Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013"

Transcription

1 Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009

2 Contents 1 Introduction Data Classification What Is a Data Breach? Consequences of a Breach Discovering a Breach Reporting a Breach Preventing a Recurrence and Restoration of Service Further Reading For further information... 6 Page 2 of 6 Created on: 01/04/2009

3 1 Introduction The University processes personal data relating to its staff, students and other individuals (Alumni, applicants etc) in order to carry out its legitimate business activities. Use of Personal data is governed by the UK Data Protection Act 1998 (the Act) which sets out obligations with regard to personal data and the requirement to keep personal data secure at all times. All University staff have a responsibility for ensuring the security of personal data and should be vigilant to any breaches. This procedure outlines the process for reporting breaches of data security. 2 Data Classification In the terms of the DPA, data is information relating to an individual where the structure of the data allows information about the individual to be readily accessed. The information may be in the form of paper records or in a variety of electronic media (e.g. held on computer, CCTV, DVD etc). Data is classified into 2 parts Personal Data Personal data includes any information from which a living individual (the data subject) can be identified (e.g., name, address, contact details, photographs) either on its own, or together with other information that might come into someone s possession. It covers both facts and opinions about the individual. Personal data will include information about staff, students, alumni or anyone else with whom the University may have dealings with in the course of business or professional activities. Personal data applies where The individual is the focus of a document. The data relates specifically to the individual. The data includes significant biographical information, facts or opinions. The data affects the individuals privacy, be that personally or professionally. Personal data does not include incidences where an individual is merely named within a document that does not relate directly to them. For example. The names of students in the minutes of an exam board would be considered personal data as the meeting would be directly discussing their Page 3 of 6 Created on: 01/04/2009

4 individual performance, whilst the names of staff members attending the meeting would not. Sensitive Personal Data Sensitive personal data forms a subset of personal data that has the potential to cause an individual harm or distress should it be obtained and used illegally and therefore require stricter controls when processing. Sensitive data is anything that refers to an individual(s) (a) Racial or Ethnic Origin (b) Political Opinions or Persuasion (c) Religious Beliefs or other beliefs of a similar nature (d) Trade Union Membership or Affiliation (e) Physical or Mental Health or Condition (f) Sexual Life (g) Commissioned or Alleged Commission of Offences (h) Any proceedings for any offence, committed or alleged, including any sentencing decisions made by the Court The University also classes personal financial information as sensitive data. 3 What Is a Data Breach? A breach of data security occurs where established security fails or where unauthorised or unintentional access to personal data is gained. Breaches are not limited to electronic information. Breaches can happen for a variety of reasons including, but not limited to: Insufficient or inappropriate access controls enabling unauthorised users access to data, including unexpected enabling of access System failure unexpected loss of security protocols Physical storage areas left unlocked Physical records left unattended Human error inadvertent disclosure of data too much information Disclosure through deception where an individual blags access Theft or accidental loss of data held on electronic device (Laptop, mobile phone, USB) or in paper records Malicious attempts to access data hacking systems, Accessing data through unattended PCs Page 4 of 6 Created on: 01/04/2009

5 4 Consequences of a Breach The individual(s) to whom the data relates could become victims of identity theft or fraud or they could become severely distressed by the disclosure, especially where the information has the ability to cause harm. They would have the right to complain to the Information Commissioners Office (ICO) who regulates compliance with the Act. Some individuals could potentially sue the University. The ICO has the power of investigation and to impose penalties on any organisation found to have breached the Act. Penalties can include enforcement notices, where the offending organisation agrees to undertake improvement measures, or they can issue monetary fines up to a maximum of 500K. A breach also has the potential to effect the University s reputation, which could cause immeasurable damage. 5 Discovering a Breach 5.1 Any member of staff could discover a data breach at any time, including during out of hours. 5.2 Where a breach is discovered, it is important to deal with it both immediately and appropriately. This may vary depending on the nature of the breach, when the breach occurs or the circumstances of the individual making the discovery. 5.3 Where possible, staff should contain the breach, even if to do so would result in a temporary loss of service. 6 Reporting a Breach 6.1 Individuals must report the breach to The senior member of staff within their working area or the area in which the breach has occurred The University Records and Information Manager who is responsible for Data Protection or during out of hours periods, University Security. In the case of an electronic data breach, the Director of IT Services or during out of hours periods, the IT helpline. In the event of theft when away from the University, the police should be notified of the theft 6.2 The University Records and Information Manager will consult with the relevant individuals to immediately establish. Page 5 of 6 Created on: 01/04/2009

6 The nature of the breach - what data has been affected and how the breach has occurred What immediate actions can be or have been taken to contain it The number of individuals affected 6.3 The University Records and Information Manager will then to report the established facts to the Head of Governance and the IT Director (where applicable) to consider the breach under the University Reportable Incidents Policy and whether there is a requirement to inform the Information Commissioners Office and the individuals to who the data relates. 7 Preventing a Recurrence and Restoration of Service 7.1 The Records and Information Manager will liaise with the appropriate staff in area in which the breach occurred and where relevant, the Director of IT Services, to ensure that appropriate technical measures have been taken to prevent another breach. 7.2 Associated processes and procedures to be reviewed to ensure that effective remedial measures have been taken to prevent another breach. 7.3 Additional Data Protection training to be given where appropriate. 7.4 Once all parties are agreed that processing can resume, the system will be restored. 7.5 System to be monitored for an agreed period to monitor compliance with the Act 8 Further Reading Associated Policies Associated Guidance Associated Legislation University s Data Protection Code of Practice: Security of Personal Data Information Services: Introduction to Information Security 9 For further information Duncan James, Records and Information Manager. Ext Page 6 of 6 Created on: 01/04/2009

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE 1. INTRODUCTION Annex C 1.1 Surrey Heath Borough Council (SHBC) processes personal data and must respond appropriately against unauthorised or unlawful

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

Guidance on data security breach management

Guidance on data security breach management ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

Data protection policy

Data protection policy Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data

More information

Information Security Incident Management Policy September 2013

Information Security Incident Management Policy September 2013 Information Security Incident Management Policy September 2013 Approving authority: University Executive Consultation via: Secretary's Board REALISM Project Board Approval date: September 2013 Effective

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

Guidance on data security breach management

Guidance on data security breach management Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The

More information

Information security incident reporting procedure

Information security incident reporting procedure Information security incident reporting procedure Responsible Officer Author Date effective from 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

Data Protection Good Practice Note

Data Protection Good Practice Note Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

Data Protection Policy

Data Protection Policy Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

Paperless World Limited

Paperless World Limited Paperless World Limited Security Policy Statement Contents Section 1: Paperless World Limited Security Policy Statement... 2 Section 2: The Data Protection Act 1998... 2 Section 3: Definitions... 2 Personal

More information

Derbyshire Constabulary GUIDANCE ON THE SAFE USE OF THE INTERNET AND SOCIAL MEDIA BY POLICE OFFICERS AND POLICE STAFF POLICY REFERENCE 09/268

Derbyshire Constabulary GUIDANCE ON THE SAFE USE OF THE INTERNET AND SOCIAL MEDIA BY POLICE OFFICERS AND POLICE STAFF POLICY REFERENCE 09/268 Derbyshire Constabulary GUIDANCE ON THE SAFE USE OF THE INTERNET AND SOCIAL MEDIA BY POLICE OFFICERS AND POLICE STAFF POLICY REFERENCE 09/268 This guidance is suitable for Public Disclosure Owner of Doc:

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency

More information

Access to Information: Data Protection and Freedom of Information

Access to Information: Data Protection and Freedom of Information Access to Information: Data Protection and Freedom of Information Records Management Section Data protection: key concepts Personal data Sensitive personal data Data subjects Data protection principles

More information

Once more unto the breach... Dealing with Personal Data Security Breaches. Helen Williamson Information Governance Officer

Once more unto the breach... Dealing with Personal Data Security Breaches. Helen Williamson Information Governance Officer Once more unto the breach... Dealing with Personal Data Security Breaches Helen Williamson Information Governance Officer Aims of the session What are we going to look at? What is a data security breach?

More information

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format. University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

Data Compliance. And. Your Obligations

Data Compliance. And. Your Obligations Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

Notification of data security breaches to the Information Commissioner s

Notification of data security breaches to the Information Commissioner s ICO lo Notification of data security breaches to the Information Commissioner s Data Protection Act Contents Overview... 2 What the DPA says... 2 Reporting a breach... 2 Potential detriment to data subjects...

More information

Incident reporting procedure

Incident reporting procedure Incident reporting procedure Responsible Officer Author Date effective from Aug 2009 Date last amended Aug 2009 Review date July 2012 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance

More information

DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT

DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT GD21 2 DATA PROTECTION (JERSEY) LAW 2005: GUIDANCE ON DATA SECURITY BREACH MANAGEMENT Introduction Organisations which process

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

Data Breach Trends October 2015

Data Breach Trends October 2015 Data Breach Trends October 2015 Introduction In October 2015 the Information Commissioner s Office (ICO) published the latest data breach trends including incidents by quarter, type of incident and incidents

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation (IG SIRI)

Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation (IG SIRI) Checklist Guidance for Reporting, Managing and Investigating Information Governance Serious Incidents Requiring Investigation (IG SIRI) Applicable to all organisations processing Health, Public Health

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

work Privacy Your Your right to Rights Know

work Privacy Your Your right to Rights Know Your right to Privacy Know Your Rights www.worksmart.org.uk at work Everyone has the right to a private life even when they re at work. But new technology is making it easier than ever for employers to

More information

PRIVACY BREACH MANAGEMENT POLICY

PRIVACY BREACH MANAGEMENT POLICY PRIVACY BREACH MANAGEMENT POLICY DM Approval: Effective Date: October 1, 2014 GENERAL INFORMATION Under the Access to Information and Protection of Privacy Act (ATIPP Act) public bodies such as the Department

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

THE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31

THE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31 THE MORAY COUNCIL Guidance on data security breach management Information Assurance Group DRAFT Based on the ICO Guidance on data security breach management under the Data Protection Act 1 Document Control

More information

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation

Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation Checklist Guidance for Reporting, Managing and Investigating Information Governance and Cyber Security Serious Incidents Requiring Investigation Applicable to all organisations processing Health, Public

More information

1. Introduction... 3. 2. Statement of Policy. 3. 3. The Eight Principles of Data Protection... 4. 4. Scope... 5. 5. Roles and Responsibilities.

1. Introduction... 3. 2. Statement of Policy. 3. 3. The Eight Principles of Data Protection... 4. 4. Scope... 5. 5. Roles and Responsibilities. Data Protection Policy 2011 Contents Page 1. Introduction... 3 2. Statement of Policy. 3 3. The Eight Principles of Data Protection...... 4 4. Scope.... 5 5. Roles and Responsibilities. 5 6. Development

More information

Data Protection Act a more detailed guide

Data Protection Act a more detailed guide Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data

More information

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and

More information

Data Security Breach Management Procedure

Data Security Breach Management Procedure Academic Services Data Security Breach Management Procedure Document Reference: Data Breach Procedure 1.1 Document Type: Document Status: Document Owner: Review Period: Procedure v1.0 Approved by ISSG

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

Career Connection, Inc. Data Privacy. Bringing Talent Together With Opportunity

Career Connection, Inc. Data Privacy. Bringing Talent Together With Opportunity Career Connection, Inc. Data Privacy Objectives This course is intended for CCI employees. The course gives guidance on data privacy concepts and describes how data privacy is relevant when delivering

More information

Information Incident Management Policy

Information Incident Management Policy Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents

More information

INFORMATION PRIVACY STATEMENT

INFORMATION PRIVACY STATEMENT INFORMATION PRIVACY STATEMENT Victoria Police is bound by the Privacy and Data Protection Act 2014 in how it manages personal information. Victoria Police is committed to protecting the personal information

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction and purpose 1.1 Children s Hearings Scotland (CHS) is required to maintain certain personal data about individuals for the purposes of satisfying our statutory, operational

More information

Personal Information Protection Act Information Sheet 11

Personal Information Protection Act Information Sheet 11 Notification of a Security Breach Personal Information Protection Act Information Sheet 11 Introduction Personal information is used by organizations for a variety of purposes: retail and grocery stores

More information

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom

More information

Summary Electronic Information Security Policy

Summary Electronic Information Security Policy University of Chichester Summary Electronic Information Security Policy 2015 Summary Electronic Information Security Policy Date of Issue 24 December 2015 Policy Owner Head of ICT, Strategy and Architecture

More information

Information Privacy Policy

Information Privacy Policy Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION

More information

NIGB. Information Governance Untoward Incident Reporting and Management Advice for Local Authorities

NIGB. Information Governance Untoward Incident Reporting and Management Advice for Local Authorities Information Governance Untoward Incident Reporting and Management Advice for Local Authorities March 2013 Contents Page 1. The Role of the NIGB.....3 2. Introduction...4 3. Background Information...6 4.

More information

Photography and filming in schools Code of Practice

Photography and filming in schools Code of Practice Photography and filming in schools Code of Practice Data Protection compliance September 2010 Photography and filming in schools September 2010 1 Contents 1. About this code 3 2. Complying with the Data

More information

Administrative Procedures Memorandum A1452

Administrative Procedures Memorandum A1452 Page 1 of 11 Date of Issue February 2, 2010 Original Date of Issue Subject References February 2, 2010 PRIVACY BREACH PROTOCOL Policy 2197 Management of Personal Information APM 1450 Management of Personal

More information

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013

Information Security Incident Management Policy. Information Security Incident Management Policy. Policy and Guidance. June 2013 Information Security Incident Management Policy Policy and Guidance June 2013 Project Name Information Security Incident Management Policy Product Title Policy and Guidance Version Number 1.2 Final Page

More information

Data Protection Policy

Data Protection Policy Data Protection Policy BMBC Data Protection Policy V1 Page 1 of 7 Table of Contents 1 INTRODUCTION... 3 2 POLICY STATEMENT... 3 3. SCOPE... 3 4 DATA PROTECTION PRINCIPLES... 4 5 PREREQUISITE CONDITIONS

More information

Schedule 13 Security Incident and Data Breach Policy. January 2015 v2.1

Schedule 13 Security Incident and Data Breach Policy. January 2015 v2.1 Schedule 13 Security Incident and Data Breach Policy January 2015 v2.1 Document History Purpose Document Purpose Document developed by Document Location To provide a corporate policy for the management

More information

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information. MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix

More information

Information governance guidance for schools

Information governance guidance for schools Information governance guidance for schools Guidance Guidance document no: 186/2015 Date of issue: September 2015 Information governance guidance for schools Audience All staff, governors and learners

More information

University of Limerick Data Protection Compliance Regulations June 2015

University of Limerick Data Protection Compliance Regulations June 2015 University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick

More information

Data protection registration: nature of work descriptions

Data protection registration: nature of work descriptions Data protection registration: nature of work descriptions Finance, insurance and credit We use these descriptions to help us process your registration: Accountant Actuaries Agents for the NFU mutual Bank

More information

DATA PROTECTION POLICY. DATA PROTECTION POLICY Reviewed and Adopted April Signed...COG...HEAD

DATA PROTECTION POLICY. DATA PROTECTION POLICY Reviewed and Adopted April Signed...COG...HEAD DATA PROTECTION POLICY DATA PROTECTION POLICY Reviewed and Adopted April 2016 Signed...COG...HEAD Next review April 2018 Data Protection Policy AIMS This policy sets out the Council s commitment to the

More information

DATA PROTECTION AUDIT GUIDANCE

DATA PROTECTION AUDIT GUIDANCE DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data

More information

Data Protection and Information Security Policy and Procedure

Data Protection and Information Security Policy and Procedure Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

CONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008

CONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008 CONNECTICUT IDENTITY THEFT RANKING BY STATE: Rank 19, 68.8 Complaints Per 100,000 Population, 2409 Complaints (2007) Updated November 28, 2008 Current Laws: A person commits identity theft when he intentionally

More information

Data Protection and Community Councils Briefing Note

Data Protection and Community Councils Briefing Note Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established Network Security ProPosal Form Important Please answer all questions from each section and complete in block capitals. Tick the appropriate boxes where necessary and supply any further information requested.

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Data Protection Policy

Data Protection Policy Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

ATMD Bird & Bird. Singapore Personal Data Protection Policy

ATMD Bird & Bird. Singapore Personal Data Protection Policy ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:

More information

Data Protection Procedures

Data Protection Procedures Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

Electronic Communications Guidance for School Staff 2013/2014

Electronic Communications Guidance for School Staff 2013/2014 Our Lady of Lourdes and St Patrick s Catholic Primary Schools Huddersfield Electronic Communications Guidance for School Staff 2013/2014 Updated September 2013 Contents 1. Introduction 2. Safe and responsible

More information

How we deal with complaints and concerns

How we deal with complaints and concerns I Data Protection Act How we deal with complaints and concerns A guide for data controllers 1 Data Protection Act How we deal with complaints and concerns The ICO is the UK s independent public authority

More information

CYBERSAFETY AT WESTLAKE GIRLS HIGH SCHOOL

CYBERSAFETY AT WESTLAKE GIRLS HIGH SCHOOL CYBERSAFETY AT WESTLAKE GIRLS HIGH SCHOOL CYBERSAFETY USE AGREEMENT FOR STUDENTS 2014 This document consists of a cover page and three sections: Section A Cybersafety In The School Environment Important

More information