DATA PROTECTION POLICY

Size: px
Start display at page:

Download "DATA PROTECTION POLICY"

Transcription

1 DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy

2 1. Introduction Data Protection Policy - Preston s College 1.1. This document outlines the steps which all members of Preston s College ("the College") must take to ensure that the College complies with the Data Protection Act 1998 ("the Act") The Act applies to all Personal Data that is held, including electronic documents, databases, websites and s. It also extends to Personal Data held in manual records where these can be accessed by reference to a person. Personal data relates to a living individual who can be identified either by the data alone or together with other information which is in the possession or likely to come into the possession of the data controller. An address will be personal data where it clearly identifies a particular individual The Act is in place to protect individuals by regulating the way in which the College collects, retains and uses personal data. Storing and using data is governed by specific principles which state that personal data must be: Processed fairly and lawfully Obtained and used for lawful and specified purposes Adequate, relevant and not excessive Accurate and where necessary kept up to date Kept only for as long as necessary Accessible to the data subject Kept securely Not transferred outside of the EU 1.4. The Act requires the College to notify the Information Commissioner of the types of Personal Data that it holds, the categories of individuals for which it holds this information, to whom it may be disclosed and the purposes for which Personal Data is processed. It also requires the College to confirm if it transfers Personal Data worldwide Preston s College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and health and safety. It is also necessary to process information so that staff can be recruited and paid, courses organised and legal obligations to funding bodies and government complied with All members of the College have a duty to ensure compliance with the Act. 2. Status of this Policy 2.1. This policy does not form part of the formal contract of employment for staff, or the formal offer of a place for study for students, but it is a condition of employment or study that employees and students will abide by the rules and policies made by the College from time to time. Any failures to follow the policy can therefore result in disciplinary proceedings. 3. Principles of Data Protection 3.1. In summary, the governing principles of good data protection state that personal data shall: Be obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met.

3 Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose Be adequate, relevant and not excessive for that purpose Be accurate and kept up to date Not be kept for longer than is necessary for that purpose Be processed in accordance with the data subject's rights Be kept safe from unauthorised access, accidental loss or destruction Not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data Preston College and all staff or others who process or use personal information must ensure that they follow these principles at all times. In order to ensure that this happens, the College has developed this Data Protection Policy and the Data Protection Code of Practice and will work to continually improve its overall arrangements for managing information through: Developing core measures to protect information as set out in the Code of Practice and subject to regular review Promoting a culture that properly values, protects and uses data, both in the planning and delivery of educational provision Strengthening accountability mechanisms, recognising that individual teams are best placed to understand and address risks to their information, including personal data Ensuring stronger scrutiny of performance, to build confidence and ensure that lessons are learned and shared 4. College Policy Statement 4.1. Preston s College aims to: Follow best practice in all our personal data processing Follow the relevant conditions for the fair and lawful processing of personal data Make available the purposes for which the College processes personal data and seek consent where possible and appropriate Make individuals aware if data is to be used for another purpose Provide general information to learners and the general public on their rights under data protection legislation Hold only the minimum personal data necessary to carry out the College s functions Make every effort to ensure the accuracy of the information held and ensure that where records include opinions and/or intentions, these are carefully and professionally expressed Ensure that data which is no longer required is securely destroyed and that data of historical importance and/or of value for future research or statistical purposes is identified and archived Periodically review and extend existing security measures to ensure these include all records containing personal information and continue to be effective in preventing the unauthorised or unlawful processing, or disclosure, accidental loss, alteration, damage and destruction of data and,

4 consider adopting further safeguards, including for example, the use of encryption to secure and privacy of internet communication Only use personal data for the direct marketing of goods or services in circumstances where individuals have the opportunity to opt out Only use wholly automated decision making processes where this is necessary Only transfer data to a country or territory outside the European Economic Area recognised as having an adequate level of protection for the rights and freedoms of data subjects in accordance with the Information Commission published guidance on Eighth Data Protection Principle Transborder Data Flows & International Transfers of Personal Data; the European Commission's decision on the inclusion of standard contractual clauses for the transfer of personal data to third countries, unless Schedule 4 of the Act applies and/or the data subject has requested/consented to the transfer Ensure all requests from individuals to access their personal data are dealt with as quickly as possible and within the 20 day time scale allowed in the legislation, subject to the data subject meeting the requirements set out below 5. The Data Controller and the Designated Data Controllers 5.1. The Data Protection Officer for Preston s College is the Head of Administration and Information Services. Who is responsible for ensuring that the College is registered with the Information Commissioner s Office and that appropriate guidelines and procedures are in place and for dealing with any incidents The College as a body corporate is the Data Controller under the 1998 Act, and the Governors are therefore ultimately responsible for implementation. However, the Designated Data Controllers will deal with day to day matters. The three Designated Data Controllers are the Executive Director of Resources, the Head of Human Resources and the Head of Administration and Information Services. Any member of staff, student or other individual who considers that the Policy has not been followed in respect of personal data about himself or herself should raise the matter with the appropriate Designated Data Controller, who would be: For staff Head of Human Resources For students and all other Head of Adminstration and Information Services Appeals Executive Director of Resources 5.3. Curriculum and support departments will themselves have designated staff who will provide the Designated Data Controllers with details of the data held in their departments. 6. Responsibilities of Staff 6.1. All staff are responsible for: Checking that any information that they provide to the College in connection with their employment is accurate and up to date Informing the College of any changes to information that they have provided, e.g. changes of address, either at the time of appointment or subsequently. The College cannot be held responsible for any errors unless the staff member has informed the College of such changes If and when, as part of their responsibilities, staff collect information about other people (e.g. about a student's course work, opinions about ability, references to other academic institutions, or details of personal circumstances), they must comply with the guidelines for staff set out in the College's Data Protection Code of Practice

5 7. Student Obligations 7.1. Students must ensure that all personal data provided to the College is accurate and up to date. They must ensure that changes of address and contact details are provided to the College Students who may from time to time process personal data as part of their studies must notify their supervisor/tutor, who should inform the Data Protection Officer, and must comply with the guidelines for data collection and security as set out in the College s Data Protection Code of Practice 8. Training 8.1. Governors and employees will be trained to an appropriate level in the use and control of personal data and guidance will be issued to Governors and employees explaining their rights and responsibilities under the Act, including the requirement to comply with this policy, the Code of Practice and any other relevant procedures, to ensure best practice is followed in all its information handling processes. 9. Data Security 9.1. All staff are responsible for ensuring that: Any personal data that they hold is kept securely Personal information is not disclosed either orally or in writing or via web pages or by any other means, accidentally or otherwise, to any unauthorised third party Staff should note that unauthorised disclosure will usually be a disciplinary matter, and may be considered gross misconduct in some cases Personal information, whether electronic or paper based, should be stored securely and in keeping with College procedures. Information should only be removed from its storage location when operationally necessary and with appropriate security measures in place If personal information is computerised, it must be encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up 9.2. Preston College aims to minimise the storage of, and, access to personal data on removable media, such as laptops, computer discs, external hard drives, flash drives and USB pens which may be lost or stolen. With the requirements of applying to all occasions when the relevant Data Controller agrees the use of removable media is essential, with a record of their decisions being maintained Further guidance on data security is given in the College s Data Protection Code of Practice 10. Rights to Access Information All staff, students and other users are entitled to: Know what information the College holds and processes about them and why Know how to gain access to it Know how to keep it up to date Know what the College is doing to comply with its obligations under the 1998 Act This Policy document and the College's Data Protection Code of Practice address in particular the last three points above. To address the first point, the College will, upon request, provide all staff and students and other relevant users with a statement regarding the personal data held about them. This will state all the types of data the College holds and processes about them, and the reasons for which they are processed.

6 10.3. All staff, students and other users have a right under the 1998 Act to access certain personal data being kept about them either on computer or in certain files. Any person who wishes to exercise this right should request in writing, a Subject Access Request, to the Designated Data Controller (see above) The College is entitled to charge for processing subject access requests and may decide to waive this fee at its discretion. However, the fee will always be applied where the request is for information in more than one area, or is a further request from the same person within 12 months of a previous request. The College reserves the right to refuse unreasonable repeat requests received from the same person for the same or similar information within 12 months of a previous request. The current charge is The College aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 20 days, as required by the 1998 Act To prevent delay by having to ask data subjects for further information and, to ensure these are processed within the necessary time scale, all requests from data subjects must: 11. CCTV be made in writing; be accompanied by adequate proof of the identity of the data subject and, where applicable the written authorisation of the data subject if the request is being made on their behalf by a legal or lawfully appointed representative or, authorised agent; specify the information required; give adequate information to enable the requested data to be located; be accompanied by the relevant fee where appropriate The College will follow the guidance in the Information Commission's Code of Practice for users of CCTV and similar surveillance equipment monitoring spaces to which the public, learners and employees have access. 12. Monitoring of Communications The College reserves the right to monitor telephone calls, s and Internet access in compliance with the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 and any other relevant legislation. This will be subject to the Information Commissioners Code of Practice on Employer/Employee Relationships. 13. Achievement Data During the course of their studies, students will routinely be provided with information about their results for both coursework and examinations. Exam scripts themselves are exempted from the subject access rules and copies will not ordinarily be given to a student who makes a subject access request. If a student wishes to gain access to their exams scripts they will need to make application to the appropriate awarding body via the Exams Office. The procedures set out in the JCQ publication Post Results Services, which is reviewed annually, will be adhered to. 14. Subject Consent In many cases, the College can only process personal data with the consent of the individual. In some cases, if the data is sensitive, as defined in the 1998 Act, express consent must be obtained. Agreement to the College processing some specified classes of personal data is a condition of acceptance of a student onto any course, and a condition of employment for staff. This includes information about previous criminal convictions.

7 14.2. Some jobs or courses will bring the applicants into contact with children, including young people between the ages of 16 and 18. The College has a duty under the Children Act 1989 and other enactments to ensure that staff are suitable for the job, and students for the courses offered. The College also has a duty of care to all staff and students and must therefore make sure that employees and those who use College facilities do not pose a threat or danger to other users The College may also ask for information about particular health needs, such as allergies to particular forms of medication, or any medical condition such as asthma or diabetes. The College will only use this information in the protection of the health and safety of the individual, but will need consent to process this data in the event of a medical emergency, for example Therefore, the application forms that all prospective staff and students are required to complete will include a section requiring consent to process the applicant s personal data. A refusal to sign such a form will prevent the application from being processed. 15. Processing Sensitive Information Sometimes it is necessary to possess information about a person s health, criminal convictions, ethnicity, and trade union membership. This may be to ensure that the College is a safe place for everyone, or to operate other College policies, such as the sick pay policy or the Equality and Diversity policy. Because this information is considered sensitive under the 1998 Act, staff (and students where appropriate) will be asked to give their express consent for the College to process this data. An offer of employment or a course place may be withdrawn if an individual refuses to consent to this without good reason. 16. Retention of Data The College has a duty to retain some staff and student personal data for a period of time following their departure from the College, mainly for legal reasons, but also for other purposes such as being able to provide references and academic transcripts, or for financial reasons, for example relating to pensions and taxation. Different categories of data will be retained for different periods of time. The exact details of retention periods and purposes are set out on in the College s Data Protection Code of Practice 17. Publication of College Information The names of Senior Managers and Governors of the College or any other personal data relating to Senior employees or Governors will be published in the annual Operating and Financial Review, Financial Statements and on the public Web site when any statute or law requires such data to be made public Certain items of information relating to College staff will be made available via searchable directories on the public Web site, in order to meet the legitimate needs of researchers, visitors and enquirers seeking to make contact with appropriate staff It may also be the case that students enrolled on certain courses may produce web-based material containing personal data as part of their course work. All such activities are set out in detail in the College s Data Protection Code of Practice. 18. Conclusion Compliance with the 1998 Act is the responsibility of all members of the College. Any deliberate breach of the data protection policy may lead to disciplinary action being taken or to access to College

8 facilities being withdrawn, or even to a criminal prosecution. Any questions or concerns about the interpretation or operation of this policy should be taken up with the Designated Data Controller.

Data Protection Policy

Data Protection Policy 1. Introduction 1.1 The College needs to keep certain information about its employees, students and other stakeholders, for example to allow it to monitor performance, achievements and health and safety.

More information

John Leggott College. Data Protection Policy. Introduction

John Leggott College. Data Protection Policy. Introduction John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

Data protection policy

Data protection policy Data protection policy Introduction The College is required to keep certain information about employees, students and other users to allow it to monitor performance, achievements, health and safety, recruitment

More information

E-SAFETY POLICY 2014/15 Including:

E-SAFETY POLICY 2014/15 Including: E-SAFETY POLICY 2014/15 Including: Staff ICT policy (Corporation approved) Data protection policy (Corporation approved) Staff guidelines for Data protection Data Security, awareness raising Acceptable

More information

The Manchester College

The Manchester College The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

Data Protection Policy

Data Protection Policy Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information. MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation

More information

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and

More information

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each; DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules

More information

Data Protection Act a more detailed guide

Data Protection Act a more detailed guide Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data

More information

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0 PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

DATA PROTECTION ACT 2002 The Basics

DATA PROTECTION ACT 2002 The Basics DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and

More information

Data Protection Procedures

Data Protection Procedures Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Appendix 11 - Swiss Data Protection Act

Appendix 11 - Swiss Data Protection Act GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the

More information

Data Protection Policy

Data Protection Policy Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

Data Protection and Privacy Policy

Data Protection and Privacy Policy Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

Paperless World Limited

Paperless World Limited Paperless World Limited Security Policy Statement Contents Section 1: Paperless World Limited Security Policy Statement... 2 Section 2: The Data Protection Act 1998... 2 Section 3: Definitions... 2 Personal

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT

More information

Data Protection. Policy and Application July 2009

Data Protection. Policy and Application July 2009 Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal

More information

UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY

UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY 1. Purpose 1.1 The Data Protection Act 1998 ( the Act ) has two principal purposes: i) to regulate the use by those (known as data controllers) who obtain,

More information

Data Protection Policy

Data Protection Policy Data Protection Policy BMBC Data Protection Policy V1 Page 1 of 7 Table of Contents 1 INTRODUCTION... 3 2 POLICY STATEMENT... 3 3. SCOPE... 3 4 DATA PROTECTION PRINCIPLES... 4 5 PREREQUISITE CONDITIONS

More information

Data Protection Policy

Data Protection Policy Data Protection Policy This policy applies to the national office of Special Olympics GB; athletes, volunteers, and paid staff its clubs and regions; all Special Olympics GB donors, sponsors, and supporters;

More information

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

Human Resources Policy No. HR46

Human Resources Policy No. HR46 Human Resources Policy No. HR46 Maintaining Personal Files and ESR Records Additionally refer to HR04 Verification of Professional Registration HR33 Recruitment and Selection HR34 Policy for Carrying Out

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format. University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

Information Governance

Information Governance CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this

More information

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy) PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard

More information

Personal Data Protection Policy

Personal Data Protection Policy Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal

More information

Data and Information Security Policy

Data and Information Security Policy St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

CCTV CODE OF PRACTICE

CCTV CODE OF PRACTICE CCTV CODE OF PRACTICE Policy area: Operation of CCTV on University Premises Definitions CCTV means Closed Circuit Television. Control Room(s) means those Control Rooms manned by Security staff at the City,

More information

Information Privacy Policy

Information Privacy Policy Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION

More information

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Protection Policy. Version 1.05 INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

University of Limerick Data Protection Compliance Regulations June 2015

University of Limerick Data Protection Compliance Regulations June 2015 University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

HOW WE USE YOUR INFORMATION

HOW WE USE YOUR INFORMATION HOW WE USE YOUR INFORMATION This privacy notice tells you what to expect when University of Essex Students Union (referred to as the SU herein) collects personal information. It applies to information

More information

Data Protection for the Guidance Counsellor. Issues To Plan For

Data Protection for the Guidance Counsellor. Issues To Plan For Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

Data Protection Breach Management Policy

Data Protection Breach Management Policy Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/

More information

Human Resources Procedure

Human Resources Procedure Human Resources Procedure POLICY AND PROCEDURE Data Protection Procedure and Code of Practice VERSION NUMBER 1.0 APPROVING COMMITTEE SMT DATE OF APPROVAL 10 June 2014 EQUALITY IMPACT ASSESSMENT 6 June

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to

More information

PRIVACY POLICY Personal information and sensitive information Information we request from you

PRIVACY POLICY Personal information and sensitive information Information we request from you PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage

More information

Data protection policy

Data protection policy Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data

More information

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The

More information

Data Protection Guidance

Data Protection Guidance 53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection

More information

Direct Recruitment Privacy Policy

Direct Recruitment Privacy Policy Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected

More information

GUIDEILINE FOR MONITORING STAFF COMPUTER USE

GUIDEILINE FOR MONITORING STAFF COMPUTER USE GUIDEILINE FOR MONITORING STAFF COMPUTER USE TRUST REF: B41/2007 APPROVED BY: Policy and Guideline Committee VERSION NUMBER: 1 DATE OF APPROVAL: 12 th November 2007 AUTHOR: DIRECTORATE: REVIEW DATE: Gareth

More information

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency

More information

Disciplinary and Dismissals Policy

Disciplinary and Dismissals Policy Policy Purpose/statement/reason for being Disciplinary and Dismissals Policy E.G - MIP is designed to strengthen the effectiveness of individual s contribution to the Council s success. Purpose The Disciplinary

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

Islington Data Protection Policy. A council-wide information policy Version 1.1 June 2014

Islington Data Protection Policy. A council-wide information policy Version 1.1 June 2014 A council-wide information policy Version 1.1 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document is distributed under the Creative Commons Attribution 2.5 license.

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

DISCIPLINARY PROCEDURE

DISCIPLINARY PROCEDURE DISCIPLINARY PROCEDURE INTRODUCTION These procedures are compliant with the ACAS code of practice and are designed to help and encourage staff at Pilgrims Hospice to achieve and maintain required standards

More information

EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998. Contents

EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998. Contents EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998 Contents 1. Introduction Page 2 2. The Data Protection Act 1998 Page 2 3. Review of data used in College departments Page 3 4. Security

More information

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most

More information