiciary Committee have filed several FOI requests for records involving Supreme Court nominee Brett Kavanaugh during his time at the White House. The filings are the latest move in a battle over trying to obtain documents related to the judge as part of his Senate confirmation process. "This extraordinary step is a last resort - unprecedented and unfortunate but necessary to fully and fairly review Judge Kavanaugh's nomination," Senater Richard Blumenthal said in a statement. The Republicans have said the request is a "fishing expedition" and a "delay tactic" for a nominee that the Democrats have no intention of considering.  

Japanese politician to return to ministerial pay over FOI request leak

Internal Affairs and Communications Minister Seiko Noda has announced that she will voluntarily return her ministerial pay for a year to take responsibility over the leak of information on a newspaper's FOI request regarding a meeting her secretary had with the Financial Services Agency.  When asked why she decided to return her ministerial pay for a year (totalling about 1.61 million yen, or around £11,000)  she said she did so as a "lesson" to herself.  Noda divulged during an informal media talk in late May that the newspaper had made a request for the information. The Financial Services Agency later punished workers involved in the information leak.
Freedom of infomation JournalMore freedom of information news and articlesVisit the website to receive a Free Sample Copy or to Subscribe Now"PDP's FOI journal has proved very helpful in keeping us up to date with developments in FOI, interesting news and case law."Deborah Coombs
Nottingham University Hospitals NHS TrustSubscribe to two or more journals at the same time and receive a discount
For more information, visit PDP Journals

PDP Training logo
Professional and practical Training Courses enable delegates to understand the legal requirements in key areas of compliance.  
 
The following is a selection of some of PDP's current courses.  
 
Estelle Dehon, Cornerstone Barristers
Estelle Dehon
Cornerstone Barristers
Since the Freedom of Information Act 2000 came fully into force in 2005 we have experienced a fundamental change in the relationship between UK government and its citizens as government information has become more publicly accessible. Greater transparency is also a key policy of the Coalition Government, and in light of the deficit reduction programme there is an ever increasing public interest in how public money is spent. This has led to the publication of a wide range of public sector datasets and proposals to expand the Freedom of Information Act through the Protection of Freedoms Bill. Information Officers are central to these developments and need to be fully aware of the Act and the impact of future changes to it.This training session is designed to help those who are on the receiving end of requests for information and those who advise and assist them.This training course can be used as credit towards gaining the Practitioner Certificate in Freedom of Information.Upcoming dates for this training course are:
  • Belfast           Monday, 24th September 2018
  • Manchester   Tuesday, 16th October 2018
  • London          Monday, 22nd October 2018 
     
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

 
FOI Practical Training - Level 2 (Applying the Exemptions)
Liz Fitzsimons, Eversheds
Liz Fitsimons
Eversheds

Public sector bodies must make daily decisions on how to respond to requests for information under the Freedom of Information Act 2000 and how to apply the exemptions in the Act. Those decisions are increasingly reviewed and, in many cases, overturned by the Information Commissioner, the Information Tribunal and the Courts. As case law develops and changes, public authorities need to ensure that they understand when the exemptions can be applied, and what they have to demonstrate to apply them correctly.This training session considers in detail the practical application of the main FOI exemptions.A discount is available for delegates booking both FOI Level 1 and FOI Level 2.This training course can be used as credit towards gaining the Practitioner Certificate in Freedom of Information.Upcoming dates for this training course are:
  • Belfast           Tuesday, 25th September 2018
  • Manchester    Wednesday, 17th October 2018
  • London          Tuesday, 23rd October 2018
     
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 
John Wilson, Mosaic
Organisations face increasing pressure to manage their records according to statutory and business requirements. As the use of electronic records and the deployment of electronic document and records management systems continue to increase, the core skills of the person responsible for records management become ever more important to the organisation. In many cases, appropriate data protection and FOI compliance will depend upon a good records management system.This invaluable training session, led by John Wilson, examines core concepts of good records management practice.Records Management 1 is an introductory level session that provides delegates with a thorough grounding in the fundamentals of records management, including:
  • introduction - basic concepts
  • records management tools
  • records lifecycle approach
  • designing a file plan
  • records destruction
  • legal framework / compliance
  • management of electronic records and email 
Upcoming dates for this training course are:
  • Manchester    Wednesday, 5th September 2018
  • Edinburgh      Thursday, 4th October 2018
  • Isle of Man     Thursday, 18 October 2018 
     
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

 
This course examines how to implement good records management practice. Led by John Wilson, Records Management 2 is an intermediate level session that provides a grounding in the fundamentals of records management, including:
  • introduction - initiating a records management project
  • records audit
  • process mapping
  • building a business classification scheme
  • measuring performance
  • EDRMS
  • sustaining a records management programme
Delegates are encouraged to share their own experiences at the session. The day will be a mixture of presentation and practical exercises. There will be plenty of opportunity for questions.Upcoming dates for this training course are:
  • Manchester    Thursday, 6th September 2018
  • Edinburgh       Friday, 5th October 2018
  • Isle of Man    Friday, 19 October 2018 
A discount is available for delegates attending both the Level 1 and Level 2 sessions, as well as for multiple delegates attending from the same organisation.
For further information and to make a booking,
  1. Visit PDP's website  
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 
 
Next training sessions taking place in Belfast, Manchester & London 

 

Public authorities and their advisors, and those contracting with the public sector or carrying out public functions, need to understand the scope of the Regulations in order to handle information requests correctly.  
 
This training session explains the meaning and scope of the EIR. It examines in detail the boundary with FOI, based on decisions of the Information Commissioner and Information Tribunal and on guidance from DEFRA.
 
 
The latest edition (Volume 14, Issue 4), features the following articles:Back to the FOIA: how FOIA affects historical records - Paul Gibbons, aka FOIManTo hold, or not to hold - that is the question - Lynn Wyeth, Leicester City CouncilRecent decisions of the Commissioner and Tribunal - Alison Berridge & Imogen Proud, Monckton Chambers
Request a FREE sample or

For more information, please visit PDP Journals
 
     
Flexible training options allow you to train alongside other commitments  
   
 
"I am very pleased to have achieved the Practitioner Certificate in Freedom of Information. The programme provides excellent knowledge and understanding on the practical applications of handling requests for information"
Louise Smith
Financial Ombudsman Service
"A very worthwhile qualification which I wholeheartedly recommend to colleagues"
Barbara Tyldesley
The Environment Agency
"I am so pleased to have passed the Practitioner Certificate in FOI. The 4 day course was excellent and I am now confident in my role as FOI Officer for Social Services. The course has helped me develop my skills and knowledge of FOI/EIR and DP and I would encourage anyone working in this area to attend."
Rachael Strand
Flintshire County Council
"The Practitioner Certificate in FOI was an excellent opportunity to receive specialised training and gain a recognised qualification. In particular, I found the instructors to be both knowledgeable and engaging. As a regulator in an overseas territory, I was easily able to translate the learning into practice. I have and do encourage other FOI practitioners to take advantage of this training programme."
Clara Smith
Information Commissioner's Office (Grand Cayman)
"I am delighted to have passed my examination, achieving this qualification and attending the courses have been a very positive experience which have boosted my confidence and enthusiasm for this subject. I found the courses very informative and the course handout binders are an excellent reference tool which is very relevant to the workplace."
Julie Johnson
Durham County Council
"I'm delighted to have passed the exam; it was hard work preparing for an exam, having not sat one for over 10 years, but the course materials really helped structure my revision. Passing has increased my confidence in dealing with the Act which will be of benefit to myself as well as my organisation."
Heledd Thomas
Comisiynydd y Gymraeg
"I found this to be a comprehensive course, which was well structured to be relevant and of interest to everyone from FOI beginners to more seasoned practitioners. The course tutors were very knowledgeable and clearly very interested in their respective topic areas, and the course was similarly detailed and well-taught."
Mark Reynolds
Barclays
"I'm thrilled to have gained this qualification. FOI can be a complicated area to understand and apply, but the tutors were excellent in bringing it to life in an interesting way."
Angela Sanderson
Big Lottery Fund
"The Practitioner's Certificate has equipped me with the knowledge and confidence to undertake my role. I found the courses well presented and easy to follow. The case studies are particularly useful, as they give an insight into different scenarios that one may experience. I would recommend PDP to anyone wanting to gain this qualification."
Kim Starbuck
London Borough of Barking and Dagenham "Both the thought provoking training and materials as well as passing the exam will help to ensure we provide a prompt quality service when dealing with information requests particularly as those involving planning can raise complex issues"
John Pierce
The Department for Communities and Local Government 
 
PDP, Canterbury Court, Kennington Park, London, SW9 6DE, United Kingdom
 
 
 

New standard for clinical referrals will support faster, better patient care

New standard for clinical referrals will support faster, better patient care

The Professional Record Standards Body has developed

Read more...

PDP - Compliance News Updates - 14 August 2018

 
 
PDP header graphic
  Issue: 14.08.2018

News 
Data broking company fined £140,000 in UK
The Information Commissioner's Office has finedpregnancy and childcare advice company, Emma's Diary, £140,000 for illegally collecting and selling personal information belonging to more than one million people. The data broking company sold the information to Experian Marketing Services, a branch of the credit reference agency, specifically for use by the Labour Party. Experian then created a database which the party used to profile the new mums in the run up to the 2017 General Election. The Labour Party was consequently able to send targeted direct mail to mums living in areas with marginal seats about its intention to protect Sure Start Children's centres. The regulator signalled its intention to fine the company in July, as it released an interim report of its comprehensive investigation into data analytics for political purposes. The ICO has outstanding enquiries with a number of data brokers, including Experian. 

FTC to expand power to regulate corporate privacy practices

The US Federal Trade Commission is considering expanding its enforcement power over corporate privacy and data security practices. The action follows FTC Chairman Joseph Simons' recent declaration that the regulator's current authority under Section 5 of the FTC Act is inadequate to deal with the privacy and security issues in today's market. The FTC is also considering growing its authority in several other areas, including the intersection between privacy, big data and competition. Beginning in September 2018, the FTC will conduct a series of public hearings to consider these issues.       

Company director disqualified after marketing calls breach

A man whose business was responsible for millions of nuisance marketing calls in the UK has been barred from serving as a company director for six years. Coventry-based Easyleads Limited was issued with a £260,000 fine by the Information Commissioner's Office in September 2017, after the regulator found the company responsible for making 16.7 million automated marketing calls without the prior consent of recipients. Easyleads failed to pay the fine which led the ICO to file for and obtain a court order to wind up the company. The Insolvency Service subsequently investigated and has now announced that the sole director of Easyleads, Shaun Harkin, 48 from Coventry, has accepted a disqualification undertaking that will prevent him from being directly or indirectly involved n the promotion, formation or management of a company for six years from 13th July 2018.           

ICANN loses injunction bid in dispute over WHOIS data in Germany

A German appeals court has rejected a bid from the internet's global domain name organisation, the Internet Corporation for Assigned Names and Numbers (ICANN), to force a domain name registrar in the country to collect additional personal data. ICANN had applied for a court order to be issued against EPAG Domainservices to force EPAG to collect the personal data of technical and administrative contacts of organisations that register domain names with it. EPAG already collect the domain name holder's contact data in accordance with the terms of its contractual agreement with ICANN. It previously collected the data of technical and administrative contacts too on a voluntary basis, but stopped doing so in light of the GDPR. ICANN will still have an opportunity to "enforce the rights it asserts" in the main proceedings in the dispute, according to the new ruling.        

Butlin's warns of potential personal data breach

UK holiday camp chain Butlin's has warned that the personal data of up to 34,000 customers may have been exposed in a cyber breach. The company has blamed the breach on a phishing attack, which indicates that an employee was tricked into divulging user credentials for a customer data system, rather than any high-tech hacking technique. Butlin's said the data at risk includes names, addresses, contact details and holiday arrival dates, but does not include any financial information. The company began notifying customers of the breach within 72 hours in line with the requirements of the GDPR.         
 
 
      

More in depth data protection news and articles... 
 

PDP Journals logo
 
Privacy & Data Protection journal
Privacy & Data Protection Journal 
 
Visit the Privacy & Data Protection for a Free Sample and to Subscribe
 

Subscribe to two or more titles at the same time and receive a 15% discount off the cheapest journal. 
 



17th Annual Data Protection Conference (GDPR)

17th Annual Conference
 

11th & 12th October 2018 - London, UK  
** London's leading two-day GDPR Conference ** 

Keynote:
James Dipple Johnstone
 
How the ICO will exercise its New Powers
James Dipple-Johnstone  
Deputy Commissioner (Operations) 
Infomation Commissioner's Office (ICO)
  This year, the conference is dedicated to reviewing the practical implications of the General Data Protection Regulation, and to help organisations ensure they are compliant.
 
16th Annual Data Protection Compliance Conference

  
* Workshop Highlight * 

Jenai NissimWorkshop C.  Compulsory Documentation - What is now Required of Organisations 
 
Jenai Nissim, Legal Director, TLT Solicitors
 
In contrast to pre-GDPR law, several sets of documents must now be created and be made available in order to demonstrate compliance with the GDPR. This Workshop looks in detail at the requirements of the GDPR in terms of accountability, and provides delegates with the knowledge and tools necessary to achieve compliance in their organisations, including:
  • what policies must be drafted, and the necessary content of those policies
  • how existing data protection statements and privacy notices need to be altered and extended
  • how organisations can raise awareness of data protection in their data protection policies and procedures


For more information and to book your place:
 

  
PDP Training logo

Our professional and practical Training Courses enable delegates to understand the legal requirements in key areas of information and data protection compliance. Courses run throughout the year around the United Kingdom.
 
Here is a selection of courses taking place shortly:
 
Data Protection Essential Knowledge - Level 1
Estelle Dehon_ Cornerstone Barristers
Estelle Dehon
Cornerstone Barristers
This course is an introductory level course for all those that are new to data protection, or those that require a refresher on the fundamental concepts. It is designed for people who work with, or will work with, data protection issues on a regular basis.This invaluable and practical training session examines core concepts of practical data protection compliance.This course can be used as credit towards the Practitioner Certificate in Data Protection (GDPR)The course is next taking place on the following dates (further dates available online):
  • Belfast     Monday, 10th September 2018
  • London    Monday, 17th September 2018
  • Bristol      Monday, 22nd October 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 
     

Data Protection Essential Knowledge - Level 2
This practical training session is designed for those that work in the field of data protection. The Level 1 and Level 2 courses taken together constitute a complete training package on the fundamentals of data protection. This session provides a thorough grounding in the important aspects of data protection practice.The Level 2 course is designed as a natural progression from Data Protection Essential Knowledge - Level 1, although attending Data Protection Essential Knowledge - Level 1 is not a pre-requisite to attending the Level 2 unless you are a complete beginner to data protection.Attendance on this course can be used as credit towards the Practitioner Certificate in Data Protection.The course is next taking place on the following dates (further dates available online):
  • Belfast     Tuesday, 11th September 2018
  • London    Tuesday, 18th September 2018
  • Bristol      Tuesday, 23rd October 2018
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue
 
Phil Tompkins, Dickinson Dees
Phil Tompkins
Ward Hadaway
Data protection law requires that personal information be held and used securely. The law also requires that relevant security arrangements be put in place for all outsourcing arrangements. News headlines consistently show that organisations are not doing enough to ensure the security of people's personal information, both within the organisation and externally. It is not always obvious what measures should be taken by organisations to comply with the legal obligations.This session, which is fully up to date with the requirements of the General Data Protection Regulation (GDPR), as well as the implications of Brexit, examines the law as it relates to data security and the practical steps that organisations need to take to ensure compliance with their obligations. It concentrates on how to avoid a data security breach, as well as what can be done to mitigate the effects of a breach that does occur. It also considers the steps that must be taken when an organisation outsources operations, such as payroll, website hosting, digitisation of records, debt collection and waste management. The session considers lessons that must be learned by the fines that have been imposed by regulators.This session can be used as a credit towards the Practitioner Certificate in Data Protection (GDPR)
 
The course is next taking place on the following dates (further dates available online):
  • Belfast          Wednesday, 12th September 2018
  • London         Wednesday, 19th September 2018
  • Edinburgh    Wednesday, 31st October 2018 
For further information and to make a booking
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 
Jenai Nissim_ TLT
Jenai Nissim
TLT
Data Protection Impact Assessments (DPIAs) enable organisations to assess potential data protection and other privacy implications at the design stage of a new system or process. Such risks can be assessed and addressed within the development of the system or process, rather than being a "bolt-on" after implementation (when it may be too late to address all the concerns, at least without significant cost implications).DPIAs are recommended by data protection regulators, and they are a requirement in some sectors. DPIAs are an important part of the "privacy by design" culture, and they will be mandatory under the General Data Protection Regulation.Different approaches and levels of assessment can be undertaken depending on the nature of the system/process and the size of the organisation. This course gives practical guidance on conducting DPIAs, and includes:
  • what is a DPIA, and when should one be carried out
  • national regulators' recommendations and guidance
  • stages of a DPIA and what to do in practice: initial assessment, preparation, information flows, consultation with stakeholders, analysis, documentation
  • the relationship between conducting PIAs with other risk and project management activities (e.g. other risk assessments, data protection audits)
  • legal and compliance issues to consider.
Attendance on this course can be used as credit towards gaining the Practitioner Certificate in Data Protection.

The course is next taking place on the following dates (further dates available online):
  • Belfast         Friday, 14th September 2018
  • London        Friday, 21st September 2018
  • Edinburgh    Friday, 2nd November 2018 
For further information and to make a booking,
  1. Visit PDP's website 
  2. Telephone PDP at +44 (0)207 014 3399
  3. Download the PDF Training Catalogue 

Practitioner Certificate in Data Protection - GDPR Conversion Programme 
Upcoming intensive training weeks in Belfast, London Edinburgh and Manchester 
 
Ensure you are have the knowledge to practically implement the GDPR in your organisation.  
 
The Practitioner Certificate in Data Protection is the practical qualification which can be taken either on an intensive, flexible or distance-learning basis. 
 
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the new Regulation." 
Joanne Maurizi 
MutualOne 
 
Find out more >
   

 
   
Upcoming course dates in Brussels, Manchester, Isle of Man and London 
  
Accountability   
 
Demonstrating compliance with 'Accountability' consists of several elements, including preparing policies, monitoring compliance with internal policies and procedures, amending job roles and updating customer facing documentation such as websites and offline forms.
This highly practical sessions looks at the detail of what accountability requires...
   

"By far the most practical resource available to help understand the complexities of the GDPR..."
A Practical Guide to UK and EU Law  

This book is an invaluable practical resource for organisations in meeting the requirements of the GDPR.
 Find out more & Order your copy here >


Qualify as a GDPR Data Protection Practitioner

Flexible training options allow you to train alongside other commitmentsMore information >  
"The course content was informative and well presented, with very knowledgeable trainers. The exam was challenging, so I feel a real sense of achievement in having gained this qualification."  Caroline Chalk 
Head External Information Services 
Civil Aviation Authority 
"I found the course to be thoroughly enjoyable and enlightening in a number of areas. I have managed to apply the knowledge gained through the course already in my day to day role." 
Brendan Byrne
Senior Managing Consultant Security & Privacy 
IBM
"The qualification strikes the right balance of interpreting important and complicated legislation and imparting this to students with a well structured course, underpinned with simple to understand information and then a vigorous examination. Organisations should feel assured by any of its staff undertaking and passing this qualification that their information is being managed and shared securely." 
Kim Bellis 
Records Service Manager 
Royal Cornwall Hospitals NHS Trust 
"I am very pleased to have followed the Practitioner Certificate in Data Protection course and passed the examination. This will be of great benefit to my employer, as it demonstrates the value we place on this complex area of ethics and compliance." 
Alan White 
Data Protection Manager 
Pitney Bowes 
"The course which was delivered by experts in the field of Privacy and Data Protection Law was very enjoyable and engaging. The examination was based on applying legislation and knowledge to practical cases rather than a test of how much information you could remember. I am delighted that I passed the exam and to have a qualification that is very much respected, as well as letters after my name! I recommend both the course and the examination for anyone wanting to increase their knowledge of Data Protection Law." 
Bleneta Carr
Investigator 
Pearson Education 
"I am delighted to have achieved this qualification. The Certificate sets a recognised standard for data protection professionals and it has provided me with the knowledge and confidence of data protection requirements, especially in light of the impending new Regulation." 
Joanne Maurizi 
Assistant Manager
mutualone
"Synectics Solutions recognises that compliance with data protection regulation is critical to all organisations that handle personal information. It has never had a greater focus than at the present time. Having looked at the training and professional qualifications available, we concluded that the PDP certification was the most appropriate for our business. The course was delivered by legal experts in the field. They were able to bring the events to life with real-life scenarios and case studies."
Steve Sands
Head of Security
Synectics Solutions
 
PDP, Canterbury Court, Kennington Park, London, SW9 6DE, United Kingdom
 
 
 

Contact IHRIM

Office open Monday to Friday
9AM to 2PM

Connect with IHRIM

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use and how to delete them, see our privacy policy.

  I accept cookies from this site.
EU Cookie Directive Module Information