Access to personal information held about you
|
|
- Piers Maxwell
- 8 years ago
- Views:
Transcription
1 Access to personal information held about you Policy Document This document applies to anyone requesting personal information NHS Ayrshire & Arran holds about them. Version 01.0 Author: SAR SLWG Review date: Approved by: Information Governance Operational Delivery Group Document uncontrolled when printed
2 DOCUMENT CONTROL SHEET Key Information: Title: Access to information held about you policy Document Status: Approved Document Type: Policy Version Number: V01.0 Document location: Author: Jillian Neilson, Head of Information Governance Owner: SAR Short Life Working Group Approved By: Approved Date Effective From: Review Frequency: 2 years Next Review Date: Contact: Jillian Neilson, Head of Information Governance Revision History: Version: Date: Summary of Changes: Responsible Officer: Approvals: this document was formally approved by: Name/Title/Group Date: Version: Information Governance Operational Delivery Group V01.0 Dissemination Arrangements: Intended audience: Method: Date Version: All NHS A&A staff Stop Press AthenA V01.0 Patients, Public NHS A&A Public Website Linked Documentation: Document Title: Document File Path: NB. This document is uncontrolled when printed. The contents of this document are subject to change, any paper copy is only valid on the day of printing. To ensure you have the most up to date version of this document please use the link to access the document directly from AthenA. Document uncontrolled when printed Page 2 of 11
3 Table of Contents 1 Introduction Purpose Definitions Scope Responsibilities Policy Principles Governance, Monitoring & Review Relevant Legislation, Guidance and Codes of Practice Table of Departmental Responsibilities Document uncontrolled when printed Page 3 of 11
4 1 Introduction 1.1 NHS Ayrshire & Arran (NHS A&A) aims to achieve a standard of excellence in information governance by ensuring information is dealt with legally, securely, efficiently and effectively in the course of NHS A&A s business to deliver person centred, clinically effective and safe care. 1.2 NHS A&A regards the Data Protection Act 1998 as an important mechanism for achieving an honest and safe relationship with patients, carers, families, the public and employees. 1.3 All information processing including fulfilling our obligations with respect to Subject Access Requests and other requests for access to personal information will be undertaken in accordance with the relevant legislation and best practice. 1.4 NHS A&A aims to improve transparency in its activities to enable its patients, their carer s, families, the public and employees to verify that the information NHS A&A holds on them is accurate and processed legitimately. 2 Purpose The purpose of the policy for access to personal information NHS A&A holds about you, is to: 2.1 Ensure that we meet our obligations regarding processing Subject Access Requests under the terms of the Data Protection Act 1998 and associated Information Commissioners Office best practice, 2.2 Ensure that we meet our obligations regarding processing other requests for access to personal information in compliance with the relevant legislation, 2.3 To set our responsibilities for responding to and managing Subject Access Requests and other requests for access to personal information, 2.4 Provide assurance that personal information is being managed by us in accordance with the Data Protection Act 1998 and associated Information Commissioner s best practice. Document uncontrolled when printed Page 4 of 11
5 3 Definitions 3.1 Information Governance is a framework for handling information in a confidential and secure manner, to appropriate ethical and quality standards. Ultimately it is to ensure that information is: Held securely and confidentially; Obtained fairly and lawfully; Recorded accurately and reliably; Used effectively and ethically; Shared appropriately and legally; Retained for the appropriate length of time, and Accessible and available where required. 3.2 Personal data/information as defined by the Data Protection Act 1998, is data which relates to an individual who can be identified from those data or from those data and other information which is in the possession of the data controller and includes any expression or opinion about the individual and any indication of the intentions of the data controller or any other person in respect of that individual. 3.3 Sensitive Personal Data The 1998 Act defines sensitive personal data as information relating to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life and criminal convictions. Under the Act the processing of this sensitive personal data is subject to more stringent conditions. 3.4 Data subject means a living individual whom personal data is about. 3.5 Processing, in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data. 3.6 Subject Access it a right under the Data Protection Act which enables individuals to find out what personal data organisations hold about them, why it is held and who it is disclosed to. Individuals may exercise this right by making a written request subject access request. Document uncontrolled when printed Page 5 of 11
6 4 Scope 4.1 Subject Access Requests under the terms of Section 7 of the Data Protection Act Other requests for access to personal information, these are listed in Section 9 of this document. 4.3 This policy relates to all personal information held by NHS A&A in all formats. 4.4 This policy excludes requests for access to personal data for business as usual purposes including information sharing to support the provision of services, business planning, audit or research and development. 5 Responsibilities 5.1 Chief Executive The Chief Executive has overall responsibility for ensuring that processes are in place for responding to subject access requests under the Data Protection Act 1998 and other legitimate requests for access to personal data. 5.2 Caldicott Guardian The Caldicott Guardian has responsibility for advising staff and ensuring that adequate arrangements are in place to protect patient identifiable information. The Executive Medical Director is the designated Caldicott Guardian. 5.3 Head of Integrated Health Records Responsible for ensuring subject access requests for access health records and other legitimate requests for access to personal data contained within health records are dealt with in compliance with the Data Protection Act 1998 and other applicable legislation. 5.4 Head of Information Governance Responsible for ensuring subject access requests where the personal information is not contained in either health or employee records are dealt with in compliance with the Data Protection Act Director of Organisation & Human Resource Development Responsible for ensuring subject access requests for access to personal information contained within employee records and other associated information are dealt with in compliance with the Data Protection Act Freedom of Information Officer The Freedom of Information Officer is not responsible for processing subject access requests under the Data Protection Act Any request for personal information Document uncontrolled when printed Page 6 of 11
7 under the Freedom of Information (Scotland) Act 2002 will be processed in accordance with this Act. When appropriate, the relevant exemption under the Act will be applied and the request re-directed to the appropriate lead to process under the Data Protection Act Managers Managers must ensure that their teams are aware of this policy and that they may be required to provide information that they hold to fulfil a request for access to personal information, this may include correspondence held within their mail box. 5.8 All Staff All staff must adhere to this policy. In particular all staff must, when requested undertake the appropriate searches and submit all information requested to the team processing the subject access request or other request for access to personal information, within the defined timescale. 6 Policy Principles 6.1 Requests for access to personal information must be made in writing, correspondence is acceptable. For specific requests the following forms should be used: For requests for access to information contained with Health Records Access health records Form should be used. For requests for access to Closed Circuit Television footage the CCTV SAR Form should be used. For requests for access to personal information by the Police the Section 29 Form should be used. For requests for access to an Adverse Event Report (DATIX) the ---TO BE INCLUDED should be used. All other requests for access to personal information should be directed to the Information Governance Team who will redirect the request to the designated department or team. Information Governance, 14 Lister St, Crosshouse Hospital, KA2 0BE or InformationGovernance@aapct.scot.nhs.uk Document uncontrolled when printed Page 7 of 11
8 6.2 Responsibility for processing requests for access to personal information are listed in the table in Section 9. All requests for access to personal data will be processed by the designated department or team; Medico Legal Administrative Services; Department of Operational & Human Resource Development ;or Information Governance Team. 6.3 The designated departments or teams are responsible for developing supporting Standard Operating Procedures for processing Subject Access Requests and other legitimate requests for access to personal information. 6.4 All Subject Access Requests will be processed in compliance with the Data Protection Act 1998, Data Protection (Subject Access Modification) (Health) Order 2000 (SI 2000/413) and Information Commissioner s Office Guidance, listed in Section Other legitimate requests for access to personal information must be processed in line with the associated legislation. 6.6 Once a valid Subject Access request has been received it must be responded to within 40 calendar days. Other requests for access to personal data will be processed in line with the respective deadlines as defined in Section Any persons making a request for access to personal information who are dissatisfied with the way their request has been handled in the first instance should direct their concerns to the Information Governance team or alternatively raise the concerns directly with the Information Commissioner s Office (for more details see 7 Governance, Monitoring & Review 7.1 Routine reports will be submitted to the Information Governance Operational Delivery Group, which is the group responsible for ensuring that NHS A&A has a robust Information Governance Framework in place. The Information Governance Operational Delivery Group will specifically monitor compliance with the 40 calendar day for time limit for responding to subject access requests. 7.2 Non-compliance rates will be regularly reported to the Information Governance Committee, which is responsible for oversight of information governance arrangements and considering and scrutinizing NHS A&A s compliance with relevant legislation and national standards with regards to information governance. 7.3 NHS A&A will continue to develop and expand on policies and procedures to ensure that appropriate standards are defined, implemented, maintained, assured and evaluated to ensure information rights are respected. This policy will be reviewed biannually by a group convened by the Head of Information Governance. Document uncontrolled when printed Page 8 of 11
9 8 Relevant Legislation, Guidance and Codes of Practice Legislation Data Protection Act 1998 Access to Health Records Act 1990 Data Protection (Subject Access Modification) (Health) Order 2000 Information Commissioner s Office Guidance Subject Access Code of Practice Information Access to information held in Complaint Files Employment Practices Code Employment Practices Code Supplementary Guidance Data Protection Technical Guidance Determining what is Personal Data Document uncontrolled when printed Page 9 of 11
10 9 Table of Departmental Responsibilities for processing SAR s and other requests for access to personal information Information Type of Request Processed by: Health Record living person Health Record - deceased person Employee s information e.g. for access to personal data contained in employee record and/or other associated employee information Adverse event report (Datix) Other personal data not contained in Health record or employee record Subject Access Request for access to personal data contained in Health Record (40 days) Section 29 Request (Police) Court Specification (7 days) Procurator Fiscal (7 days) Central Legal Office (7 days) Criminal Injuries Compensation Authority (CICA) SCRA - Children s Reporter Access to Health Records Act 1990 request (deceased) Court Specification (7days) Procurator Fiscal (7 days) Central Legal Office (7 days) Subject Access Request (40 days) Subject Access Request (40 days) Subject Access Request (40 days) Medico-Legal Administrative Services Legislation Lead on Ailsa Hospital Ext Ayr Team on Telephone or Ext Crosshouse Team on Ext (27076) Or SubjectAccessRequest@aapct.scot.nhs.uk Medico-Legal Administrative Service See above for contact details Department of Organisation and Human Resource Development Mark Hogarth Human Resources Manager University Hospital, Crosshouse 64 Lister Street Kilmarnock KA2 0BE Tel: (ext 25954) Mob: mark.hogarth@aaaht.scot.nhs.uk Medico-Legal Administrative Services See above for contact details Information Governance 14 Lister Street, Crosshouse Hospital, KA2 0BE Tel: (26813) or 8(25897) InformationGovernance@aapct.scot.nhs.uk Document uncontrolled when printed Page 10 of 11
11 CCTV Footage Subject Access Request (40 days) Information Governance 14 Lister Street, Crosshouse Hospital, KA2 0BE Tel: (26813) or 8(25897) Document uncontrolled when printed Page 11 of 11
All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationVersion Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation
Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationAyrshire and Arran NHS Board
Paper 17 Ayrshire and Arran NHS Board Monday 19 May 2014 Information Governance Annual Report Author: Mrs Jillian Neilson Head of Information Governance Sponsoring Director: Dr Alison Graham Medical Director
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:
More informationSubject Access Request (SAR) Procedure
Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave
More informationHow To Share Your Health Records With The National Health Service
HOW WE USE YOUR PERSONAL INFORMATION Information Leaflet Your Health. Our Priority. Page 2 of 9 Introduction This Leaflet explains why the NHS collects information about you and how it is used, your right
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationINFORMATION GOVERNANCE STRATEGY NO.CG02
INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationData Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website
Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationInformation Assurance Policies and Guidance. Information Governance Policy. Document Version: v0.5 Review Date: 1 May 2016
Information Assurance Policies and Guidance Information Governance Policy Document Version: v0.5 Review Date: 1 May 2016 Owner: Information Governance Manager 1 P a g e Document History Revision Version
More informationSubject Access Request Policy
Trust Policy Subject Access Request Policy Department / Service: Corporate Originator: Company Secretary Accountable Director: Director of Nursing Approved by: Information Governance Steering Group Trust
More information1. Introduction... 3. 2. Statement of Policy. 3. 3. The Eight Principles of Data Protection... 4. 4. Scope... 5. 5. Roles and Responsibilities.
Data Protection Policy 2011 Contents Page 1. Introduction... 3 2. Statement of Policy. 3 3. The Eight Principles of Data Protection...... 4 4. Scope.... 5 5. Roles and Responsibilities. 5 6. Development
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationOur customer care commitments
Showing care Our customer care commitments Information for staff I am more than a volunteer. I am more than a doctor. Our caring commitments to you Visit our website: www.nhsayrshireandarran.com All our
More informationData Protection Policy
Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and
More informationData Protection Policy
Data Protection Policy Introduction The Data Protection Act 1998 gives individuals the right to know what personal information is held about them. It provides a framework to ensure that the Office of the
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationPatient Information Whose information is it anyway? Your health records
Patient Information Whose information is it anyway? Your health records Derriford Hospital Derriford Road Plymouth PL6 8DH Tel: 0845 155 8155 www.plymouthhospitals.nhs.uk Your health record We ask you
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationINFORMATION GOVERNANCE POLICY
Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationHampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
More informationGENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use. Approval for this regulation given by :
GENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use Name of regulation : Purpose of regulation : Approval for this regulation given by : Responsibility for its update : Regulation
More informationEvidence additional element appendix 47. Records Management Guidance for the management of emails
Records Management Guidance for the management of emails 2010 1 Document Control Sheet Name of Document: Guidelines for the Management of Emails as Records 2010 Author: Consultees Description of Content:
More informationComplaints Policy. Complaints Policy. Page 1
Complaints Policy Page 1 Complaints Policy Policy ref no: CCG 006/14 Author (inc job Kat Tucker Complaints & FOI Manager title) Date Approved 25 November 2014 Approved by CCG Governing Body Date of next
More informationThe EDGE 2014 User Conference Information Governance Workshop
The EDGE 2014 User Conference Information Governance Workshop Monday 17 th March 2014 Debbie Terry Agenda What is Information Governance? New developments in legislation Your questions answered Caldicott
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationINFORMATION GOVERNANCE AND DATA PROTECTION POLICY
INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationSUBJECT ACCESS REQUEST PROCEDURE
SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under
More informationDATA PROTECTION POLICY
MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety
More informationPolicy on Public and School Bus Closed Circuit Television Systems (CCTV)
DEPARTMENT OF TRANSPORT Policy on Public and School Bus Closed Circuit Television Systems (CCTV) Responsibility of: Public Transport Division TRIM File: DDPI2010/3680 Effective Date: July 2010 Version
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationNorth East Ambulance Service NHS Foundation Trust. Job Description
North East Ambulance Service NHS Foundation Trust Job Description Job Title Patient Experience Clerk A4C Band 3 Accountability Complaints Manager Directorate Clinical Care and Patient Safety Date September
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationRick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
More informationNHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationThe Newcastle upon Tyne Hospitals NHS Foundation Trust. Claims Management Policy
The Newcastle upon Tyne Hospitals NHS Foundation Trust Claims Management Policy Version.: 6.0 Effective From: 16 July 2015 Expiry Date: 16 July 2017 Date Ratified: 23 June 2015 Ratified By: Clinical Policy
More informationInformation Governance Strategy 2015/16
Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal
More informationCORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH
CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH These notes are designed to be used in conjunction with the core training PowerPoint slides. The purpose of the
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationData Protection Policy
Data Protection Policy Version: 1.0 Date: October 2013 Table of Contents 1 Introduction The need for a Data Protection Policy... 3 2 Scope... 3 3 Principles... 3 4 Staff Roles & Responsibilities... 4 5
More informationATHENA Ethical Framework (Version 1- February 2014)
ATHENA Ethical Framework (Version 1- February 2014) ATHENA is co-funded by the European Commission, Executive Research Agency, Seventh Framework Programme (SEC call FP7-SEC-2012.6.1.30) 1. Introduction
More informationInformation Governance
What you should know about Information Governance p2 Information Governance What is Information Governance? You have probably heard of clinical governance, which is a way for organisations and individuals
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationInformation Governance. and what it means for you
Information Governance and what it means for you 1 Content Introduction 3 Who are we? 4 What is Information Governance? 4 Purpose of Holding Information 5 Confidentiality and Security 5 Accuracy of Information
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationInformation Governance Framework and Strategy. November 2014
November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date
More informationDraft Integration Scheme for the Ayrshire Parties 18 December 2014
Health and Social Care Integration Draft Integration Scheme for the Ayrshire Parties 18 December 2014 1 Introduction Aims and Outcomes of the Integration Scheme Regulations The main purpose of integration
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationUniversity of Birmingham. Closed Circuit Television (CCTV) Code of Practice
University of Birmingham Closed Circuit Television (CCTV) Code of Practice University of Birmingham uses closed circuit television (CCTV) images to provide a safe and secure environment for students, staff
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationChild and Adult Services Subject Access Requests Guidance
Child and Adult Services Subject Access Requests Guidance This Guidance is not applicable to Access to Information requests about Adoption. For requests about Adoption please consult the Adoption and Children
More informationBarnet Partnership Information Sharing Protocol
Barnet Partnership Information Sharing Protocol Information Sharing Protocol V1_0C - FINAL Page 1 of 52 Version 1.0 (FINAL) Contents 1 Background... 4 1.1 The need to share information... 4 2 Scope...
More informationInformation Governance Strategy
Information Governance Strategy ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationNHS England Complaints Policy
NHS England Complaints Policy 1 2 NHS England Complaints Policy NHS England Policy and Corporate Procedures Version number: 1.1 First published: September 2014 Prepared by: Kerry Thompson, Senior Customer
More informationPolicies for: Information Governance Information Quality Information Management Information Security. Version Control Version: 0.1
Policies for: Information Governance Information Quality Information Management Information Security Approved by: None this version Date approved: Name of originator/author: Ade Oduntan, Mike Hellier,
More informationNorth Cumbria University Hospitals NHS Trust - FoI 000999 Enclosure 01. Job Description
1. JOB DETAILS Job Description Job title: Head of Communications and Reputation Management Accountable to: Director of Strategic Planning and Clinical Governance Location: Trust-wide across both hospital
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationData Protection and Information Security. Procedure for reporting a breach of data security. April 2013
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationSouth East Coast Ambulance Service NHS Trust. Information Governance Working Group. Terms of Reference
South East Coast Ambulance Service NHS Trust Information Governance Working Group Terms of Reference 1. Constitution 1.1. The Board hereby resolves to establish a Working Group of the Risk Management &
More informationATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationNHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16
NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool
More informationData Protection Policy
Data Protection Policy 1. INTRODUCTION 1.1. The Data Protection Act gives you as an individual the right to know what information is held about you. It provides a framework to ensure that personal information
More informationInformation Governance Policy
Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise
More informationPersonal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
More informationINFORMATION GOVERNANCE
This document is uncontrolled once printed. Please refer to the Trusts Intranet site (Procedural Documents) for the most up to date version INFORMATION GOVERNANCE NGH-PO-233 Ratified By: Procedural Document
More informationSafe Haven Policy. Equality & Diversity Statement:
Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review
More informationRISK MANAGEMENT STRATEGY 2014-17
RISK MANAGEMENT STRATEGY 2014-17 DOCUMENT NO: Lead author/initiator(s): Contact email address: Developed by: Approved by: DN128 Head of Quality Performance Julia.sirett@ccs.nhs.uk Quality Performance Team
More informationCHILDREN AND ADULTS SERVICE RESEARCH APPROVAL GROUP
DURHAM COUNTY COUNCIL CHILDREN AND ADULTS SERVICE RESEARCH APPROVAL GROUP INFORMATION PACK Children and Adults Service Version 4 October 2015 Children and Adults Service Research Approval Group Page 1
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More information