Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana
|
|
- Earl Wiggins
- 5 years ago
- Views:
Transcription
1 Data Protection Act Privacy & Security in the Information Age April 26, 2013
2 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act Definitions Principles Rights Enforcement/ Supervision Exemptions / S DPA Issues: The Media; The Internet N a t i o n a l I n f o r m a t i o n T e c h n o kenne l o g y A g e n c y ( N I T A )
3 Privacy in The Information Age Today, we leave an electronic trail from: Surfing the Internet & mobile phones Bank cash points & credit cards Supermarket loyalty cards Not to mention: CCTVs in city centres (with face recognition) Speed cameras (number plate recognition) Banks, employers, govt, and credit agencies
4 The Right to Privacy Do we / should we have a right to privacy? We all have personal details which we would generally expect to be kept confidential Examples: Financial (bank details), professional (salary), tax status, credit status, health status, sexual preference, criminal record, political affiliation etc Often, employers and govt agencies need to know some of this information, BUT: Until recently, Ghanaians had no legal right to privacy
5 Why we need Legislation Modern technology means: Data can be retrieved & processed quickly Data is easily copied & sent over networks Errors are easily replicated but hard to fix The consequences of misuse or even simple mistakes can be severe: You could be refused credit or employment You could be misrepresented (defamation) You could wrongly accused of crime/fraud, etc.
6 The Purpose of the Act Balances an individual s right to privacy against an organisation s need to use data relating to the individual for the purposes of their business this includes where that purpose is research Defines a series of rules to follow when managing personal data which include some exemptions especially for the use of data when conducting research. Sets out levels of punishments that can be handed out to organisations and individuals who fail to stay within the rules.
7 The Data Protection Act Definitions Principles Rights Enforcement DPA Issues: The Media; The Internet
8 Definitions Data: Information which is recorded as part of a relevant filing system Personal Data: Data relating to a living, identifiable person Relevant Filing System: Such technology that specific information on a particular individual is readily accessible
9 Definitions Cont. Data Subject: Individual who is the subject of personal data Data Controller (individual or undertaking): Determines the purposes for which and the manner in which any personal data are, or are to be, processed Data Processor: Any person who processes the data on behalf of the data controller
10 Definitions Cont. Personal data is defined as: Data relating to a living individual who (a) can be identified from those data, or (b) can be identified from those data and other information held by the data controller, including any expressions of opinion about that individual
11 Definitions Cont. Sensitive Data is defined as data relating to: Racial or ethnic origin Political opinions, or religious or other similar beliefs Trade union membership Status of physical or mental health Sexual life Criminal record and court case appearances Processing sensitive data requires special conditions to be satisfied under the Act
12 Principles The data controller has a statutory duty to ensure that personal data are: 1. Processed fairly and lawfully, plus schedules 2 & 3 2. Processed only for specified and lawful purpose(s) 3. Adequate, relevant and not excessive 4. Accurate and kept up-to-date 5. Not kept longer than necessary 6. Respectful of data subjects rights 7. Kept secure by technical/organisational means 8. Transfers outside Ghana
13 Principles 1 Fair and Legal Processing 1. Obtaining Data identify the Data Controller state a clear purpose why it is required what is involved in participation data uses primary research, storing, processing, re-use, sharing, archiving, publishing, strategies to ensure confidentiality of data where this is relevant anonymisation etc 2. Legitimate Processing data Subject must give consent processing is in legitimate interests of Data Controller 3. Processing of Sensitive Data Informed Consent
14 Principles 2 Processed only for specified and lawful purpose(s) Personal data shall be obtained only for specified and lawful purposes, and shall not be further processed in any manner incompatible with those purposes However, researchers may be provided with an exemption. They may not need to further consent from the individual if: it was not initially anticipated that the data would be used for research purposes, and it is deemed as not practical to retrospectively inform the individuals, and From a Other perspective that he use of the data has been approved by the ethics committee
15 Principles 3 Adequate, relevant and not excessive Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed this means that researchers are only allowed to obtain the information required to complete the task at hand. there should be no stock piling of information you think might be useful later on this is different to finding a new use for information already held if there is a valid reason for asking someone their ethnicity it is permitted, if it does not contribute to the research - it should not be asked. If the information is collected for research it should not be used for any other purpose
16 Principles 4 Accurate and kept up-to-date Personal data shall be accurate, and where necessary, kept up to date researchers have a duty to ensure that the information they collect is accurate they are not required to keep the information up to date unless it is absolutely necessary for ongoing research For example, where you will go back to the subjects again where the research is based around a snap shot in time, there is no need to go back and update it
17 Principles 5 Retention and Disposal /Not kept longer than necessary Personal data shall not be kept for longer than is necessary, for the purposes for which it is being processed Records should be retained as evidence of the project How it was managed - controlled The procedures followed The data collected Standard University Retention periods are available External funded research may be subject to their own retention periods check them Make sure you specify the correct retention period when you seek consent- holding it for longer than permitted would be a breach!
18 Principles 6 Respectful of data subjects rights Personal data shall be processed in accordance with the rights of data subjects under this Act This means that you cannot do things that violate the rights given to data subjects, especially denying access They have the right to object to processing which may cause unwarranted damage or distress They have the right to withdraw consent Right to ask the Information Commissioner to assess an organisation s processing for compliance Possible Compensation or fines
19 Principles 7 Kept secure by technical/organisational means Appropriate security measures shall be taken against the unauthorised or unlawful processing, accidental loss, destruction, or damage of personal data Store personal data on a secure server not hard drives Make use of central filing Avoid duplication as much as possible Restrict access on the basis of authority levels Use strong password protected documents and screensavers Change passwords at regular intervals Do not use global passwords Keep paper records under lock and key
20 Security Determine what is appropriate having regard to - the nature of the personal data to be protected the resulting harm which might arise from a breach state of the art & implementation cost the effectiveness of existing measures reliability of staff (e.g. appropriate training for all staff)
21 Risk Is there proof that all reasonable steps have been taken to comply with DPA s security duties? Are security standards for industry or sector being met? Is there a security policy? Is there a business continuity plan to cover inability to process data in an emergency? Does management take security seriously? Are the service provider s staff adequately trained in respect of data protection requirements? Have they been security vetted?
22 Risk What contractual security obligations have you imposed upon the service provider? Is there a duty upon the service provider to report data security breaches? What powers do you have to audit the service provider to ensure that they are complying with their data protection obligations? What are the known risks for the kind of processing undertaken? Are data transferred securely? Is encryption used when data are processed on mobile devices?
23 Principles 8 Data transfers outside of Ghana Personal data shall not be transferred to a country or territory outside Ghana unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
24 Rights Individuals have the following rights under the DPA: 1. Subject access 2. Object to processing in certain circumstances 3. Object to direct marketing (promotion of aims & ideals is marketing) 4. Automated decisions 5. Ask court to order compensation for damage caused by controller s breach of principles 6. Ask court to order correction of inaccurate data Controller liable under 6 th Principle for 1-4 above
25 Enforcement If the Information Commissioner finds that the DPA has been breached by a DC, he/she serves an enforcement notice on the DC The notice identifies the breach or omission, and specifies how to correct it Failure to comply is an offence However, a DC may appeal to the DP tribunal With the approval of the Director of Public Prosecutions, legal proceedings may follow, which could result in a fine
26 Exemptions Certain agencies or types of data are exempt from the DPA National Security Tax/revenue gathering agencies Judicial appointments & honours Corporate finance / negotiations Legal/professional privilege (doctor/patient) Human embryos/ IVF/adoption
27 Supervision Data Controllers must apply for registration on the Data Protection Register DPR is overseen by the Information Commissioner On registration (notification), DCs must provide details of the data to be stored and its use, and the measures to be taken to comply with the Act (including data security and data transfer) Note: notification does not mean licensing DCs do not need to wait for approval from DPR Establishment of Data Protection Commission
28 DPA Issues: The Media The DPA has special provisions for journalism, and artistic or literary purposes Basically, journalists/authors may hold/use personal data for journalistic/artistic/literary purposes only if the data are necessary to reconcile the rights to privacy with the rules governing freedom of expression So, investigative journalists & political strategists or commentators are not treated as Data Controllers!!
29 The End Thank You! CONTACT : Ministry of Communications (MoC), Ghana
2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
Corporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
DATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
Little Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
CORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
Data Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
DATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
Merthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
HERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
Information Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
Data Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
Data Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
How To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
Data protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
Policy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
The Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
Data Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
DATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
Human Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
Data Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
Data Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
DATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
Data Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
Data Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
Data Protection Policy
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
Personal Data Act (1998:204);
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
Dublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and
DATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
DATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
Data Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
Appendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
Data Protection and Community Councils Briefing Note
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
The Manchester College
The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored
Data Protection. Policy and Application July 2009
Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:
Scottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
AlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
DATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
technical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
Data Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
Data Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
Protection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
Human Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
PRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide
PRACTICAL LAW MULTI-JURISDICTIONAL GUIDE 2012/13 The law and leading lawyers worldwide Essential legal questions answered in 30 key jurisdictions Analysis of critical legal issues AVAILABLE ONLINE AT WWW.PRACTICALLAW.COM/DATAPROTECTION-MJG
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
ATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure
DATA PROTECTION MANUAL
DATA PROTECTION MANUAL VERSION TABLE Version Date Published CO Circular 1 September 2008 3 July 2015 July 2015 2 CONTENTS Part A: General Guidance 1 Introduction to the Data Protection Act 1998 5 2 The
John Leggott College. Data Protection Policy. Introduction
John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and
PRIVACY POLICY Personal information and sensitive information Information we request from you
PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage
DATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
Data Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
Corporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
Corporate Data Protection Policy
Corporate Data Protection Policy September 2010 Records Management Policy RMP-09 GOLDEN RULE When you think about Data Protection remember that we are all data subjects. Think about how appropriately and
How To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
University of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
Guidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
DATA PROTECTION POLICY
MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to
Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
INFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
So the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
The potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
Data Protection Guidance
53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection
1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
GSK Public policy positions
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
Data Protection Policy
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
Data Protection Act 1998 Codes of Practice. The Employment Practices DP Code Part 1: Recruitment and Selection
Data Protection Act 1998 Codes of Practice The Employment Practices Data Protection Code CONTENTS CONTENTS... 1 Who is the Code for?... 3 Why should you use it?... 3 Other parts of the Code... 3 Five sections...
Personal Data Protection LAWS OF MALAYSIA. Act 709 PERSONAL DATA PROTECTION ACT 2010
1 LAWS OF MALAYSIA Act 709 PERSONAL DATA PROTECTION ACT 2010 2 Laws of Malaysia ACT 709 Date of Royal Assent...... 2 June 2010 Date of publication in the Gazette......... 10 June 2010 Publisher s Copyright
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
Data Protection Workshop: How the Law Affects You Practice Questions
Data Protection Workshop: How the Law Affects You Practice Questions 1. Which of the following is not personal data covered by the Data Protection Act (pick one or more): A. Comments about an individual
Information Governance
CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this
Draft. Data Protection and Privacy Issues Relating to Psychological Testing in Employment-Related Settings. Psychological Testing Centre
The British Psychological Society Draft Data Protection and Privacy Issues Relating to Psychological Testing in Employment-Related Settings Psychological Testing Centre St Andrews House 48 Princess Road
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
Data protection policy
Data protection policy Introduction The College is required to keep certain information about employees, students and other users to allow it to monitor performance, achievements, health and safety, recruitment
Data protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
DATA PROTECTION CORPORATE POLICY
DATA PROTECTION CORPORATE POLICY Information Management V1.1 03 July 2012 Not protectively marked This policy must be complied with fully by all Members, Officers Agents and Contractors of Plymouth City
PROTECTION OF PERSONAL INFORMATION BILL
REPUBLIC OF SOUTH AFRICA PROTECTION OF PERSONAL INFORMATION BILL (As amended by the Portfolio Committee on Justice and Constitutional Development (National Assembly) after consideration of proposed National
Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website
Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,
RECORDS MANAGEMENT POLICY
[Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body
Data Protection Act, 2012
Data Protection Act, 2012 Data Protection Act, 2012 Section ARRANGEMENT OF SECTIONS Data Protection Commission 1. Establishment of Data Protection Commission 2. Object of the Commission 3. Functions of
An overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
Evidence additional element appendix 47. Records Management Guidance for the management of emails
Records Management Guidance for the management of emails 2010 1 Document Control Sheet Name of Document: Guidelines for the Management of Emails as Records 2010 Author: Consultees Description of Content:
Data Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES
SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES 1 1 Definitions In these conditions:- We means Scotland s Commissioner for Children and Young People,
Personal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number.
Background The Data Protection Act 1998 i came into force in March 2000 and is followed by all NHS employed staff via their policies and procedures. The act applies to all personal, identifiable information