Subject Access Request (SAR) Procedure

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Subject Access Request (SAR) Procedure"

Transcription

1 Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16

2 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave HR Business Manager Version: 2.0 Final Directorate: Finance Approved By: Information Governance Forum Date of Approval: March 2015 Date of Review: March 2017 Change History: Version Date Reviewer(s) Revision Description /08/2013 Anne Ephgrave Initial Draft /09/2013 Caroline Law Final /02/2015 Charlotte Travill Reformat 2.0 March 2015 Sarah Feal Review of subject matter, Roles and responsibilities 2.0 March 2015 Alan Pond Procedure Approved Implementation Plan: Development and Consultation Dissemination Training Monitoring Information Governance Forum Staff can access this policy via the Intranet and will be notified of new/revised versions via the staff briefing. This policy will be included in the CCG's Publication Scheme in compliance with the Freedom of Information Act (FOI) Subject Access Training will be provided to relevant staff. The procedure implementation will be monitored for effectiveness. Review Equality and Diversity Associated Documents This Subject Access Request Procedure will be reviewed bi-annually or in response to relevant organisational, regulatory or legislative changes. March Equality Impact Assessment March Privacy Impact Assessment Confidentiality Code of Conduct Information Governance Policy Records Management Policy East and North Hertfordshire Clinical Commissioning Group Page 2 of 16

3 References Access to Health Records Act 1990 Caldicott Guardian Manual 2010 Care Record Guarantee 2009 Data Protection Act 1998 Human Rights Act 1998 NHS Code of Confidentiality Records Management: NHS Code of Practice East and North Hertfordshire Clinical Commissioning Group Page 3 of 16

4 Contents Section No. Section Name Page No. 1.0 Introduction Scope Purpose Definitions Role & Responsibilities Procedure for who can make a request Who can make a request? Time limits for access provision Processing a subject access request 9 Appendix 1 Appendix 2 Subject Access Request (SAR) flow chart Chart 1: Requests from data subjects and third party Appendix 2: Subject Access Request (SAR) flow chart Chart 2: Requests from the police under Section 29 (3) Appendix 3 Appendix 3: Subject Access Request (SAR) Form 13 Appendix 4 Equality Impact Assessment Stage 1 Screening 15 Appendix 5 Privacy Impact Assessment Stage 1 Screening 16 East and North Hertfordshire Clinical Commissioning Group Page 4 of 16

5 1.0 Introduction 1.1 NHS East and North Hertfordshire Clinical Commissioning Group (CCG) is committed to being an organisation within which diversity, equality and human rights are valued. We will not discriminate either directly or indirectly and will not tolerate harassment or victimisation in relation to gender, marital status (including civil partnership), gender reassignment, disability, race, age, sexual orientation, religion or belief, trade union membership, status as a fixed-term or part-time worker, socio - economic status and pregnancy or maternity. 1.2 The CCG works to a framework for handling personal information in a confidential and secure manner to meet ethical and quality standards. This enables National Health Service organisations in England and individuals working within them to ensure personal information is dealt with legally, securely, effectively and efficiently to deliver the best possible care to patients and clients. 1.3 The CCG, via the Information Governance Toolkit, provides the means by which NHS England can assess compliance with current legislation, Government and National guidance. 1.4 Information Governance covers: Data Protection & IT Security (including smart cards), Human Rights Act, Caldicott Principles, Common Law Duty of Confidentiality, Freedom of Information Regulations and Information Quality Assurance. 2.0 Scope 2.1 This policy applies to all CCG staff members, including Governing Body Members and Practice Representatives whether permanent, temporary or contracted-in (either as an individual or through a third party supplier). 2.2 This procedure applies to all requests for access to personal data held by the CCG. 2.3 The rights to access under the Act extend only to living individuals. Requests for deceased patients records are made under the Access to Health Records Act 1990 (AHRA). 3.0 Purpose 3.1 An individual has the right to request: access to their records, subject to certain safeguards; copies of their records; have these records explained if they are illegible or unintelligible; to be informed of the purpose(s) their information is used for; and the source(s) of that data. 3.2 The purpose for this procedure is to ensure that an individual s rights under the Act are followed and that each SAR is treated equally within the law. East and North Hertfordshire Clinical Commissioning Group Page 5 of 16

6 3.3 This procedure will provide a framework for the CCG to ensure compliance with the Data Protection Act The procedure is supported by operational processes connected with the implementation of Subject Access Requests, as detailed in the document. 4.0 Definitions CCG DPA ICO PID SAR SIRO Clinical Commissioning Group Data Protection Act 1998 (the Act) Information Commissioner s Office Patient Identifiable Data Subject Access Request Senior Information Risk Owner Data Data subject Personal data Redact Third party/ Representative Information processed electronically or manually as part of a relevant filing system. An individual who is the subject of personal data. Data which relates to a living individual who can be identified from the data or from that data and other information which is in possession of the data controller (in this instance, the CCG). This is the separation of disclosable from non-disclosable information by clocking out individual words, sentences or paragraphs or the removal of whole pages or sections prior to the release of the document. (The National Archive) To edit or revise documents by removing text or images from a document A Person or organisation other than the data subject East and North Hertfordshire Clinical Commissioning Group Page 6 of 16

7 5.0 Roles and Responsibilities 5.1 Chief Executive The Chief Executive is the Accountable Officer and has ultimate responsibility for compliance with the Data Protection Act The Director of Nursing and Quality is the Caldicott Guardian The Caldicott Guardian is the conscience of the organisation and is responsible for ensuring that patient information is used, and shared in an appropriate, justifiable and secure manner. 5.3 The Chief Finance Officer is the Senior Information Risk Owner (SIRO) The SIRO is responsible for managing information risks and information incidents and is also the Information Governance Lead to the Governing Body. 5.4 Head of Information The Head of Information is the CCG s Information Governance Lead and is responsible for advising on IG strategic direction, leading on data protection, the development of policy and guidance for the CCG and the day to day management of the IG agenda, including; The successful implementation of the Data Protection Act 1998 work programme, The working practices carried out in the departments are in line with the organisation s IG policy, The staff are adequately trained and aware of their personal responsibilities for IG issues, Timely submission of the IG Toolkit, Responsible for identifying any additional resources required to implement the IG Strategy. 5.5 The Governance Support Officer The Governance Support Officer provides clerical support to the IG function and the IG Forum and is responsible for the administration of the Freedom of Information Act 2000 responses and the IG Toolkit. They may also receive subject access requests from patients which are logged and forwarded to the relevant department. 5.6 All CCG staff are responsible for: Ensuring compliance with the requirement of this procedure; Respecting the data subjects rights to confidentiality and actively responding to any concerns raised about confidentiality; and Ensuring they are fully aware of the Subject Access Request Procedure and are following the correct process as set out in this procedure when a subject access request is received. East and North Hertfordshire Clinical Commissioning Group Page 7 of 16

8 6.0 The procedure for making a request 6.1 Who can make a request? Requests from data subjects and/or their representatives (third party) The data subject A person or third party acting on behalf of the data subject and authorised in writing by the data subject can apply on their behalf. Such a person or third party can be a relative or a solicitor. Individuals requesting access on behalf of a child for whom they have parental responsibility. In certain situations a person granted an attorney or agent by the Court of Protection on behalf of an adult who is incapable of providing consent. Where the data subject has died their personal representative or any person having a claim arising from the death. Where the data subject has died, disclosure would be subject to the recorded wishes of the deceased data subject under the Access to Health Records Act. Guidance can be found in the Records Management Policy or by contacting the Information Governance Lead. Where the applicant is not the data subject, the applicant should have access to only the information which would otherwise have been available to the data subject, unless access to further information is deemed justifiable in exceptional circumstances. Where the applicant is not the data subject, access is not permitted where the holder of the records are of the opinion that the data subject gave the information or underwent the examination / investigation in the expectation that the information would be kept confidential Requests from the Police Under the DPA 1998, Section 29(3) the police may get information without seeking the consent of the individual(s). The police may access personal data for prevention or detection of crime, the apprehension or prosecution of offenders or taxation purposes. The police have a form specifically for this. It is referred to as a Section 29(3) form which allows them to approach any data controller (the CCG in this case) for information regarding an individual, in relation to the apprehension of an offender or for the prevention of a crime, or for the prosecution of a crime. The Section 29(3) must state the reason(s) for requesting specific information about a data subject and must be countersigned by a higher ranking officer. A section 29(3) form is the safe guard to the CCG for releasing the information to the police. The police must provide a complete and appropriately signed form to show that the information is needed to further their case, as per the Section 29(3) requirements. East and North Hertfordshire Clinical Commissioning Group Page 8 of 16

9 6.2 Time limits for access provision The CCG is required to respond to SARs within 40 calendar days from the date of receipt of the request for access. Failure to do so is a breach of the Act. 6.3 Processing a subject access request Step 1: Check that the request comes within the scope of the DPA. For Subject Access Request, this means that: the request has been received in writing (including or fax); the request for information is about the data subject who is a living individual; there is sufficient information to verify the data subject s identity; there is sufficient information to verify the authorised representative s identity; there is sufficient information to enable the organisation to locate the information required, N ote 1 : The application does not have to quote the Act to have the request treated as a subject access request. N ote 2 : Inform the Governance Support Officer upon receipt of SAR Step 2: Logging of SAR to register and allocation of unique reference number Log request in the SAR register and allocate unique reference number for the request. Acknowledgement of receipt of the request within 3 working days Step 3: Verify the identity of the data subject and/or their representative Indicate the measures to verify identity: A record should be kept of the measure of verification. These may include but are not limited to copies of drivers licence, passport and utility bills; Consent form - where a representative/third party puts in a requests on behalf of the data subject, ensure that there is signed consent notification provided by the data subject. Information can be requested from an individual to judge whether they are the person making the request. Photographic identity documents such as drivers licence or passport are more acceptable Step 4: Clarify the request (if necessary) If the request is too broad, contact the data subject or their representative to seek clarification or a narrowing of the request Step 5: Whether a fee will be charged. Inform data subject whether a fee is applicable N ote : The Act states a maximum fee of 10 for SAR. There are special rules that apply to fees for paper based health records. The maximum fee for paper based health records is currently 50 under the AHRA. East and North Hertfordshire Clinical Commissioning Group Page 9 of 16

10 6.3.6 Step 6: Calculate deadline for response (Update database) Provide timescale of processing (subject to fee/id confirmation provision and written consent where a representative puts in request) The 40 calendar day countdown stops until you are in receipt of the fee and any other required information e.g. ID or written consent Step 7: Look for information Electronic and manual or any other formats Step 8: Review information considering possible exemption Screen the collated personal data for duplicate records and redact. A copy of the disclosure bundle showing the redactions and the reasons behind them must be retained Step 9: Delivery method It is important that the information is delivered in a secure and confidential manner. If the requestor is able to collect the information in person, a time should be agreed for them to receive copies of their records. Prior to handing over the information, the person s identification needs to be checked to ensure that the information is provided to the right person. If the data subject prefers that the information is sent through post, this would have to be sent via recorded delivery and a copy of the delivery note kept Step 10: Respond to data subject The data subject should be provided with all the personal information relating to them which meets their request, that is not exempt and which will not disclose personal information relating to a third party (without their consent). N ote : Ensure the data subject is informed of his/her right of appeal to the Information Commissioner s Office Step 11: Update SAR request log Step 12: Inform Governance Support Officer for reporting purposes. East and North Hertfordshire Clinical Commissioning Group Page 10 of 16

11 A Appendix 1: Subject Access Request (SAR) flow chart Chart 1: Requests from data subjects and third party Request for information 1. Is the request in writing? 2. Is there enough information to find data? 1. Log details in SAR Log and allocate unique reference number 2. Inform Governance Support Officer Acknowledge receipt within 3 working days. Include as relevant: 1. SAR form for completion 2. And/or validation information request. 3. And/or request fee N 1. Does it include the data subjects validation information? 2. Does it include signed consent from data subject if from third party? 3. Is the correct fee enclosed? Y Confirm secure delivery method: Collection by data subject Collection by a confirmed representative (check ID) Post via recorded delivery Review information considering exemptions/ redaction Check for and collate requested information Retain copies of disclosed information. Keep list of reasons for redaction for reference 1. Respond to request 2. Inform user of right of appeal to ICO Update SAR Log Inform Governance Support Officer Process End East and North Hertfordshire Clinical Commissioning Group Page 11 of 16

12 Appendix 2: Subject Access Request (SAR) flow chart Chart 2: Requests from the police under Section 29 (3) Request for information 1. Is the request in writing? 2. Is there enough information to find data? 1. Log details in SAR Log and allocate unique reference number 2. Inform Governance Support Officer Acknowledge receipt within 3 working days. Request for a complete form which must include: 1. Statement of nature of enquiry 2. Specific information required 3. Name of requesting officer 4. Name and rank of authorising officer N 1. Does the request state the nature of the enquiry? 2. Does the request state name of the enquiring Officer? 3. The form must be counter-signed by a high ranking officer. Does the request state the name and rank of authorising officer? Y Confirm secure delivery method: Collection by requesting officer. (ID must be checked) Post via recorded delivery Review information considering exemptions/ redaction Check for and collate requested information Retain copies of disclosed information. Keep list of reasons for redaction for reference 3. Respond to request Update SAR Log Inform Governance Support Officer Process End East and North Hertfordshire Clinical Commissioning Group Page 12 of 16

13 Surname: Appendix 3: Subject Access Request (SAR) Form Section 1: First and middle names: Previously known as (if applicable) Your details Date of birth: (DD/MM/YYYY) Address: Telephone number: Section 2: Personal data requested Please provide as much details of personal data you request. Section 3: Additional document(s) required You must provide: Copies of two different documents as evidence of your identity and current address: (Original copies may be requested) A cheque or postal order for 10 made payable to: East and North Hertfordshire Clinical Commissioning Group. Section 4: Declaration of data subject I confirm that I am the data subject named in Section 1 and I am requesting access to my own personal data. I understand that the information I have supplied will be used to confirm my identity and assist in locating the information I have requested. Signed: Date: East and North Hertfordshire Clinical Commissioning Group Page 13 of 16

14 Section 5: Consent by data subject for representative/third party acting on their behalf I confirm that I am the data subject named in Section 1. I consent to the person or organisation named below to act on my behalf in relation to my subject access request. I have enclosed document(s) referred to in Section 3. I give consent for my personal data to be sent to my representative at the address provided below. Signed: Date: Third Party Details Name of Person/Organisation : Relationship to data subject: Address: Telephone number: Section 6: Returning your completed form Please send your completed form and additional information requested to: Governance Support Officer, NHS East and North Hertfordshire Clinical Commissioning Group, Charter House, Parkway, Welwyn Garden City, Hertfordshire, AL8 6JL East and North Hertfordshire Clinical Commissioning Group Page 14 of 16

15 Appendix 4: Equality Impact Assessment Stage 1 Screening 1. Procedure EIA Completion Details Title: Subject Access Request Procedure Proposed Existing Date of Completion: 27/03/2015 Names & Titles of staff involved in completing the EIA: Sarah Feal, Company Secretary Review Date:27/03/ Details of the Policy. Who is likely to be affected by this policy? Staff Patients Public 3. Impact on Groups with Protected Characteristics Age Being married or in a civil partnership Probable impact on group? Positive Adverse None High, Medium or Low Please explain your answers Disability, inc. learning difficulties, physical disability, sensory impairment etc. Having just had a baby or being pregnant Race, ethnicity, nationality, language etc. Religion or belief Sex (inc. being a transsexual person) Sexual Orientation Other: No impact on any of the groups above. Please explain and provide evidence 4. Which equality legislative Act applies to the policy? Human Rights Act 1998 Equality Act 2010 Health & Safety Regulations Mental Health Act 1983 Mental Capacity Act How could the identified adverse effects be minimised or eradicated? 6. How is the effect of the policy on different Impact Groups going to be monitored? East and North Hertfordshire Clinical Commissioning Group Page 15 of 16

16 Appendix 5: Privacy Impact Assessment Stage 1 Screening 1. Procedure PIA Completion Details Title: Subject Access Request Procedure Proposed Existing Date of Completion: 27/03/2015 Names & Titles of staff involved in completing the PIA: Sarah Feal, Company Secretary Review Date: 27/04/ Details of the Policy. Who is likely to be affected by this policy? Staff Patients Public Yes No Please explain your answers Technology Does the policy apply new or additional information technologies that have the potential for privacy intrusion? (Example: use of smartcards) Identity By adhering to the policy content does it involve the use or re-use of existing identifiers, intrusive identification or authentication? (Example: digital signatures, presentation of identity documents, biometrics etc.) By adhering to the policy content is there a risk of denying anonymity and de-identification or converting previously anonymous or de-identified data into identifiable formats? Multiple Organisations Does the policy affect multiple organisations? (Example: joint working initiatives with other government departments or private sector organisations) Data By adhering to the policy is there likelihood that the data handling processes are changed? (Example: this would include a more intensive processing of data than that which was originally expected) If Yes to any of the above have the risks been assessed, can they be evidenced, has the policy content and its implications been understood and approved by the department? Individuals will be required to provide documents to verify their identity. Yes, information will be exchanged securely. East and North Hertfordshire Clinical Commissioning Group Page 16 of 16

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

Annual Leave Policy. Document Owner East and North Herts Clinical Commissioning Group. 2 supercedes all previous Annual Leave Policies

Annual Leave Policy. Document Owner East and North Herts Clinical Commissioning Group. 2 supercedes all previous Annual Leave Policies Annual Leave Policy Document Owner Document Author East and North Herts Clinical Commissioning Group Anne Ephgrave Version Directorate Authorised By 2 supercedes all previous Annual Leave Policies Human

More information

SUBJECT ACCESS REQUEST PROCEDURE

SUBJECT ACCESS REQUEST PROCEDURE SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Subject Access Request Policy

Subject Access Request Policy Subject Access Request Policy Version Version 4.0 Ratified By Date Ratified 24th February 2015 Author(s) Responsible Committee / Officers Date Issue February 2015 Quality, Performance and Finance Committee

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

Travel and Expenses. Change History. Version Date Name Revision Description

Travel and Expenses. Change History. Version Date Name Revision Description Travel and Expenses Document Owner Helen Edmondson Document Author Version Anne Ephgrave Jenny Holland FINAL Directorate Human Resources Authorised By Date of Approval Date of Review (Approval body/manager)

More information

Subject Access Request Policy

Subject Access Request Policy Trust Policy Subject Access Request Policy Department / Service: Corporate Originator: Company Secretary Accountable Director: Director of Nursing Approved by: Information Governance Steering Group Trust

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Information Governance Policy_v2.0_060913_LP Page 1 of 14 Information Reader Box Directorate Purpose Document Purpose Document Name Author Corporate Governance Guidance Policy

More information

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation

Version Number Date Issued Review Date V1 25/01/2013 25/01/2013 25/01/2014. NHS North of Tyne Information Governance Manager Consultation Northumberland, Newcastle North and East, Newcastle West, Gateshead, South Tyneside, Sunderland, North Durham, Durham Dales, Easington and Sedgefield, Darlington, Hartlepool and Stockton on Tees and South

More information

E-Mail and Internet Policy

E-Mail and Internet Policy E-Mail and Internet Policy Document reference Title: E-Mail and Internet Policy Product ID: Version Number: 8.0 Status: Live Distribution / Issue date: 12 November 2014 Author: K. Fairbrother Review Period:

More information

Data Subject Access Request Procedure

Data Subject Access Request Procedure Data Subject Access Request Procedure Policy ID IG07 Version: 2.0 Ratified by: Executive Committee Name of originator/author: Justin Dix, Governing Body Secretary Name of responsible committee/individual:

More information

INFORMATION ASSURANCE DOCUMENTED PLAN

INFORMATION ASSURANCE DOCUMENTED PLAN NHS South West Lincolnshire Clinical Commissioning Group (CCG) INFORMATION ASSURANCE DOCUMENTED PLAN Document History: Document Reference: Document Purpose: IG18 To provide guidance to all CCG staff about

More information

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Approved No impact NHS Quality, Safety

More information

Subject Access Request Policy Number ID ID # 2011 075 Author: Nicola Bateman Author Job Title: Information Governance Manager Division: Corporate Department: Clinical Informatics Version Number: 2.1 Ratifying

More information

Information Governance Strategy 2015/16

Information Governance Strategy 2015/16 Information Governance Strategy 2015/16 Ratified Governing Body (November 2015) Status Final Issued November 2015 Approved By Executive Committee (August 2015) Consultation Equality Impact Assessment Internal

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

INFORMATION ASSURANCE DOCUMENTED PLAN

INFORMATION ASSURANCE DOCUMENTED PLAN INFORMATION ASSURANCE DOCUMENTED PLAN Document Reference: Document Purpose: IG20 Date Approved: Approving Committee: To provide guidance to all CCG staff about the CCG s documented plan for Information

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS North Durham Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS North Durham Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Risk and Audit Committee/Governing

More information

Subject Access Request Procedure (Data Protection) Doc No IMPR04 Rev 2 27/07/11. 1.0 Scope. 2.0 Responsibilities and Definitions

Subject Access Request Procedure (Data Protection) Doc No IMPR04 Rev 2 27/07/11. 1.0 Scope. 2.0 Responsibilities and Definitions Doc No IMPR04 1.0 Scope The Data Protection Act 1998 (DPA) provides individuals with rights in connection with personal data held about them. It provides those individuals with a right of access to that

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy ID IG02 Version: V1 Date ratified by Governing Body 27/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review date: September

More information

ENC Li Subject Access Request Procedure

ENC Li Subject Access Request Procedure Subject Access Request Procedure Version: 1.0 Page 1 of 23 Document control Document Information Document Name: Location: Consultation: Initial approval: Supersedes: Description: Audience: Contact details

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

NHS Commissioning Board: Information governance policy

NHS Commissioning Board: Information governance policy NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION

More information

Information Governance Policy

Information Governance Policy Author: Susan Hall, Information Governance Manager Owner: Fiona Jamieson, Assistant Director of Healthcare Governance Publisher: Compliance Unit Date of first issue: February 2005 Version: 5 Date of version

More information

Information Security Policy

Information Security Policy Information Security Policy JUNE 2014 Author Responsibility Lynda Harris, Head of Information Governance, Central Eastern CSU, Bedfordshire and Luton All staff Effective Date June 2014 Review Date June

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE

CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts

More information

TRAVEL AND EXPENSES POLICY & PROCEDURE

TRAVEL AND EXPENSES POLICY & PROCEDURE TRAVEL AND EXPENSES POLICY & PROCEDURE Document Owner Document Author Helen Edmondson Jenny Ambrose Hayley Byrne Anne Ephgrave Version 1.0 Directorate Human Resources Authorised By Executive Team Date

More information

ORBIT POLICY O-DPA01 DATA PROTECTION POLICY V1.1

ORBIT POLICY O-DPA01 DATA PROTECTION POLICY V1.1 ORBIT POLICY O-DPA01 DATA PROTECTION POLICY V1.1 1 Document Control Document Title DATA PROTECTION POLICY References O-DPA01 Version V1.1 Classification Unclassified Status Issued Last Review August 2011

More information

SOUTH CENTRAL AMBULANCE SERVICE NHS FOUNDATION TRUST. CORPORATE POLICY AND PROCEDURE (CPP No. 14) CLAIMS MANAGEMENT

SOUTH CENTRAL AMBULANCE SERVICE NHS FOUNDATION TRUST. CORPORATE POLICY AND PROCEDURE (CPP No. 14) CLAIMS MANAGEMENT SOUTH CENTRAL AMBULANCE SERVICE NHS FOUNDATION TRUST CORPORATE POLICY AND PROCEDURE (CPP No. 14) CLAIMS MANAGEMENT DOCUMENT INFORMATION Authors: Legal Claims Manager and Assistant Director of Quality This

More information

School Policy. Data Protection Policy and Procedures

School Policy. Data Protection Policy and Procedures School Policy Data Protection Policy and Procedures Introduction Our school gathers and uses personal information about staff, pupils, parents and other individuals who come into contact with the school

More information

Exit Questionnaire and Exit Interview Procedure

Exit Questionnaire and Exit Interview Procedure Exit Questionnaire and Exit Interview Procedure Procedure Reference Number: 2009.51 Approved: Name Date Author: Susan Poole 12/02/13 HR Advisor, Policy and Development Produced: 12/02/13 Review due: 3

More information

EQUALITY AND DIVERSITY POLICY

EQUALITY AND DIVERSITY POLICY Equality and Diversity Policy V1.2 Final 2015 33 30 EQUALITY AND DIVERSITY POLICY Author: Date of Release: 08 September 2015 Version No. & Status: V1.2 Final 2015 11 30 Approved By: Executive Management

More information

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014

CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014 CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY December 2014 DOCUMENT INFORMATION Author: Barbara Sansom Information Governance Manager Equality Impact Assessment Consultation & Approval

More information

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16

NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group. Information Governance Strategy 2015/16 NHS Hartlepool and Stockton-on-Tees Clinical Commissioning Group Information Governance Strategy 2015/16 Document Status Equality Impact Assessment Final No impact Document Ratified/Approved By Hartlepool

More information

Information Governance Policy

Information Governance Policy Information Governance Policy REFERENCE NUMBER IG 101 / 0v3 May 2012 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive 4.9.12 REVIEW DUE DATE May 2015 West Lancashire CCG is committed to ensuring

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

Access to Health Records

Access to Health Records Access to Health Records Crown Heights Medical Centre Procedure Access to Health Records ACCESS TO MEDICAL RECORDS (DATA PROTECTION) POLICY INTRODUCTION The Access to Health Records Act 1990 gave individuals

More information

Glyncoed Primary School. Data Protection Policy

Glyncoed Primary School. Data Protection Policy Glyncoed Primary School Data Protection Policy Date agreed: March 2015 Review date: March 2017 1 Data Protection Policy Glyncoed Primary School collects and uses personal information about staff, pupils,

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES 1 1 Definitions In these conditions:- We means Scotland s Commissioner for Children and Young People,

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

Data Protection Policy

Data Protection Policy Issue Date: June 2014 Document Number: POL_1006 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading length; please depending delete other on line length;

More information

Complaints Policy. Complaints Policy. Page 1

Complaints Policy. Complaints Policy. Page 1 Complaints Policy Page 1 Complaints Policy Policy ref no: CCG 006/14 Author (inc job Kat Tucker Complaints & FOI Manager title) Date Approved 25 November 2014 Approved by CCG Governing Body Date of next

More information

IG: Third Party Contracts and Contractors Policy

IG: Third Party Contracts and Contractors Policy IG: Third Party Contracts and Contractors Policy Document Summary This policy provides guidance on the Information Governance arrangements that need to be considered and / or implemented when engaging

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting

More information

Surrey & Sussex Healthcare NHS Trust

Surrey & Sussex Healthcare NHS Trust Surrey & Sussex Healthcare NHS Trust An Organisation-wide Policy for Information Governance (IG) Version 1.3 Status Ratified Date Ratified March 2008 Name of Owner Name of Sponsor Group Name of Ratifying

More information

Controlled document This document is uncontrolled when downloaded or printed. Joint Consultative Committee

Controlled document This document is uncontrolled when downloaded or printed. Joint Consultative Committee RETIREMENT POLICY Controlled document This document is uncontrolled when downloaded or printed. Reference number Version 9 Author WHHT:

More information

SOUTH CENTRAL AMBULANCE SERVICE NHS FOUNDATION TRUST CORPORATE POLICY AND PROCEDURE NO.14 CLAIMS MANAGEMENT

SOUTH CENTRAL AMBULANCE SERVICE NHS FOUNDATION TRUST CORPORATE POLICY AND PROCEDURE NO.14 CLAIMS MANAGEMENT SOUTH CENTRAL AMBULANCE SERVICE NHS FOUNDATION TRUST CORPORATE POLICY AND PROCEDURE NO.14 CLAIMS MANAGEMENT DOCUMENT INFORMATION Author: Jill Hall Corporate Secretary This document replaces: SCAS Claims

More information

SUBJECT ACCESS REQUEST PROCEDURE

SUBJECT ACCESS REQUEST PROCEDURE This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version SUBJECT ACCESS REQUEST PROCEDURE DOCUMENT CONTROL Type of Document Document Title Description:

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Date approved by Heads of Service 3 June 2014 Staff member responsible Director of Finance and Corporate Services Due for review June 2016 Data Protection Policy Content Page 1 Purpose

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

SINGLE EQUALITY POLICY

SINGLE EQUALITY POLICY SINGLE EQUALITY POLICY BUILDING FUTURES CHANGING LIVES We are committed to Equality and Diversity and to selection on merit. We welcome applications from all sections of society. Legislative Framework

More information

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy

More information

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Employment Policies and Procedures

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Employment Policies and Procedures The Newcastle upon Tyne Hospitals NHS Foundation Trust Employment Policies and Procedures Mobile Telephone and Telephone Expenses Reimbursement Policy Version No.: 1.0 Effective Date: 3 January 2013 Expiry

More information

Information Governance Framework and Strategy. November 2014

Information Governance Framework and Strategy. November 2014 November 2014 Authorship : Committee Approved : Chris Wallace Information Governance Manager CCG Senior Management Team and Joint Trade Union Partnership Forum Approved Date : November 2014 Review Date

More information

Newcastle Safeguarding Children Board Multi-agency information sharing agreement

Newcastle Safeguarding Children Board Multi-agency information sharing agreement Newcastle Safeguarding Children Board Multi-agency information sharing agreement March 2016 Introduction Newcastle Safeguarding Children Board (NSCB) is the strategic body for promoting and safeguarding

More information

Complaints Policy and Procedures

Complaints Policy and Procedures Complaints Policy and Procedures Document Owner Sheilagh Reavey, Director of Nursing and Quality Document Author Sheilagh Reavey, Director of Nursing and Quality Version 1 Directorate Nursing and Quality

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Name of Policy Author: Name of Review/Development Body: Ratification Body: Ruth Drewett Information Governance Steering Group Committee Trust Board : April 2015 Review date:

More information

Safe Haven Policy. Equality & Diversity Statement:

Safe Haven Policy. Equality & Diversity Statement: Title: Safe Haven Policy Reference No: 010/IT Owner: Deputy Chief Officer Author Information Governance Lead First Issued On: November 2012 Latest Issue Date: March 2015 Operational Date: March 2015 Review

More information

Equality, Diversity & Inclusion Policy

Equality, Diversity & Inclusion Policy Equality, Diversity & Inclusion Policy Approved Approved by Governance Board: 25/11/2015 Posted on Virtual Learning Environment: Posted on the website/online booking (if applicable): January 2016 To be

More information

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework

Barnsley Clinical Commissioning Group. Information Governance Policy and Management Framework Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Introduction The Data Protection Act 1998 gives individuals the right to know what personal information is held about them. It provides a framework to ensure that the Office of the

More information

Mental Health Act Code of Practice. Professions and Care Standards Liz Johnson - Head of Equality and Inclusion. Group

Mental Health Act Code of Practice. Professions and Care Standards Liz Johnson - Head of Equality and Inclusion. Group Policy: Equality and Human Rights Executive or Associate Director lead Policy author/ lead Feedback on implementation to Liz Lightbown - Executive Director of Nursing, Professions and Care Standards Liz

More information

St Margaret s CE Primary school, Withern Data Protection Policy

St Margaret s CE Primary school, Withern Data Protection Policy St Margaret s CE Primary school, Withern Data Protection Policy Reference Points Data Protection Act 1998 See https://www.gov.uk/data-protection/the-data-protection-act Information Commissioners' Office

More information

MODEL DECLARATION FORM A

MODEL DECLARATION FORM A MODEL DECLARATION FORM A Guidance for applicants The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales). When South Central Ambulance

More information

promoting equal opportunity, eliminating unlawful racial discrimination promoting good relations between different racial groups.

promoting equal opportunity, eliminating unlawful racial discrimination promoting good relations between different racial groups. The Statutory Duties Appendix 1 The Race, Disability and Gender Equality duties require public bodies to have due regard to the need to eliminate discrimination and to promote equality in employment and

More information

Information Governance Policy and Management Framework

Information Governance Policy and Management Framework Information Governance Policy and Management Framework Policy Number: IG01 Version: 3.0 Ratified by: Governing Body Date ratified: February 2016 Name of originator/author: Louise Chatwyn Information Governance

More information

SUBJECT ACCESS REQUEST

SUBJECT ACCESS REQUEST DATA PROTECTION ACT 1998 SUBJECT ACCESS REQUEST Procedure Manual 1 Invest NI Subject Access Request Procedure Manual 1. Introduction 1.1 What is a Subject Access Request? 1.2 Routine Requests 1.3 What

More information

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Occupational Health Records Management and Retention Operational Policy

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Occupational Health Records Management and Retention Operational Policy The Newcastle upon Tyne Hospitals NHS Foundation Trust Occupational Health Records Management and Retention Operational Policy Version No. 1.0 Effective From: 9 October 2013 Expiry Date: 30 September 2016

More information

Historic Environment Scotland

Historic Environment Scotland Historic Environment Scotland Data Protection Policy September 2015 Document Control Title Data Protection Policy Author Head of Records Management Approved by HES Board Date of Approval 16/11/2015 Version

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

Child and Adult Services Subject Access Requests Guidance

Child and Adult Services Subject Access Requests Guidance Child and Adult Services Subject Access Requests Guidance This Guidance is not applicable to Access to Information requests about Adoption. For requests about Adoption please consult the Adoption and Children

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Bring Your Own Device (BYOD) Policy

Bring Your Own Device (BYOD) Policy Bring Your Own Device (BYOD) Policy Document History Document Reference: Document Purpose: Date Approved: Approving Committee: To set out the technical capabilities of the chosen security solution Airwatch

More information

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Claims Management Policy

The Newcastle upon Tyne Hospitals NHS Foundation Trust. Claims Management Policy The Newcastle upon Tyne Hospitals NHS Foundation Trust Claims Management Policy Version.: 6.0 Effective From: 16 July 2015 Expiry Date: 16 July 2017 Date Ratified: 23 June 2015 Ratified By: Clinical Policy

More information

Information Management Policy CCG Policy Reference: IG 2 v4.1

Information Management Policy CCG Policy Reference: IG 2 v4.1 Information Management Policy CCG Policy Reference: IG 2 v4.1 Document Title: Policy Information Management Document Status: Final Page 1 of 15 Issue date: Nov-2015 Review date: Nov-2016 Document control

More information

Grievance and Disputes Policy and Procedure. Document Title. Date Issued/Approved: 10 August 2010. Date Valid From: 21 December 2015

Grievance and Disputes Policy and Procedure. Document Title. Date Issued/Approved: 10 August 2010. Date Valid From: 21 December 2015 POLICY UNDER REVIEW Please note that this policy is under review. It does, however, remain current Trust policy subject to any recent legislative changes, national policy instruction (NHS or Department

More information

NHS Business Services Authority Information Governance Policy

NHS Business Services Authority Information Governance Policy NHS Business Services Authority Information Governance Policy NHS Business Services Authority Corporate Secretariat NHSBSAIGM002 Issue Sheet Document reference NHSBSAIGM002 Document location F:\CEO\IGM\Info

More information

Equality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11

Equality and Diversity Policy. Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Equality and Diversity Policy Author: Deputy Director of HR Version Number: V.2.00 Date: 27/01/11 Approval and Authorisation Completion of the following signature blocks signifies the review and approval

More information

West Sussex County Council. Guidance on Information Law for Schools

West Sussex County Council. Guidance on Information Law for Schools This guidance recognises that schools already deal with a great variety and number of requests for information and provides a straightforward approach to compliance with the following legislation: Education

More information

Job Description. Line Management of a small team of staff administrating and managing patient and professional feedback and incidents.

Job Description. Line Management of a small team of staff administrating and managing patient and professional feedback and incidents. Job Description Job Title Pay Band Base Dept./Team Responsible to Accountable to Responsible for Complaints, Incidents and Governance Manager New Alderley House, Macclesfield Eastern Cheshire Clinical

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

Information Assurance Policies and Guidance. Information Governance Policy. Document Version: v0.5 Review Date: 1 May 2016

Information Assurance Policies and Guidance. Information Governance Policy. Document Version: v0.5 Review Date: 1 May 2016 Information Assurance Policies and Guidance Information Governance Policy Document Version: v0.5 Review Date: 1 May 2016 Owner: Information Governance Manager 1 P a g e Document History Revision Version

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Information Security Policy

Information Security Policy Information Security Policy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

Records Management Policy

Records Management Policy Records Management Policy Document information Document type: Operational Policy Document title: Records Management Policy Document date: November 2014 Author: NHS South Commissioning Support Unit, Information

More information

Data Protection Policy

Data Protection Policy London Borough of Enfield Data Protection Policy Author Mohi Nowaz Classification UNCLASSIFIED Date of First Issue 10/08/2012 Owner IGB Issue Status DRAFT Date of Latest Re-Issue 12/09/2012 Version 0.6

More information

USE OF PERSONAL MOBILE DEVICES POLICY

USE OF PERSONAL MOBILE DEVICES POLICY Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014

More information

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.

Date of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE. Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5

More information

Vyners Learning Trust Data Protection and Retention Policy

Vyners Learning Trust Data Protection and Retention Policy Vyners Learning Trust Data Protection and Retention Policy 1. Background Vyners Learning Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact

More information