3 minute read
Data privacy is everyone’s responsibility
HSE Data Protection Office highlights top tips to protect personal data as part of tips to protect personal data as part of International Data Protection Day
Data protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. It is also about protecting the privacy of our patients and service users is a HSE priority.
We have to lawfully and fairly process personal data about service users, employees, suppliers and other individuals.
International Data Protection Day took place on January 28th and to mark this day the HSE Data Protection team reminded sta that data privacy is everyone’s responsibility and shared these key tips. The Data Protection team has created a series of short, information videos o ering practical advice on good practices around data protection and information management.
You will find these video tips for sta on good data protection practice including email safety, preventing paper records breaches and safe remote working on the data protection sta section of healthservice.ie/sta . They cover a wide range of scenarios including how to reduce your risk of having a data breach when you are handling paper records, using email and working from home. The information videos show how to avoid simple mistakes that can be the cause of a data breach and will help you to reduce your risk of a data breach when processing personal data.
If you suspect a data breach has taken place or are ever in doubt Stop, Think and Ask for Help from your line manager and from your local data protection o cer.
PASSWORDS
• Never share your password with anyone • Change your password if you think it may be known • Never write down your password on or near your device(s) The HSE has a strict Password Standard Policy which is available on hse.ie
DATABASES/SYSTEMS
• Databases can’t be shared throughout the organisation or with third parties without a lawful basis • Access should be confined to sta who need the database to complete their duties • Any third party/data processors who access or require access to a HSE database for a legitimate reason, must sign the appropriate HSE data processing agreement in compliance with Article 28 General Data Protection
Regulation (GDPR) • Personal identifiable information, stored on a database, should have a defined purpose, clearly set out in a procedure and the appropriate technical and security measures attached to them • Always Check - is the data: 1. Being used for the purpose of which it was originally collected? 2. Being held in the agreed location, not being moved/copied without appropriate permission?
SIGN UP FOR THE GDPR COURSE ON HSELAND
To date, over 110,000 HSeLanD users have accessed and completed the Fundamentals of GDPR eLearning programme on HSeLanD. It is designed for all sta .
To access and complete the programme, you can search for ‘GDPR’ on the HSeLanD dashboard or access it through the HR catalogue.
The HSE Data Protection team are encouraging HSeLanD users to complete the Fundamentals of GDPR eLearning programme on HSeLanD. If you have already completed the programme, you can revisit it to refresh your knowledge and skills to help improve the way you process data and keep it secure.
In this programme you will:
• become aware of your responsibilities as a HSE sta member under GDPR • learn how to recognise and respond to an incident when personal data is not processed • correctly know how to direct a service user to get a copy of their personal data when requested It takes about 35 minutes to complete and includes a short assessment. It also includes ‘extend my learning’ pieces for those who wish to undertake further learning or who want practical activities to help transfer the learning into their local area of work.
Information videos are available at https://healthservice.hse.ie/ sta /news/general/reduce-the-risk-of-a-data-breach.html
