Criminal Injuries Compensation Authority. Data protection audit report

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Criminal Injuries Compensation Authority. Data protection audit report"

Transcription

1 Criminal Injuries Compensation Authority Data protection audit report Executive summary January 2016

2 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998 (the DPA). Section 51 (7) of the DPA contains a provision giving the Information Commissioner power to assess any organisation s processing of personal data for the following of good practice, with the agreement of the data controller. This is done through a consensual audit. The Information Commissioner s Office (ICO) sees auditing as a constructive process with real benefits for data controllers and so aims to establish a participative approach. The Criminal Injuries Compensation Authority (CICA) has agreed to a consensual audit by the ICO of its processing of personal data. A meeting was held on 17 September 2015 with representatives of the ICO and CICA to identify and discuss the scope of the audit. executive summary 2 of 6

3 2. Scope of the audit Following pre-audit discussions with CICA, it was agreed that the audit would focus on the following areas: a. Security of personal data The technical and organisational measures in place to ensure that there is adequate security over personal data held in manual or electronic form. b. Subject access requests (SAR) - The procedures in operation for recognising and responding to individuals requests for access to their personal data. c. Freedom of information (FOI) The processes in place to respond to any requests for information and the extent to which FOI responsibilities, policies and procedures, training, performance controls, and compliance reporting mechanisms are in place and in operation throughout the organisation. executive summary 3 of 6

4 3. Audit opinion The purpose of the audit is to provide the Information Commissioner and CICA with an independent assurance of the extent to which CICA, within the scope of this agreed audit is complying with the DPA. The recommendations made are primarily around enhancing existing processes to facilitate compliance with the DPA. Overall Conclusion Reasonable assurance There is a reasonable level of assurance that processes and procedures are in place and are delivering data protection compliance. The audit has identified some scope for improvement in existing arrangements to reduce the risk of non compliance with the DPA. executive summary 4 of 6

5 4. Summary of audit findings 4.1 Areas of good practice CICAs protocols are reviewed on an annual basis to ensure they are up to date and fit for purpose. A review schedule is maintained and relevant managers are contacted when reviews are due. Protocols are published and made available to staff via the intranet. Information champions have been identified and act as a point of contact within departments to provide data protection advice. Their responsibilities are set out within a terms of reference document and include raising staff awareness and establishing a culture of good information handling, identifying and assessing disclosure issues and risks and reviewing emerging issues and incidents for escalation. All staff complete a mandatory annual Civil Service Learning (CSL) e-learning module on managing information. In addition, staff attend sessions and workshops on Subject Access Requests (SAR) as part of the CICA information handling awareness programme. Further workshops on the data protection principles are planned as part of this ongoing programme. CICA staff had a good understanding of how to recognise both a SAR and Freedom of Information (FOI) request. In addition they demonstrated an awareness of the importance of ensuring these requests are passed to the correct department promptly due to the legal response times. 4.2 Areas for improvement CICA should review and update their website in order to guide requesters on how to make a SAR. In addition CICA should create a standard fair processing notice that must be shared with new clients, either verbally or in writing, and make this available on their website to outline the type of personal data that may be shared and the circumstances when this would occur. A quality assurance process for SARs should be developed to include a proportion of responses to be reviewed on a regular basis. This will ensure the accuracy of redactions and a correct and consistent application of the exemptions. Third party contracts and agreements with CICA should be reviewed to ensure staff, contractors, clients, and customers are aware of how the FOIA may affect them. CICA should make it clear that as a public body they are subject to the FOIA and must consider any request received. executive summary 5 of 6

6 The matters arising in this report are only those that came to our attention during the course of the audit and are not necessarily a comprehensive statement of all the areas requiring improvement. The responsibility for ensuring that there are adequate risk management, governance and internal control arrangements in place rest with the management of the Criminal Injuries Compensation Authority. We take all reasonable care to ensure that our audit report is fair and accurate but cannot accept any liability to any person or organisation, including any third party, for any loss or damage suffered or costs incurred by it arising out of, or in connection with, the use of this report, however such loss or damage is caused. We cannot accept liability for loss occasioned to any person or organisation, including any third party, acting or refraining from acting as a result of any information contained in this report. executive summary 6 of 6

Renfrewshire Council. Data protection audit report. Executive summary January 2013

Renfrewshire Council. Data protection audit report. Executive summary January 2013 Renfrewshire Council Data protection audit report Executive summary January 2013 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection

More information

Nottinghamshire County Council. Data protection audit report

Nottinghamshire County Council. Data protection audit report Nottinghamshire County Council Data protection audit report Executive summary October 2015 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data

More information

Cleveland Police. Data protection audit report. Executive summary November 2014

Cleveland Police. Data protection audit report. Executive summary November 2014 Cleveland Police Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act

More information

Cambridgeshire Constabulary. Data protection audit report

Cambridgeshire Constabulary. Data protection audit report Cambridgeshire Constabulary Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection

More information

Southampton City Council

Southampton City Council Southampton City Council Data protection audit report Executive summary March 2016 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection

More information

Cardiff Council. Data protection audit report. Executive summary June 2014

Cardiff Council. Data protection audit report. Executive summary June 2014 Cardiff Council Data protection audit report Executive summary June 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998

More information

Birmingham Women s NHS Foundation Trust

Birmingham Women s NHS Foundation Trust Birmingham Women s NHS Foundation Trust Data protection audit report Executive summary January 2015 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with

More information

Central London Community Healthcare NHS Trust. Data protection audit report

Central London Community Healthcare NHS Trust. Data protection audit report Central London Community Healthcare NHS Trust Data protection audit report Executive Summary July 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with

More information

Auditing data protection a guide to ICO data protection audits

Auditing data protection a guide to ICO data protection audits Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Information Commissioner's Office

Information Commissioner's Office Information Commissioner's Office Internal Audit 2013-14: Follow up Last updated 4 July 2014 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 21 May 2014 Draft

More information

Subject access code of practice

Subject access code of practice Data protection Subject access code of practice Dealing with requests from individuals for personal information Contents 3 Contents 1. About this code of practice 4 Purpose of the code 4 Who should use

More information

West Dunbartonshire Council. Follow-up data protection audit report

West Dunbartonshire Council. Follow-up data protection audit report West Dunbartonshire Council Follow-up data protection audit report Auditors: Lee Taylor (Audit Team Manager) Jonathan Kay (Engagement Lead Auditor) Data controller contacts: Michael Butler (Data Protection/Information

More information

University of Sunderland Business Assurance Over-arching Information Governance Policy

University of Sunderland Business Assurance Over-arching Information Governance Policy University of Sunderland Business Assurance Over-arching Information Governance Policy Document Classification: Public Policy Reference Central Register IG001 Policy Reference Faculty / Service IG 001

More information

Further to reports to EAG in February and March 2014, the purpose of this report is to;

Further to reports to EAG in February and March 2014, the purpose of this report is to; Report to: Trust Board of Directors Date of Meeting: 29 May 2014 Report Title: Annual Information Governance Report 13/14 Status: Mark relevant box with X Prepared by: Executive Sponsor (presenting): Appendices

More information

The CPS incorporates RCPO. CPS Data Protection Policy

The CPS incorporates RCPO. CPS Data Protection Policy The CPS incorporates RCPO CPS Data Protection Policy Contents Introduction 3 Scope 4 Roles and Responsibilities 4 Processing Criminal Cases 4 Information Asset Owners 5 Information Asset Register 5 Information

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

A Best Practice Guide

A Best Practice Guide A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals

More information

Information Governance Framework

Information Governance Framework Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March

More information

How we deal with complaints and concerns

How we deal with complaints and concerns I Data Protection Act How we deal with complaints and concerns A guide for data controllers 1 Data Protection Act How we deal with complaints and concerns The ICO is the UK s independent public authority

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: 1.0 Date: October 2013 Table of Contents 1 Introduction The need for a Data Protection Policy... 3 2 Scope... 3 3 Principles... 3 4 Staff Roles & Responsibilities... 4 5

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version Version 1 Ratified By Date Ratified PROPOSED FOR APPROVAL 15/11/12 Author(s) Responsible Committee / Officers Date Issue November 2012 Review Date November 2013 Intended

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Subject Access Request Procedure (Data Protection) Doc No IMPR04 Rev 2 27/07/11. 1.0 Scope. 2.0 Responsibilities and Definitions

Subject Access Request Procedure (Data Protection) Doc No IMPR04 Rev 2 27/07/11. 1.0 Scope. 2.0 Responsibilities and Definitions Doc No IMPR04 1.0 Scope The Data Protection Act 1998 (DPA) provides individuals with rights in connection with personal data held about them. It provides those individuals with a right of access to that

More information

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4.

PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN. Records Management Policy. Version 4.0. Page 1 of 11 Policy PHSO Records Management Policy v4. PARLIAMENTARY AND HEALTH SERVICE OMBUDSMAN Records Management Policy Version 4.0 Page 1 of 11 Document Control Title: Original Author(s): Owner: Reviewed by: Quality Assured by: File Location: Approval

More information

Information Governance Standards in Relation to Third Party Suppliers and Contractors

Information Governance Standards in Relation to Third Party Suppliers and Contractors Information Governance Standards in Relation to Third Party Suppliers and Contractors Document Summary Ensure staff members are aware of the standards that should be in place when considering engaging

More information

Date: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:

Date: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR: TRUST BOARD IN PUBLIC Date: 30 th May 2013 Agenda Item: 5.5 REPORT TITLE: Information Governance Annual Report EXECUTIVE SPONSOR: Ian Mackenzie Director of Information and Estates REPORT AUTHOR: Sarah

More information

Freedom of Information Policy Version 6.0

Freedom of Information Policy Version 6.0 Freedom of Information Policy Lead executive Name / title of author: Date reviewed: September 2015 Chief Nurse, Executive Director for Risk and Governance Colin Owen, Information Governance and Data Security

More information

Health and Safety Policy Part 1 Policy and organisation

Health and Safety Policy Part 1 Policy and organisation Health and Safety Policy Part 1 Policy and organisation ICO H&S Policy Policy and organisation, June 2014 Page 1 of 6 1. Scope 1.1 The Health and Safety policy applies to all employees of the Information

More information

Corporate Policy and Strategy Committee

Corporate Policy and Strategy Committee Corporate Policy and Strategy Committee 10am, Tuesday, 30 September 2014 Information Governance Policies Item number Report number Executive/routine Wards All Executive summary Information is a key asset

More information

University of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public

University of Sunderland Business Assurance. Over-arching Information Governance Policy. Document Classification: Public University of Sunderland Business Assurance Over-arching Information Governance Policy Document Classification: Public Policy Reference Central Register IG001 Policy Reference Faculty / Service IG 001

More information

Data Protection Policy. Leeds City Council. Information Governance team, Intelligence & Performance - 1 -

Data Protection Policy. Leeds City Council. Information Governance team, Intelligence & Performance - 1 - Leeds City Council Data Protection Policy - 1 - Document Control Organisation Leeds City Council Title Data Protection Policy Author Mark Turnbull, Legal Services Filename DPA policyvr1.doc Owner Assistant

More information

Quick Guide To Information Governance Policies

Quick Guide To Information Governance Policies Quick Guide To Information Governance Policies Data Protection The Data Protection Act 1998 established principles and rights in relation to the collection, use and storage of personal information by organisations.

More information

1. Introduction... 3. 2. Statement of Policy. 3. 3. The Eight Principles of Data Protection... 4. 4. Scope... 5. 5. Roles and Responsibilities.

1. Introduction... 3. 2. Statement of Policy. 3. 3. The Eight Principles of Data Protection... 4. 4. Scope... 5. 5. Roles and Responsibilities. Data Protection Policy 2011 Contents Page 1. Introduction... 3 2. Statement of Policy. 3 3. The Eight Principles of Data Protection...... 4 4. Scope.... 5 5. Roles and Responsibilities. 5 6. Development

More information

Data Protection Policy

Data Protection Policy Data Protection Policy BMBC Data Protection Policy V1 Page 1 of 7 Table of Contents 1 INTRODUCTION... 3 2 POLICY STATEMENT... 3 3. SCOPE... 3 4 DATA PROTECTION PRINCIPLES... 4 5 PREREQUISITE CONDITIONS

More information

BCS Professional Certification. May 2015. Copyright BCS 2013 Page 1 of 5. Subject Access Request Policy

BCS Professional Certification. May 2015. Copyright BCS 2013 Page 1 of 5. Subject Access Request Policy BCS Professional Certification May 2015 Copyright BCS 2013 Page 1 of 5 Version 1.0 May 2013 CONTENTS 1. POLICY... 3 2. SCOPE... 3 3. WHAT INFORMATION AM I ENTITLED TO REQUEST USING A SAR?... 3 4. WHAT

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY 1 Document history, consultation and approval Title SCRA Information Governance Policy Version Version 1 Other relevant approved document SCRA Case Information Policy SCRA

More information

Everyone in the workplace has a legal duty to protect the privacy of information about individuals. AEP/BELB/LJ/2010 Awareness Session

Everyone in the workplace has a legal duty to protect the privacy of information about individuals. AEP/BELB/LJ/2010 Awareness Session Everyone in the workplace has a legal duty to protect the privacy of information about individuals AEP/BELB/LJ/2010 Awareness Session During 2007 alone, 36,989,300 people in the UK have had their private

More information

Information Management Strategy. July 2012

Information Management Strategy. July 2012 Information Management Strategy July 2012 Contents Executive summary 6 Introduction 9 Corporate context 10 Objective one: An appropriate IM structure 11 Objective two: An effective policy framework 13

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Information Governance Strategy. Version No 2.0

Information Governance Strategy. Version No 2.0 Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective. Good Practice Audit outcomes analysis Police Forces April 2013 to April 2014 This report is based on the final audit reports the ICO completed in the Criminal Justice sector, specifically of Police forces,

More information

Entrepreneurs Programme - Business Growth Grants

Entrepreneurs Programme - Business Growth Grants Entrepreneurs Programme - Business Growth Grants Version: 15 July 2015 Contents 1 Purpose of this guide... 4 2 Programme overview... 4 2.1 Business Management overview... 4 3 Business Growth Grant... 5

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.

Information Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2. Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments

More information

Information Governance Plan

Information Governance Plan Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and

More information

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs

Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs Information Governance Policy Version - Final Date for Review: 1 October 2017 Lead Director: Performance, Quality and Cooperate Affairs NOTE: This is a CONTROLLED Document. Any documents appearing in paper

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Information Commissioner's Office

Information Commissioner's Office Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):

More information

Thank you for your request for information regarding ACPO UAS Steering Group which has now been considered.

Thank you for your request for information regarding ACPO UAS Steering Group which has now been considered. c/o PO BOX 481 Fareham Hampshire PO14 9FS Tel: 02380 674255 Email: acpo.request@foi.pnn.police.uk 29/08/2013 Dear Mr Jones FREEDOM OF INFORMATION REQUEST REFERENCE NUMBER: 000113/13 Thank you for your

More information

Trust Informatics Policy. Information Governance. Information Governance Policy

Trust Informatics Policy. Information Governance. Information Governance Policy Trust Informatics Policy Information Governance Policy Reference: TIP/IG/IGP I:\IG\IGM\IGT\March 2011\Document Library\Policies\Approved/ - 1 Document Control Policy Title Author/Contact Document Reference

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

INFORMATION GOVERNANCE HANDBOOK

INFORMATION GOVERNANCE HANDBOOK INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from August 2009 Date last amended August 2009

More information

Data governance in the connected enterprise Simon Wright. Star Wars: The Empire Strikes Back

Data governance in the connected enterprise Simon Wright. Star Wars: The Empire Strikes Back Data governance in the connected enterprise Simon Wright Star Wars: The Empire Strikes Back 1 1 2 2 Our data governance framework has some core areas of focus Sky Customer s 3 3 Interacting with customers

More information

Definition document for Health Bodies in Wales (including Local Health Boards, NHS trusts and Ambulance trusts)

Definition document for Health Bodies in Wales (including Local Health Boards, NHS trusts and Ambulance trusts) Freedom of Information Act 2000 Definition document for Health Bodies in Wales (including Local Health Boards, NHS trusts and Ambulance trusts) This guidance gives examples of the kinds of information

More information

INFORMATION GOVERNANCE POLICY & FRAMEWORK

INFORMATION GOVERNANCE POLICY & FRAMEWORK INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger

More information

Cayman Islands Compliance Officer and the Role of the Money Laundering Reporting Officer

Cayman Islands Compliance Officer and the Role of the Money Laundering Reporting Officer Cayman Islands Compliance Officer and the Role of the Money Laundering Reporting Officer Introduction Money laundering is the process by which the direct or indirect benefit of crime is channelled through

More information

Information Governance Strategy. Version No 2.1

Information Governance Strategy. Version No 2.1 Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of

More information

Asset Protection Agreement Templates - Customer Explanatory Notes. Explanatory Notes on Asset Protection Agreement

Asset Protection Agreement Templates - Customer Explanatory Notes. Explanatory Notes on Asset Protection Agreement Asset Protection Agreement Templates - Customer Explanatory Notes Explanatory Notes on Asset Protection Agreement Clause Heading Background The Asset Protection Agreement is intended for use where the

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

Revised Code of Practice for Disclosure and Barring Service Registered Persons. November 2015

Revised Code of Practice for Disclosure and Barring Service Registered Persons. November 2015 Revised Code of Practice for Disclosure and Barring Service Registered Persons November 2015 Revised Code of Practice for Disclosure and Barring Service Registered Persons Presented to Parliament pursuant

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

Data Protection Policy

Data Protection Policy Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's

More information

Information Governance Toolkit Report 2013/14

Information Governance Toolkit Report 2013/14 TAUNTON AND SOMERSET NHS FOUNDATION TRUST Information Governance Toolkit Report 2013/14 Report to: Trust Board on: 28 May 2014 Purpose of the Report: This report is presented to the Trust Board for information

More information

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data

More information

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013 Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice Freedom of Information Act 2000 (FOIA) Decision notice Date: 16 September 2015 Public Authority: Address: North East Lincolnshire Council Municipal Offices Town Hall Square Grimsby DN31 1HU Decision (including

More information

Job Description. Information Governance & Health Records Manager

Job Description. Information Governance & Health Records Manager Job Description POST: GRADE: RESPONSIBLE TO: ACCOUNTABLE TO: Information Governance Facilitator A4C Band 3 0.93 WTE 35 Hours per week Information Governance & Health Records Manager Head of Information

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to

More information

Information Governance Strategy :

Information Governance Strategy : Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Information Governance and Data Protection Policy

Information Governance and Data Protection Policy Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final

More information

Request under the Freedom of Information Act 2000 (FOIA)

Request under the Freedom of Information Act 2000 (FOIA) Our Ref: 003668/15 Freedom of Information Section Nottinghamshire Police HQ Sherwood Lodge, Arnold Nottingham NG5 8PP 9 July 2015 Tel: 101 Ext 800 2507 Fax: 0115 967 2896 Request under the Freedom of Information

More information

Data Protection Compensation Claims. White Paper

Data Protection Compensation Claims. White Paper Data Protection Compensation Claims White Paper April 2015 Executive Summary The recent Vidal-Hall v Google case marks a dramatic change in Data Protection law. For the first time, the courts made a definitive

More information

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE

BEFORE USING THIS GUIDANCE, MAKE SURE YOU HAVE THE MOST UP TO DATE VERSION GUIDANCE 2 POLICY AREA: INFORMATION GOVERNANCE GUIDANCE 1 TITLE: INFORMATION GOVERNANCE FRAMEWORK 2 POLICY AREA: INFORMATION GOVERNANCE 3 ACCOUNTABLE DIRECTOR FOR POLICY AREA: DIRECTOR OF QUALITY AND GOVERNANCE 4 GUIDANCE DRAFTED BY: INTEGRATED GOVERNANCE

More information

The Data Protection Act 1998. The Freedom of Information Act 2000. Environmental Information Regulations 2004

The Data Protection Act 1998. The Freedom of Information Act 2000. Environmental Information Regulations 2004 The Data Protection Act 1998 The Freedom of Information Act 2000 Environmental Information Regulations 2004 This instruction applies to:- Reference:- NOMS HQ Prisons National Probation Service Issue Date

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

Request under the Freedom of Information Act 2000 (FOIA)

Request under the Freedom of Information Act 2000 (FOIA) Our Ref: 003115/13 Freedom of Information Section Nottinghamshire Police HQ Sherwood Lodge, Arnold Nottingham NG5 8PP Tel: 101 Ext 800 2507 Fax: 0115 967 2896 29 May 2013 Request under the Freedom of Information

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

TIPS, GRATUITIES, COVER AND SERVICE CHARGES. Call for evidence SEPTEMBER 2015

TIPS, GRATUITIES, COVER AND SERVICE CHARGES. Call for evidence SEPTEMBER 2015 TIPS, GRATUITIES, COVER AND SERVICE CHARGES Call for evidence SEPTEMBER 2015 Contents Tips, gratuities, cover and service charges: employer practice... 3 Summary... 3 Tips, gratuities, cover and service

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY ENFIELD CLINICAL COMMISSIONING GROUP INFORMATION GOVERNANCE POLICY PLEASE DESTROY ALL PREVIOUS VERSIONS OF THIS DOCUMENT Enfield CCG Information Governance Policy Information Governance Policy (Policy

More information

Islington Data Protection Policy. A council-wide information policy Version 1.1 June 2014

Islington Data Protection Policy. A council-wide information policy Version 1.1 June 2014 A council-wide information policy Version 1.1 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document is distributed under the Creative Commons Attribution 2.5 license.

More information

BIG LOTTERY FUND Document archive and retention policy

BIG LOTTERY FUND Document archive and retention policy BIG LOTTERY FUND Document archive and retention policy December 2010 Sonia Howe Head of Information Governance For further information regarding retention schedules please contact Page 1 of 18 Version

More information

INFORMATION GOVERNANCE STRATEGY NO.CG02

INFORMATION GOVERNANCE STRATEGY NO.CG02 INFORMATION GOVERNANCE STRATEGY NO.CG02 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA.

More information