1. Learn home
  2. Digital and Data Capability Framework
  3. The Framework
  4. Handling Information & Data
  5. Resources
  6. Understands and follows legislation and organisational policies that ensure information and data is handled securely and ethically

Understands and follows legislation and organisational policies that ensure information and data is handled securely and ethically

Add to favourites

On this page you'll find links to resources to help you to understand and follow legislation and organisational policies that ensure information and data is handled securely and ethically.  

Select your current capability level to jump to aligned resources:

When you open the links included on this page, you may be presented with messages about cookies. To find out more about what cookies are and how you can manage them safely, have a look at this guidance: Digital Unite - What is a Cookie?

Not at Level 1
Handling Information & Data icon which is a red hexagon with a computer and cogs inside

Understands and follows legislation and organisational policies that ensure information and data is handled securely and ethically

Not at Level 1 - I need to know more about the limitations on how information and data can be used or shared, and the laws that have to be followed, e.g. General Data Protection Regulation (GDPR). I need to find out how I can access my organisation’s data protection policies.

 

As part of their 23 Things TEC List, the Scottish Social Services Council (SSSC) have developed guidance on using data safely. Follow the link, read the introduction and then scroll down to read the Data Protection and Confidentiality section. Although developed for social services workers, this guidance applies to everyone: SSSC - Legislation, Best Practice and Operational Policies for Technology Enabled Care (TEC)

To learn more about UK General Data Protection Regulation (GDPR) legislation, have a look at this webpage which provides an overview of the key principles included within it: Information Commissioner's Office - A Guide to the Data Protection Principles

If you're not sure about your organisation's rules and policies, you should speak to your line manager about how to access these and familiarise yourself with the contents. You may also want to look for relevant information on your organisation's intranet or by speaking to information governance colleagues, if these are available. 

For further resources, visit the Handling, Information and Data page of the Digital and Data Resource Hub

Level 1
Handling Information & Data icon which is a red hexagon with a computer and cogs inside

Understands and follows legislation and organisational policies that ensure information and data is handled securely and ethically

Level 1 - I know there are limitations on how information and data can be used or shared, and that there are laws that have to be followed, e.g. General Data Protection Regulation (GDPR). I am confident I can access my organisation’s data protection policies and always follow these.

 

This handy guide to data protection covers some of the key points you need to know and think about when handling information and data safely: Information Commissioner's Office - Your Beginner’s Guide to Data Protection

Watch the two videos on this webpage for an introduction to some of the laws that need to be followed when using or sharing data, as well as an explanation of the key data protection terminology: Information Commissioner's Office - What is Personal Data?

For further resources, visit the Handling, Information and Data page of the Digital and Data Resource Hub. 

Level 2
Handling Information & Data icon which is a red hexagon with a computer and cogs inside

Understands and follows legislation and organisational policies that ensure information and data is handled securely and ethically

Level 2 - I understand the importance of using information and data securely and ethically and am aware of the risks of not doing so. I have a good understanding of the laws, policies and guidelines in place to protect information and data, and I’m confident I adhere to these.

 

Watch these videos to find out more about the rights of individuals when it comes to accessing personal data and how organisations should respond to such requests: Information Commissioner's Office - Individual Rights

This video provides an overview of the role of the Information Commissioner in monitoring and enforcing the UK data protection legislation: Information Commissioner's Office - Role and Power of the Commissioner

For further resources, visit the Handling, Information and Data page of the Digital and Data Resource Hub.

Level 3
Handling Information & Data icon which is a red hexagon with a computer and cogs inside

Understands and follows legislation and organisational policies that ensure information and data is handled securely and ethically

Level 3 - I am able to confidently use information and data in a legal, secure and ethical way, and ensure that colleagues do the same for their own and the organisation's benefit and security. I fully understand the risks associated with data protection and always act on or escalate breaches if they occur.

 

As set out across data protection legislation, organisations have a responsibility to report and act on data breaches. To find out more about this, have a look at this guide: Information Commissioner's Office - Personal Data Breaches: A Guide

These videos look at some of the specific circumstances that are exempt from the application of data protection laws. They include helpful examples to understand how and when exemptions apply in practice: Information Commissioner's Office - Exemptions

To further explore different aspects of information and data security, have a look at the guidance and resources on these websites: 

For further resources, visit the Handling, Information and Data page of the Digital and Data Resource Hub.

Helpdesk