Data Protection Policy 1
|
|
- Hilary Barker
- 8 years ago
- Views:
Transcription
1 ISC14D010 Title: Data Prtectin Act plicy review Authr: Raymnd Sctt (ISD) Date: 22 January 2015 Circulatin: ISSC 16 February 2015 Agenda: ISC14A002 Versin: Draft v2.1 Status: Open Issue T seek the cmmittee s apprval fr prpsed changes t the Data Prtectin Act plicy. Recmmendatin Recipients are invited: T apprve the revised plicy Resurce implicatins N change t service is required and therefre there is n impact n resurces. Risk implicatins The lcal plicy is ffered t help the University align its practice t the Data Prtectin Act. The prpsed changes are made t help reduce the risk f nn-cmpliance and t make the plicy mre accessible. Equality and diversity New services will be subject t Equality Impact Assessment as they are implemented. Timing f decisins Once apprval is btained the revised plicy can be put int effect and published. Further infrmatin Raymnd Sctt (ISD), x3651 r.sctt@uea.ac.uk Backgrund The Data Prtectin Act plicy is subject t regular review. This paper cntains the updated plicy shwing tracked changes fr which a summary f the specific and general changes are listed belw. Discussin The fllwing changes are have been made t the dcument: Sme material which nly restates the legislatin has been remved. Data Prtectin Plicy 1
2 Clarified the circumstances under which the University will disclse student qualificatin details t third parties. [Sectin 5.5] Added an expectatin that thse handling persnal data will cmplete DPA training. (ISD has made available a shrt nline DPA curse t supprt this change.) [Sectin 5.7] In line with ther infrmatin cmpliance plicies, set the review cycle t 24 mnths. [Sectin 9]. Attachments Data Prtectin Act plicy v2.1 DRAFT Data Prtectin Plicy 2
3 Data Prtectin Plicy Authr: David Palmer (ISD) Date: 13 May January 2015 Versin: 12.1 This dcument defines the University f East Anglia s (UEA) plicy n data prtectin, and is based n the fllwing principles. The University will be cmpliant with all relevant legislatin, particularly the Data Prtectin Act 1998, and will base its plicies and practices n cmpliance with the eight Data Prtectin principles cntained therein Ensuring cmpliance is a crprate respnsibility f the University requiring the active invlvement, f, and appreciatin by, all staff at all levels f the rganisatin The University will strive t ensure best practice in regards data prtectin prcesses and prcedures The University will strive t imprve practices and prcedures utilising external guidance, mnitring f jurisprudence in the areas, and adpting examples f best practice elsewhere The University will prvide supprt and services t enable staff handling persnal data t remain cmpliant with the legislatin, including prvisin f mandatry nline and ptinal face t face training. Versin histry Versin Date Nte /05/12 First draft, adapted frm Data Prtectin Briefing Paper /06/12 Apprved by ISSC /6/13 Apprved by ISSC /1/15 Reviewed by ISD SPC team 1. Intrductin At UEA, persnal data are held abut students, staff and the public. UEA needs t hld infrmatin abut its students and staff fr reasns which include, but are by n means limited t, the fllwing: the recruitment, emplyment and payment f staff the recruitment f students the administratin f curses and examinatins student welfare Data may als be held n ther individuals, such as visitrs t UEA, suppliers, emplyees f ther rganisatins wh are invlved in research cntracts, and s n. The Data Prtectin Act 1998 (DPA) places respnsibilities and bligatins n rganisatins which prcess data abut living individuals. It als gives legal rights t individuals in respect f persnal data held abut them by thers. The DPA may be fund n the internet at /29/cntents Data Prtectin Plicy 3
4 The University must have plicies and prcedures in place t ensure that we are cmpliant with ur bligatins under the Act that extend acrss the breadth f the staff and activities f the University. 2. Scpe This plicy applies t: All students and staff emplyed by, r studying at UEA Any nn UEA staff with any degree f access and/r use f persnal data held by the University All University activities that invlve the prcessing f persnal data as defined by the Data Prtectin Act Definitins The fllwing definitins apply t this plicy: thethe Act: Data Prtectin Act (DPA) Data Security Breach: Any ccurrence f any unauthrised r unlawful prcessing f persnal data held by UEA, r the accidental lss, destructin f r damage t any such persnal data. Data Subject: A living individual wh is the subject f persnal data. Data Cntrller: A persn r rganisatin which cntrls the purpses and manner in which data are prcessed. UEA is a data cntrller, and the pintpints f cntact isare the University's Infrmatin Plicy and Cmpliance Manager.Managers (IPCMs). Data Prcessr: Any persn r persns that prcess infrmatin n behalf f a data cntrller. Data: All infrmatin in digital frmat, r manual data within a relevant filing system.infrmatin CmmissinerCmmissiner s Office (ICO): The supervisry authrity, reprting directly t Parliament, that enfrces and versees the DPA, and ther infrmatin related legislatin. The Infrmatin Cmmissiner maintains a public register f data cntrllers. The prcess f adding an entry t the register is called ntificatin. UEA's ntificatin cvers the classes f data which are prcessed, and is updated frm time t time and ther infrmatin related legislatin. Infrmatin life cycleipcms: The time span that infrmatin prcessed by the University remains live and relevant t the University (inclusive f its dispsal r destructin) and fr which the University has bligatins under this, r any ther plicy. IPCM: Infrmatin Plicy and Cmpliance Manager.Managers Persnal Data: Data which relate t a living and identifiable individual, including cmputeriseddigital data and sme manual data (iei.e. paper based recrds, micrfiche, etc). When the DPA was first passed int law, it cvered data.) held in a " relevant filing system", which is defined in the DPA as a "set f infrmatin" which "is structured, either by reference t individuals r by reference t criteria relating t individuals, in such a way that specific infrmatin relating t a particular individual is readily accessible". Hwever, the Freedm f Infrmatin Act 2000 (FOIA) mdifies and extends the DPA t apply t "unstructured persnal data". system. Unstructured persnal data are any persnal data which fall utside the definitin f the relevant filing system given abve. Data Prtectin Plicy 3
5 The difference may be illustrated as fllws. Persnnel recrds are clearly part f a "structured filing system" as they are arranged by surname r emplyee number. Hwever, a member f staff may serve n a university cmmittee, and that persn's name will appear in the minute bk f that cmmittee. The minute bk is nt structured by names, but by the dates f cmmittee meetings. Under the mdificatin t the DPA, such data nw fall within its remit. Prcessing: An actin f any srt taken in regards persnal data during the lifecycle f that persnal data. This will include but is nt limited t: creating, btaining, string, adapting, transferring, transmitting, dispsal and destructin. Relevant filing system: Manual infrmatin held in a structured and systematic filing system. Nte the Freedm f Infrmatin Act 2000 (FOIA) mdifies and extends the DPA fr public authrities (including the University) t apply t "unstructured persnal data". Unstructured persnal data are any persnal data which fall utside the definitin f the relevant filing system given abve.relevant filing system: Any set f infrmatin relating t individuals t the extent that, althugh the infrmatin is nt prcessed by means f equipment perating autmatically in respnse t instructins given fr that purpse, the set is structured, either by reference t individuals r by reference t criteria relating t individuals, in such a way that specific infrmatin relating t a particular individual is readily accessible. Sensitive Persnal Data: The DPA recgnises that certain types f persnal data shuld be treated with particular regard. Such data include racial r ethnic rigin; plitical pinins; religius beliefs; membership f a trade unin; physical r mental health r cnditin; sexual life; and criminal ffences. Subject Access request (SAR): The means by which any individuala data subject exercises thetheir right, pursuant t sectin 7 f the Data Prtectin Act f any individual t see a cpy f the infrmatin an rganisatin hlds abut them. A SAR can include the fllwing elements: a request t be tld whether any persnal data is being prcessed; a request t be given a descriptin f the persnal data, the reasns it is being prcessed, and whether it will be given t any ther rganisatins r peple; a request t be given a cpy f the infrmatin cmprising the data; and a request t be given details f the surce f the data (where this is available). 4. Aims The aims f the Data Prtectin Plicy are t: Set ut the bligatins f the University in regards data prtectin Establish the guiding principles fr the University s actins in this area Prvide a Plicy framewrk t ensureenable lcal cmpliance with the Act 5. Plicy statements 5.1. Ntificatin The University will cmply with the ntificatin bligatins placed upn it by the Act and assciated regulatins; specifically renewing ntificatin with the ICO yearly, and ensuring that the ntificatin is current and accurate. T further the latter, the University will Data Prtectin Plicy 5
6 cnduct a cmprehensive review f its ntificatin n later than every 5 years, and mre frequently shuld the activities r data hldings f the University s demand. Data Prtectin Plicy 6
7 5.2. Persnal data held by UEA Data are cllected frm students at varius stages. Examples include, but are nt restricted t: data n applicatins (ften transferred t UEA frm UCAS) registratin data applicatins fr financial aid data held by the Dean f Students Office in cnnectin with student welfare Data are als added subsequently t students recrds, fr example: marks statements changes f address final degree results medical certificates cncessin r intercalatin requests The Human Resurces Divisin cllects data n staff and creates a Persnnel File fr every member f staff. Sme f this infrmatin will als be held by individual administrative units within the University. Such data will include: applicatins fr psts at UEA terms f appintment annual review prmtins The types f persnal infrmatin prcessed by the University are utlined in ur registratin dcument, listed in the public register f data cntrllers available frm the ICO website 1 All staff and students shuld ensure that any infrmatin that they prvide t UEA in cnnectin with their emplyment r study is accurate and up t date. UEA has ultimate respnsibility fr ensuring the persnal infrmatin it hlds is accurate and up t date. Upn graduatin, sme infrmatin is passed t the Alumni Assciatin t allw them t cntact graduates abut UEA events, prducts, services and fr survey purpses. Central systems als retain basic graduate student data regarding academic prgress t verify awards and t prvide a recrd f lifelng learning Prcessing bligatins general Data Prtectin principles in general Under the DPA, persnal data must be prcessed in accrdance with the fllwing eight Data Prtectin Principles. These principles are cntained within Schedule 1 f the Act and 2. These are the fundamental bligatins impsed by the Act in regards the prcessing f persnal data. The term prcessing has a very wide applicatin which includes the mere fact f hlding data abut a living individual, as well as the alteratin, disclsure and destructin f persnal infrmatin. The eight Data Prtectin Principles state that data must: 1. be btained and prcessed fairly and lawfully and nly if certain cnditins are met 2. be btained fr specified and lawful purpses 3. be adequate, relevant and nt excessive fr thse purpses 4. be accurate and up t date 1 the ic/what we d/register f data cntrllers/ 2 rganisatins/guide t data prtectin/data prtectin principles/ Data Prtectin Plicy 6
8 5. nt be kept fr lnger than is necessary 6. be prcessed in accrdance with the rights f data subjects 7. be kept safe frm unauthrised access, lss r destructin 8. nt be transferred t cuntries utside the Eurpean Ecnmic Area (EEA), unless t cuntries with equivalent levels f data prtectin. The First Principle Fair prcessing 3 The requirement fr fair prcessing is set ut in the first data prtectin principle and is the mst imprtant principle in regards the prcessing f persnal data. In essence, this principle demands, and it is UEA plicy that, allall persnal data fr which UEA is data cntrller will be prcessed fairly and lawfully, with apprpriate ntice prvided and in line with the expectatins f the relevant data subjects, and that all data subjects will have adequate ntice f any prcessing undertaken by UEA.. If any unit is planning t cllect persnal data frm anyne, cnsent t stre and handle the infrmatin must be btained frm the individualdata subjects at the time f the data cllectin. This can be dne by means f a privacy ntice. Advice n writing privacy ntices is available frm the IPCMIPCMs. When a student registers at the beginning f his r her curse, he r she is issued with athey agree t the terms f the University s student data prtectin ntice 4. The ntice sets ut the types f data which are being cllected and the uses t which these will be put, including transfers t ther rganisatins such as the Higher Educatin Statistics Agency. It als infrms the student that, by signing the registratin frm, he r she cnsents t the prcessing f thse data, fr purpses cnnected with the legitimate activities f UEA. This ntice is reviewed befre the start f each academic year t ensure all data prcessing activities are included and explained. Fr staff, a data prtectin ntice is included n applicatin frms fr emplyment at UEA which sets ut the data which are cllected, the uses t which they will be put, and seeks cnsent fr their prcessing. There is als a ntice fr successful applicants 5, when they jin UEA. Particular attentin is drawn t the cllectin f data n Ethnic Origin and Disability, since these are amng the types f sensitive data defined in the DPA. Explicit and infrmed cnsent must be btained fr theany prcessing f sensitive data, and this is made clear in the ntices issued t staff and students, which explain that, by prviding these data,ensure the staff member r student cnsents tagrees with the prcessing f his r hertheir data within carefully defined limits. We cannt frce an individual t prvide these, r ther types f sensitive data, and he r she isthey are quite at liberty t refuse t prvide them n the applicatin r registratin frm (which means, effectively, that cnsent fr their prcessing has been withheld). The Seventh Principle Data Security rganisatins/guide t data prtectin/principle 1 fair and lawful/ rganisatins/guide t data prtectin/principle 7 security/ Data Prtectin Plicy 8
9 Adequate data security is essential t meet the requirements f the 7 th Data Prtectin principle. Where anyne subject t this Plicy is in pssessin f persnal data they whether in electrnic r paper frmat they must: Ensure that the persnal data is technically stred and handled in line with apprved UEA infrmatin security plicies 7 and prcesses. Ensure that rganisatin measures are in place t guard against unauthrised r unlawful damage r destructin f the persnal data. Such measures culd include: restricting physical and cmputer based access t the data t minimum number f persns pssible, ensuring that all digital persnal data is passwrd prtected wherever it may reside, ensuring that any persnal data are nt left in the pen either in paper frm, r n a screen in digital frm, ensuring that access t the area in which the persnal data is stred is restricted t nly thse persns wh need t be there, minimise the need fr transfer f the data, if. If transfer is required, ensure that UEA data security prtcls are in place and bserved. Take steps t prvide an adequate level f training in DPA and infrmatin security is prvided t anyne with access t the persnal data, inclusive f anyne utside f UEA that may have access t the data. The IPCMThe Security, Plicy and Cmpliance team will wrk with apprpriate units within ISD t ensure that all technical security requirements are met and will wrk with the apprpriate internal authrity t ensure that apprpriate rganisatinal measures are in place. Other prcessing bligatins Staff shuld ensure that persnal data are: prcessed nly fr the purpses fr which they were cllected (nte that simply hlding data n file cunts as prcessing) nt divulged t third parties withut the subject s cnsent relevant, accurate and up t date adequate but nt excessive fr the stated purpse dispsed f as cnfidential material when they are n lnger needed fr the purpses fr which they were cllected and in line with UEA recrds management plicy 8 and practices nt transferred utside the EEA unless there are adequate measures in place that ensure a level f prtectin equivalent t that affrded by the Act Data Prtectin Plicy 9
10 5.4. Data Sharing Infrmatin shuld nt be transferred t any 3 rd party (i.e. utside UEA) withut cnsent f the data subject(s) unless such a transfer is authrised by the Act itself, by ther statute, r by the UEA Student Data Prtectin Ntice 9 r UEA Staff Data Prtectin Ntice 10. The Act authrises release t 3 rd parties withut ntice t the data subject under certain limited circumstances such as. Detectin r preventin f crime, apprehensin f ffenders Prtectin f the vital interests f the data subject Pursuant t a cntract t which the data subject is a party Pursuant t a legal bligatin impsed upn UEA Where necessary fr the pursuit f the legitimate interests f UEA r any 3 rd party save where such prcessing is unwarranted by prejudice t the rights, freedms r legitimate interests f the data subject AnySuch prpsed data sharing that des nt meet the abve cnditins must be reviewed by the IPCMIPCMs wh has the respnsibility f determining whether, n the facts f the case, a data prcessing agreement is warranted. This review shuld ccur as early as pssible in any prject r instance nted abve. As a general rule, ne ff, ad hc data sharing events will nt require an agreement whilst any nging data sharing will require such an agreement. Where persnal data is t be shared with any party external t the university, a data sharing agreement must be in place t gvern the sharing. Thse planning t share data must fllw guidance prvided by the ICO 11. The IPCMs will prvide templates t aid the creatin f final agreements. Alternatively, the receiving rganisatin may prvide their wn agreement which shuld be reviewed t ensure it means the standards f the current university apprved template. The IPCMs will maintain a register f data sharing agreements. If a data prcessing agreement is warranted, the IPCMIPCMs will wrk with the relevant line manager with peratinal respnsibility fr the data sharing t draft and agree an agreement that assures that the University meets its cmpliance bligatins. Where persnal data is t be shared within the University between departments, sharing must cmply with the data prtectin principles Specific UEA related prcessing plicies Student attendance and qualificatin verificatin rganisatins/guide t data prtectin/data sharing/ Data Prtectin Plicy 10
11 Third parties may cntact the University t cnfirm whether r nt a named individual has attended the University, and whether r nt they btained a particular qualificatin. These queries shuld be directed t Student Recrds fr a respnse in the first instance. In general, the University will seek cnsent frm the individual fr cnfirmatin f attendance and verificatin f qualificatins t third parties wherever pssible befre a respnse is prvided. There may be special circumstances under which the University will release infrmatin withut first btaining cnsent. These queries must be referred t the IPCMs. Ptential fraudulent claims: Where an individual has made a false claim regarding attendance, emplyment r qualificatins gained at UEA, and the University has n recrd f that individual having attended the institutin, the enquirer will be infrmed. Other types f request: Where the University can cnfirm emplyment, student attendance r qualificatins, and has nt btained explicit cnsent, the University will nly disclse that infrmatin t verified and legitimate enquirers under certain limited circumstances where there is significant advantage t the data subject in s ding. Sme circumstances under which the University will cnfirm attendance and qualificatins absent explicit cnsent are listed in the student privacy ntice. Each case will be cnsidered by the IPCMs n its wn merits. References It is relatively cmmn fr staff r students t request access t persnal references written at the time f their applicatin fr emplyment r study at UEA, r fr emplyment r study elsewhere. This is an area where a specific exemptin is written int the DPA: cnfidential references given by UEA (the Data Cntrller) are exempt frm disclsure under the subject access prvisins. (see subject access sectin). Thus, students and staff f UEA cannt apply t see references prvided by UEA staff and sent t anther rganisatin. They may, hwever, apply t the rganisatin t which the reference has been sent. Similarly, they may apply t UEA t see references which have been received by UEA and which may be held in (say) a Persnnel File. These references received by UEA are treated as any ther items in a file, and we wuld fllw the nrmal prcedure regarding handling subject access requests by data subjects. It is wrth bearing in mind that annymisatin is unlikely t be effective where references are cncerned, and it is very likely that we wuld seek the cnsent f the authr befre releasing them, befre deciding whether r nt it was reasnable t release the reference "in all the circumstances".. The Infrmatin Cmmissiner has advised that, where a reference has had an adverse effect n the subject f the reference, the subject's right f access will nrmally utweigh any ther circumstances, even if the reference was given in cnfidence, and the authr has expressly refused his r her cnsent t its disclsure. Research Data Prtectin Plicy 11
12 The Act allws certain exemptins in the case f persnal data which are cllected and prcessed fr research purpses, r fr histrical r statistical purpses. If the prcessing is nly fr the purpses f research (, and is nt used t supprt decisins abut individuals), and des nt (and is nt likely t) result in substantial damage r distress t any data subject then the data can be kept indefinitely. the data can be repurpsed. That is, used fr research purpses ther than thse fr which it was riginally cllected subject access des nt have t be granted, as lng as the results f the research are annymised. This is f curse very cmmn in the case f medical research papers which ften refer t Ms A, Mr B, et al. Care shuld be taken if a key is retained which enables annymised data t be decded and therefre attributed t individuals. An apprpriate level f care wuld exist if the key was nly knwn t thse individuals directly invlved in the research, and kept securely, and separate frm the usual lcatin f the annymised data. Care shuld als be taken when students are cnducting research invlving persnal data as part f their studies. In such cases, UEA may be the data cntrller and respnsible fr the student s adherence t the DPA. Many research prjects invlving human subjects must first be apprved by an Ethics Cmmittee, and ne. The IPCMs is a member f the cnditins f such apprval is that the University s Research Ethics Cmmittee (UREC) and will prvide advice f the IPCM has been sught. As part f this rle, the IPCM may askn data prtectin matters t see a cpy f the research prtclthe Cmmittee as apprpriate. Examinatins The DPA cntains a specific exemptin fr "persnal data cnsisting f marks r ther infrmatin prcessed by a data cntrller fr the purpse f determining the results f an academic, prfessinal r ther examinatin r f enabling the results f any such examinatin t be determined". When a subject access request is made befre the day n which the results f the examinatin are annunced, such data may be withheld until five mnths frm the date f the request, r the end f frty days beginning with the date f the annuncement f the examinatin results, whichever is the earlier. sner. The purpse f this prvisin is t prevent the release f examinatin marks until the assessment prcess is cmplete. Infrmatin recrded n an examinatin script by an examinatin candidate is specifically exempt frm the prvisins f the DPA. Hwever, cmments written n the scripts by examiners are nt exempt. Students may apply t see these cmments in the same way that they may apply t see ther data, althugh such cmments may nt be released until the results f the examinatin are knwn. Examiners shuld endeavur t prvide cmments in such a way as t make them easily severable frm the script itself, preferably by use f a separate cver sheet. Accrding t UEA's custm and practice, Pass Lists shwing undergraduate degree results may be psted n ntice bards and in Registry receptin. The degree results are listed using registratin numbers nly; students names d nt appear n the Lists. The University will infrm students by way f the Student Data Prtectin Ntice that degree results will be published in this manner. Data Prtectin Plicy 12
13 Marketing infrmatin Certain cmmunicatins with staff, students and ther parties may fall within the scpe f the Privacy and Electrnic Cmmunicatins Regulatins 2003 (PECR). PECR cmplements the DPA and applies t unslicited electrnic cmmunicatins (in any frmat) which cntain: advertising r marketing material fr gds r services prmtin f the rganisatin s aims and ideals prmtin f events f public meetings appeals fr funds r supprt PECR als applies t the ckies used n the University website t track infrmatin abut users f the site. Such cmmunicatins shuld nt be sent withut first btaining cnsent frm the recipients. Cnsent can be explicitly prvided r may in certain circumstances be implied by a subscriptin t a service. The University must always ffer the ptin t pt ut f marketing messages and must stp sending marketing cmmunicatins t anyne wh raises an bjectin r chses t pt ut f receiving them. The IPCMs shuld be cnsulted prir t cmmencing any marketing campaign invlving persnal data System and Prcess Assessment Any system, prject, prcess, r infrmatin hlding within the University that invlves persnal data must be cmpliant with ur bligatins under the Act and an assessment and evaluatin f cmpliance will be necessary. Examples include CCTV, Student Infrmatin System, CRM, Car Parking Enfrcement and s n. Privacy Impact Assessment in the case f majr systems, a full, r truncated Privacy Impact Assessment may be required. This will nly be required in the case f majr initiatives invlving substantial amunt f persnal data r particularly sensitive r ptentially risky prcessing f data. The ICO prvides brief guidance 12 n this prcess. A UEA generatedspecific checklist 13 f data prtectin cmpliance shuld be cmpleted at the cmmencement f any prject r system t identify data prtectin issues, risks and prcesses that need t be addressed. The checklist is available frm the Strategy, Plicy and Cmpliance team within ISD 14. Fr ther smaller prcessing issues, advice and guidance will be available frm the IPCM with assistance frm ther members f the Strategy, Plicy and Cmpliance team. IPCMs. Where such advice and guidance is given, every pprtunity will be explred t expand the knwledge and awareness f the individual r rganisatinal unit seeking the advice and guidance cal_applicatin/privacy_impact_assessment_overview.ashx rganisatins/guidet data prtectin/privacy by design/ 13 checklist 14 checklist Data Prtectin Plicy 13
14 5.7. Training and Awareness Training and awareness is essential fr the University t be in a psitin t meet its bligatins under the Act. All staff wrking with persnal data must, at minimum, cmplete the nline data prtectin training mdule as sn as pssible after cmmencement f their duties. ISD has primary respnsibility fr ensuring that adequate and apprpriate training and awareness exist within the University, with the IPCMIPCMs taking the lead rle within ISD. All emplyees, upn btaining emplyment with the University, will receive general infrmatin n the Act and ur bligatins thereunder as a cmpnent f the inductin dcumentatin and prcess. The IPCMIPCMs is respnsible fr creating and maintaining bth web based and print material fr reference and awareness. This pst is als respnsible fr presenting scheduled training t staff via nline training mdules, the CSED training prgramme, scheduled training t the student ppulatin, particularly PGR students, and prviding ad hc training where apprpriate. The IPCMIPCMs, in cnjunctin with relevant University units, will identify thse rles requiring particular training and awareness f data prtectin respnsibilities and will wrk with relevant unit t ensure that adequate and apprpriate training is prvided. Mnitring f the effectiveness f training and awareness activities shuld be undertaken and maintained cnsistently by the IPCMs Data Breach Management It is the respnsibility f all UEA staff t avid data security breaches, but where ne des ccur, the affected unit, Faculty r individual must and will reprt the breach t the IPCMIPCMs at the earliest pssible pprtunity. Any persnal data breaches will be handled in accrdance with current guidance frm the ICO and investigatin f any breach will initially be the respnsibility f the IPCMIPCMs. Any breach will be immediately reprted t the Assistant Directr, Strategy, Plicy and Cmpliance within ISD and any decisin regarding the ntificatin f either the ICO r affected parties f any breach will be taken n his r her authrity. The general prcedure in the case f a data security breach will fllw ICO guidelines and fcus n the prper cmpletin f fur stages f breach management: Cntainment and recvery Assessment f nging risk Ntificatin f breach Evaluatin and respnse It is the respnsibility f the IPCMIPCMs t ensure that all fur stages are addressed. The Assistant Directr Strategy, Plicy and Cmpliance has the respnsibility f signing ff that each stage has been successfully undertaken and cmpleted Data Subject access requests (SAR) Persns abut whm UEA hlds data (Data Subjects) may make a request (a Subject Access Request) t see thse data, and t receive r view cpies f thse data in permanent intelligible frm (print uts r phtcpies). Students, staff r any individuals external t Data Prtectin Plicy 14
15 UEA wh wish t make a Subject Access Request shuld be directed t the apprpriate request page 15 within the Data Prtectin web pages fr the University. The IPCM, with the assistance f ther members f the Strategy, Plicy and Cmpliance team,ipcms has the respnsibility t c rdinate the request centrally. Requests must be made in writing preferably n the standard applicatin frm and accmpanied by the standard fee f 10. Persns making a subject access request will als be required t cnfirm their identity. The DPA prvides that UEA must respnd t a frmalvalid request within 40 calendar days. The detail f the prcesses and prcedures t be fllwed in administering a Subject Access request are set ut in the Data Prtectin SAR Operatins Manual, available frm the Strategy, Plicy and Cmpliance team. 6. Ownership The Strategy, Plicy and Cmpliance team within ISD have wnership f this Plicy. 7. Respnsibilities Within this plicy, the fllwing individuals have the fllwing respnsibilities: Respnsibility Administratin f subject access requests, training and awareness f staff, advice n drafting data sharing agreements, respnse t data prtectin inquiries frm staff & students, investigatin and management f data security breaches Overall respnsibility fr Data Prtectin Plicy, authrisatin f actins related t a data security breach, management and versight f IPCMIPCMs Strategic liaisn regarding data prtectin with ther UEA units, ISD apprval f data prtectin plicies Institutinal apprval f Data Prtectin plicies Persnal data t be handled in line with University plicy, best practice, and the Act Owner Infrmatin Plicy and Cmpliance Manager (IPCMIPCMs) Assistant Directr Strategy, Plicy and Cmpliance Directr f Infrmatin Services Infrmatin Strategy and Services Cmmittee StaffAll staff and students handling persnal data 8. References This data prtectin plicy is supprted within the cntext f the fllwing pieces f legislatin, prfessinal standards, and University dcuments: Data Prtectin Act 1998 Data Prtectin and Freedm f Infrmatin Fees Regulatins 2004 Freedm f Infrmatin Act Data Prtectin Plicy 15
16 Envirnmental Infrmatin Regulatins 2004 Privacy and Electrnic Cmmunicatins Regulatins 2003 Prtectin f Freedms Act 2012 ICO guidance and cdes f practice 16 UEA Freedm f Infrmatin Plicy UEA Envirnmental Infrmatin Regulatins Plicy UEA Recrds Management Plicy and supprting departmental recrds retentin schedules (RRSs) 9. Review Annual; by IPCM in cnsultatin with the Every tw years; by Assistant Directr Strategy, Plicy and Cmpliance in cnsultatin with the IPCMs and with the Directr f Infrmatin Services rganisatins/guide t data prtectin/ Data Prtectin Plicy 16
Personal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationDisplayNote Technologies Limited Data Protection Policy July 2014
DisplayNte Technlgies Limited Data Prtectin Plicy July 2014 1. Intrductin This dcument sets ut the bligatins f DisplayNte Technlgies Limited ( the Cmpany ) with regard t data prtectin and the rights f
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More informationMalpractice and Maladministration Policy
TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationPrivacy Policy. The Central Equity Group understands how highly people value the protection of their privacy.
Privacy Plicy The Central Equity Grup understands hw highly peple value the prtectin f their privacy. Fr that reasn, the Central Equity Grup takes particular care in dealing with any persnal and sensitive
More informationEmployees - recruitment, records and monitoring
Emplyees - recruitment, recrds and mnitring This guidance has been prduced t help rganisatins cmply with the Data Prtectin Act (DPA) when recruiting and emplying wrkers. It is relevant t public sectr emplyers,
More informationBLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS
BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin
More informationHow To Ensure Your Health Care Is Safe
Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t
More informationHeythrop College Disciplinary Procedure for Support Staff
Heythrp Cllege Disciplinary Prcedure fr Supprt Staff Intrductin 1. This prcedural dcument des nt apply t thse academic-related staff wh are mentined in the Cllege s Ordinance, namely the Librarian and
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationAudit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd
Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationMunicipal Advisor Registration
FACT SHEET Municipal Advisr Registratin SEC Open Meeting Sept. 18, 2013 The Securities and Exchange Cmmissin tday will cnsider whether t adpt a rule that wuld establish a permanent registratin regime fr
More informationCorporate Standards for data quality and the collation of data for external presentation
The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published
More informationFAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT
FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028
More informationWHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy
WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationFinance, Performance and Risk Committee 2014/2015
Finance, Perfrmance and Risk Cmmittee 2014/2015 Date f Meeting: 17 December 2014 Agenda Item: Click here t enter text. Subject: Infrmatin Gvernance Plicy Reprting Officer: Paul Byrne Lead IG Manager Aim
More informationPublic consultation paper
Public cnsultatin paper Nvember 2012 Public cnsultatin n guidelines fr prfessinal indemnity insurance arrangements fr nurses and nurse practitiners. Please prvide feedback by email t: nmbafeedback@ahpra.gv.au
More informationHow To Deal With A Data Breach In The European Law
Data Prtectin: Regulating Cyber Security Jnathan Bamfrd Head f Strategic Liaisn Hw des DP regulatin affect cyber security? Data Prtectin Act 1998: apprpriate security Privacy and Electrnic Cmmunicatin
More informationPrivacy and Security Training Policy (PS.Pol.051)
Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider
More informationNational Australia Bank Limited Group Disclosure & External Communications Policy
Natinal Australia Bank Limited Grup Disclsure & External Cmmunicatins Plicy Grup Disclsure & External Cmmunicatins Plicy Page 2 f 7 Grup Disclsure & External Cmmunicatins Plicy ( the Plicy ) 1. Overview
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationSources of Federal Government and Employee Information
Inf Surce Surces f Federal Gvernment and Emplyee Infrmatin Ridley Terminals Inc. TABLE OF CONTENTS General Infrmatin Intrductin t Inf Surce Backgrund Respnsibilities Institutinal Functins, Prgram and Activities
More informationGeneral Records Authority 33. Accredited Training
General Recrds Authrity 33 2012/00579704 Accredited Training February 2013 This is an accurate reprductin f the authrised recrds authrity cntent, created fr accessibility purpses CONTENTS INTRODUCTION
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationPurpose Statement. Objectives
Apprved by Academic Affairs Cuncil, June 24, 2014 Faculty Handbk Part VI: Other Plicies and Prcedures Sectin R. Intellectual Prperty Classified Emplyee Handbk Part VI: Other Plicies and Prcedures Sectin
More informationBUPA DENTAL PLAN A P P L I C AT I O N F O R M
BUPA DENTAL PLAN A P P L I C AT I O N F O R M Please cmplete all relevant sectins f the frm in BLOCK CAPITALS and BLACK INK and return it t: Cnsumer Partnerships, FPS Dental, Bupa, Willw Huse, Chertsey
More informationAustralian Institute of Psychology. Human Research Ethics Committee. Terms of Reference
Australian Institute f Psychlgy Human Research Ethics Cmmittee Terms f Reference What is research? Accrding t the Natinal Statement research... is widely understd t include at least investigatin undertaken
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More informationCHANGE MANAGEMENT STANDARD
The electrnic versin is current, r when printed and stamped with the green cntrlled dcument stamp. All ther cpies are uncntrlled. DOCUMENT INFORMATION Descriptin Dcument Owner This standard utlines the
More informationNYU Langone Medical Center NYU Hospitals Center NYU School of Medicine
Title: Identity Theft Prgram Effective Date: July 2009 NYU Langne Medical Center NYU Hspitals Center NYU Schl f Medicine POLICY It is the plicy f the NYU Langne Medical Center t educate and train staff
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationPrivacy Breach and Complaint Protocol
Privacy Breach and Cmplaint Prtcl Effective: December 31, 2012 Apprved by: Le McKenna, CFO 1.0 General Privacy breaches and privacy cmplaints will be handled in accrdance with this prtcl. This prtcl is
More informationProcess for Responding to Privacy Breaches
Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident
More informationRQ10.06 AACo Share Trading Policy
Australian Agricultural Cmpany Limited ACN 010 892 270 RQ10.06 AAC Share Trading Plicy Versin 5 This plicy was apprved by the Bard f Australian Agricultural Cmpany Limited n 15 December 2010. This plicy
More informationDraft for consultation
Draft fr cnsultatin Draft Cde f Practice n discipline and grievance May 2008 Further infrmatin is available frm www.acas.rg.uk CONSULTATION ON REVISED ACAS CODE OF PRACTICE ON DISCIPLINE AND GRIEVANCE
More informationSECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM
Audit Manual Sectin J SECTION J QUALITY ASSURANCE AND IMPROVEMENT PROGRAM Ref. Plicy and Practice Requirements IIA Standards and Other references J 1 Plicy: The Head f Internal Audit shall develp and maintain
More informationHuman Resources Policy pol-020
Human Resurces Plicy pl-020 Versin: 2.00 Last amendment: Jul 2014 Next Review: Jul 2017 Apprved By: Cuncil Date: 04 May 2005 Cntact Officer: Directr, Office f Human Resurce Services INTRODUCTION The University
More informationAccessible Service Policy
Accessible Service Plicy Date Created Revisin Oct. 16, 2012 1 Gal This plicy is intended t meet the requirements f the Accessibility Standards fr Custmer Service, Ontari Regulatin 429/07 under the Accessibility
More informationIssuing of qualifications and statement of attainment Policy and Procedures Version: 3.0 Last Modified: 1 March 2015
Issuing f qualificatins and statement f attainment Plicy and Prcedures Versin: 3.0 Last Mdified: 1 March 2015 Purpse ANC issues AQF certificatin dcumentatin nly t a learner whm it has assessed as meeting
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationLINCOLNSHIRE POLICE Policy Document
LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area
More informationBIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements
BIBH Duty Statements and Gvernance chart reviewed and apprved April 2014 BIBH Executive Gvernance & Management Arrangements BIBH COMMITTEE CEO - Paul O Cnnell Executive Secretary - Brian Firth Executive
More informationAudit Committee Charter
Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm
More informationNHVAS Mass Management Spot Check Checklist
Legal Entity Name f NHVAS Operatr: DTMR Representative: Lcatin: NHVAS Mass Management Spt Check Checklist Spt Check Date: Spt Check Number: DMS Number: 540/ The fllwing surces f evidence have been identified
More information67.50. Your child s health is our priority. Bupa schools scheme. bupa.co.uk ONLY PER TERM PER CHILD. Provided by
Prvided by Bupa schls scheme Yur child s health is ur pririty 67.50 PER TERM PER CHILD * ONLY bupa.c.uk *Thesubscriptinrateappliesfrmembershipyear1September2013 t31august2014.thissubscriptinrateincludesinsurancepremium
More informationFORM ADV (Paper Version) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS
APPENDIX A FORM ADV (Paper Versin) UNIFORM APPLICATION FOR INVESTMENT ADVISER REGISTRATION AND REPORT FORM BY EXEMPT REPORTING ADVISERS Frm ADV: General Instructins Read these instructins carefully befre
More informationFAYETTEVILLE STATE UNIVERSITY
FAYETTEVILLE STATE UNIVERSITY IDENTITY THEFT PREVENTION (RED FLAGS RULE) Authrity: Categry: Issued by the Fayetteville State University Bard f Trustees. University-Wide Applies t: Administratrs Faculty
More informationHow To Write A Scial Media Plicy
Scial Media Plicy Scial Media Plicy Recrd Number D14/78 Respnsible Manager Directr Business Supprt and Strategy Manager Custmer and Cmmunicatins Last reviewed 11 February 2014 Adptin reference Cuncil Reslutin
More informationUNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE
1. TITLE OF COMMITTEE UNIVERSITY INCIDENT PLANNING COMMITTEE University Incident Planning Cmmittee (IPC) 2. ESTABLISHMENT TERMS OF REFERENCE The University Incident Planning Cmmittee is established in
More informationMSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER
MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend
More informationProject Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES
Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care
More informationUNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES
UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative
More informationSelf- certification Criteria for companies participating in the European Self- Regulatory Programme on OBA. Document version: 1.1
Self- certificatin Criteria fr cmpanies participating in the Eurpean Self- Regulatry Prgramme n OBA Dcument versin: 1.1 Date: 16 Nvember 2012 Table f cntents 1. Intrductin 3 2. Criteria fr self- certificatin
More informationTexas Woman's University University Policy Manual
Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September
More informationMAYFAIR INSURANCE & MORTGAGE CONSULTANTS LTD 11 Lurke Street, Bedford MK40 3HZ Telephone: 01234 242900
MAYFAIR INSURANCE & MORTGAGE CONSULTANTS LTD 11 Lurke Street, Bedfrd MK40 3HZ Telephne: 01234 242900 Please read this dcument carefully as it sets ut the terms n which we agree t act fr ur clients and
More informationCROPREDY SURGERY Dr J Wright & Dr B Tucker
CROPREDY SURGERY Dr J Wright & Dr B Tucker POLICY - COMPLAINTS Intrductin The bjectives f the cmplaints plicy are as fllws. Any cmplaint is dealt with in an effective and timely manner The cmplainant is
More informationHealth and Safety Training and Supervision
Intrductin: Health and Safety Training and Supervisin University f Nttingham is cmmitted t maintaining and develping standards f excellence in all aspects f its business. T that end, the University aspires
More informationInternet and E-Mail Policy User s Guide
Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin
More informationRecords management guidance 12. Disposing of Information
Recrds management guidance 12 Dispsing f Infrmatin Dispsing f Infrmatin Why dispse f recrds? T save space, time and equipment. T find the right (versin f) infrmatin quickly and efficiently. T meet bligatins
More informationPrinciples of Engagement with Universities providing accredited Actuarial Science programmes
The Actuarial Prfessin Principles f Engagement with Universities prviding accredited Actuarial Science prgrammes 1. What is an accredited actuarial science prgramme? Accreditatin f university prgrammes
More informationFINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.
FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept
More informationHampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices
This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse
More informationProfessional indemnity insurance arrangements for enrolled nurses, registered nurses and nurse practitioners
Guideline August 2013 Prfessinal indemnity insurance arrangements fr enrlled nurses, registered nurses and nurse practitiners Intrductin This guideline has been develped by the Nursing and Midwifery Bard
More informationCHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC.
CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC. PURPOSE The purpse f the Cmpensatin Cmmittee f the Bard f Directrs (the Bard ) f Upland Sftware, Inc. (the Cmpany
More informationIssuing of qualifications and statement of attainment Policy and Procedures Version: 5.0 Last Modified: 12 February 2015
Issuing f qualificatins and statement f attainment Plicy and Prcedures Versin: 5.0 Last Mdified: 12 February 2015 Purpse Duke Cllege issues AQF certificatin dcumentatin nly t a learner whm it has assessed
More informationTHIRD PARTY PROCUREMENT PROCEDURES
ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central
More informationRemote Working (Policy & Procedure)
Remte Wrking (Plicy & Prcedure) Publicatin Scheme Y/N Department f Origin Plicy Hlder Authrs Can be published n Frce Website Prfessinal Standards Department (PSD) Ch Supt Head f PSD IT Security Officer
More informationE-Business Strategies For a Cmpany s Bard
DATATEC LIMITED BOARD CHARTER / TERMS OF REFERENCE 1. CONSTITUTION The primary bjective f the Cmpany s Bard Charter is t set ut the rle and respnsibilities f the Bard f Directrs ( the Bard ) as well as
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationTITLE: Supplier Contracting Guidelines Process: FIN_PS_PSG_050 Replaces: Manual Sections 6.4, 7.1, 7.5, 7.6, 7.11 Effective Date: 10/1/2014 Contents
TITLE: Supplier Cntracting Guidelines Prcess: FIN_PS_PSG_050 Replaces: Manual Sectins 6.4, 7.1, 7.5, 7.6, 7.11 Cntents 1 Abut university supplier cntracting... 2 2 When is a cntract required?... 2 3 Wh
More informationPlanning & Delivering Safe Work Railway Contractors Certificate Non Training Services v1.2. Keith Miller & Rebecca Pears
Planning & Delivering Safe Wrk Railway Cntractrs Certificate Nn Training Services v1.2 Keith Miller & Rebecca Pears Planning & Delivering Safe Wrk Backgrund / Histry Intrductin f Safe Wrk Leader Intrductin
More informationChristchurch Polytechnic Institute of Technology Access Control Security Standard
CPIT Crprate Services Divisin: ICT Christchurch Plytechnic Institute f Technlgy Access Cntrl Security Standard Crprate Plicies & Prcedures Sectin 1: General Administratin Dcument CPP121a Principles Infrmatin
More informationTechnical Writing - TheUsers Visa (SHR User Accunt)
POLICY Number: 7311-25-004 Title: Saskatn Health Regin User Accunt Plicy Authrizatin [ ] President and CEO [X] Vice President, Finance and Crprate Services Surce: Directr, Infrmatin Technlgy Services Crss
More informationEmployee Benefits Liability Policy
Plicy 10/3084 part 3 Emplyee Benefits Liability Plicy Summary Publicatin Date March 2015 Review Date March 2016 Related Legislatin/Applicable Sectin f Legislatin Related Plicies, Prcedures, Guidelines,
More informationMaster of Science Program Requirements in Earth Sciences
Master f Science Prgram Requirements in Earth Sciences 1. Read the Graduate Schl Rules fr a Master f Science Degree! We have a cuple f mre restrictive requirements, but the graduate schl requirements are
More informationA Comparison of UK and Chinese Broking Regulation
A Cmparisn f UK and Chinese Brking Regulatin David Cupe Partner +44 (0)203 553 4884 david.cupe@ec3legal.cm The fllwing tables are a cmparisn f UK and Chinese brking regulatins including the Llyd s regulatins.
More informationJohnston Public Schools Special Education Procedural Manual. IEP Overview
Jhnstn Public Schls Special Educatin Prcedural Manual IEP Overview Definitin The Individualized Educatin Prgram (IEP) is a written plan fr the apprpriate educatin f students with disabilities. It is a
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More information10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review
10 th May 2010 Mr. Peter Levy Audit Quality Strategic Review Crpratins and Financial Services Divisin The Treasury Langtn Crescent PARKES ACT 2600 Dear Peter, Re: Audit Quality in Australia: A Strategic
More informationPeratr Accreditatin and Services in Queensland
Infrmatin Bulletin PT 204/09.15 Operatr Accreditatin fr Limusine Services What is peratr accreditatin? The Transprt Operatins (Passenger Transprt) Act 1994 requires peratrs f public passenger services
More informationWaitemata District Health Board, 15 Shea Terrace, Takapuna
Date: Octber 2015 Jb Title: Quality and Audit Manager Department: Planning, Funding and Outcmes Unit Lcatin: Waitemata District Health Bard, 15 Shea Terrace, Takapuna Reprting t: Directr Funding Direct
More informationMajor Review of Progress for Masters by Research Programs
Return the cmpleted frm t the Adelaide Graduate Centre Level 6, 115 Grenfell Street SA 5005 Majr Review f Prgress fr Masters by Research Prgrams Divisin f the Deputy Vice-Chancellr and VicePresident (Research)
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationFinancial Accountability Handbook
Financial Accuntability Handbk >> Vlume 5 Reprting Systems Infrmatin Sheet 5.2 Preparatin f Financial Statements Intrductin The Financial Accuntability Act 2009 (the Act) and the Financial and Perfrmance
More informationMaryland General Service (MGS) Area 29 Treatment Facilities Committee (TFC) TFC Instructions
Maryland General Service (MGS) Area 29 Treatment Facilities Cmmittee (TFC) TFC Instructins Lve And Service Facility Presentatin t Patients We are frm Alchlics Annymus (AA), fr AA, and ur service is fr
More informationCommunal Property Institution Capacity Assessment Tool
Cmmunal Prperty Institutin Capacity Assessment Tl Intrductin t cmmunal prperty institutins Cmmunal prperty institutins (CPIs) Participants in the land refrm prgramme can hld prperty thrugh different frms
More informationPost-Baccalaureate Certificate Programs
Pst-Baccalaureate Certificate Prgrams Certificate prgrams benefit students and/r interest by prviding greater flexibility and brader training in areas related t the students' majr fields and making thse
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent
More informationIT CHANGE MANAGEMENT POLICY
IT CHANGE MANAGEMENT POLICY Effective Date May 19, 2016 Crss-Reference 1. IT Operatins and Maintenance Plicy 2. IT Security Incident Management Plicy Respnsibility Apprver Review Schedule 1. Plicy Statement
More information7 October 2011. Re: Themed Inspection into Third Party Personal Injury Claims. Dear
7 Octber 2011 Re: Themed Inspectin int Third Party Persnal Injury Claims Dear During 2011 the Central Bank f Ireland ( Central Bank ) undertk a themed inspectin prject in relatin t the prcessing f third
More informationACCREDITATION. Policy 60150: Substantive Change
ACCREDITATION Plicy 60150: Substantive Change 1. Purpse 2. Plicy The purpse f this plicy is t assist the Cllege with maintaining cmpliance with Cmprehensive Standard 3.12.1 f the Principles f Accreditatin
More informationHIPAA Compliance 101. Important Terms. Pittsburgh Computer Solutions 724-942-1337
HIPAA Cmpliance 101 Imprtant Terms Cvered Entities (CAs) The HIPAA Privacy Rule refers t three specific grups as cvered entities, including health plans, healthcare clearinghuses, and health care prviders
More informationLOUISIANA TECH UNIVERSITY Division of Student Financial Aid Post Office Box 7925 Ruston, LA 71272
LOUISIANA TECH UNIVERSITY Divisin f Student Financial Aid Pst Office Bx 7925 Rustn, LA 71272 Dear Financial Aid Applicant, Accrding t yur 2011-2012 Student Aid Reprt (SAR), yu did nt include any parental
More informationBank switching service - Regulation
versin 3.0-1/7/2011 Bank switching service - Regulatin This Regulatin cnstitutes the verall framewrk in which the participating banks in Belgium ffer cnsumers a bank switching service fr current accunts.
More information