The CPS incorporates RCPO. CPS Data Protection Policy
|
|
- Rodney Fields
- 7 years ago
- Views:
Transcription
1 The CPS incorporates RCPO CPS Data Protection Policy
2 Contents Introduction 3 Scope 4 Roles and Responsibilities 4 Processing Criminal Cases 4 Information Asset Owners 5 Information Asset Register 5 Information Management Advisors 5 Other processing 6 Retention of personal data 6 Access Rights 7 Sharing personal data 7 Information Security 7 Protecting Information learning module 8 Review 8 Version 5.0 2
3 Introduction 1. This document sets out the way in which the Crown Prosecution Service (CPS) complies with the Data Protection Act 1998 ( the Act ). 2. The CPS is the Government Department responsible for prosecuting criminal cases investigated by the police in England and Wales. As the principal prosecuting authority in England and Wales, the CPS is responsible for: advising the police on cases for possible prosecution; reviewing cases submitted by the police; determining any charges in more serious or complex cases; preparing cases for court; presenting cases at court. The collection and processing of personal data and sensitive personal data is therefore essential to the CPS. 3. The Act sets out a number of legal obligations to protect personal information about individuals. The CPS must comply with the 8 data protection principles when processing personal data: Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless- (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in a manner incompatible with that purpose or those purposes. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. Personal data shall be accurate and, where necessary, kept up to date. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Personal data shall be processed in accordance with the rights of data subjects under this Act. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. 4. The CPS is committed to complying with the Act and does so by ensuring data protection requirements are included in the development of all procedures and processes across the organisation. Version 5.0 3
4 Scope 5. This policy is an overarching document that sets out the CPS position. There are existing resources and policies on our Infonet and on the CPS website on data protection. 6. The scope of this policy is as follows: processing criminal cases other processing done by Directorates/Areas retention policy access to staff personnel file, subject access requests and access rights information security Roles & Responsibilities 7. All employees (including contractors) have a personal responsibility to comply with the Act. Employees must report any concerns they have to line managers where it is known that data protection procedures are not being adhered to or where the likelihood of a breach may occur. Additionally, if there are strong grounds to believe that security breaches may occur, for example, due to vulnerable procedures in place or by individuals, this must also be reported. 8. Managers have a responsibility to ensure that all reports of data protection breaches are taken seriously, and managed in accordance with the procedures. Where necessary, corrective action should be taken and, if appropriate, consideration given to taking disciplinary action in accordance with the departmental Disciplinary Policy. 9. Where criminal activity is suspected or identified, the matter must be raised with the Departmental Security Officer (DSO). 10. The Information Management Unit (IMU) in the Business Information Systems Directorate is responsible for issuing guidance on compliance with the Act and for dealing with all subject access requests. Processing Criminal Cases 11. The CPS is responsible for prosecuting criminal cases and prosecutes approximately one million cases per year. The data protection risks connected to these prosecutions are self evident and the consequences of a breach are very serious. It is therefore vital that staff are fully aware of the CPS obligations under the Act. 12. The CPS Information Charter explains how and why the CPS processes personal data relating to members of the public. This document is available on the CPS website: The CPS uses an electronic Case Management System (CMS) to manage the prosecution process. CMS is a national case management system and includes an element which manages witness information the Witness Management System (WMS). (Throughout the document it should be assumed that any reference to CMS includes WMS). Version 5.0 4
5 14. CMS is a bespoke system and has significant security features built into it. Access is controlled at CPS Area level cases on CMS relating to a particular CPS Area can only be seen by staff working in that Area. Furthermore, access to certain high profile cases can be restricted to the members of staff working on the case. Guidance has been issued by the Departmental Security Unit (DSU) on restricting access to cases. 15. Staff cannot access CMS without first completing online training and then attending a classroom training session. 16. Currently there are a significant number of cases in which the master file is held in paper. However, the CPS is moving into a world where all cases will be prosecuted using an electronic file. 17. The DSU issue guidance on the physical security requirements for CPS offices in order that paper files held in offices are appropriately protected. CPS has a national contract with a file storage company which includes the CPS security requirements with regard to its paper files. Information Asset Owners (IAOs) 18. Each CPS Area and Directorate has an IAO; this is usually the Chief Crown Prosecutor or the Head of Directorate. The IAO is responsible for fostering a culture that protects information, knowing what information the assets hold, knowing who has access to these assets and why and understanding and addressing any risks to the assets. Information Asset Register 19. The Information Commissioner s Office audit of the CPS in May 2011 highlighted the need for the CPS to have an Information Asset Register (IAR); in addition to this the Government s Security Policy Framework (SPF) mandates that all information assets should be identified and valued, in terms of the impact from loss of confidentiality, integrity and availability. 20. The key purpose of the IAR is to document the links between our assets and business requirement; to identify what data we hold and that it is held securely. Each asset will have an Information Asset Owner (IAO), who will be responsible for that collection of information its storage, sharing, retention and archiving. 21. Once completed, sections of the IAR will be made publicly available via the CPS website in keeping with the Government s transparency agenda. Information Management Advisor (IMA) role 22. IMAs, under the direction of the IAO, are responsible for the implementation of information management within their Area or Directorate. IMAs issue local instructions and manage information management processes locally. 23. There are regular training sessions for IMAs organised by the DSU and the IMU which cover, amongst other things, data protection compliance and security. Version 5.0 5
6 Other processing done by CPS Areas/Directorates 24. This section will cover the main processing operations across the CPS other than in criminal cases. 25. There is a page on the Infonet on data protection which includes a Data Protection Compliance Guidance for Staff. 26. The HR Directorate processes personal data relating to all staff. The Finance Directorate process personal data relating to staff, to counsel, to contractors and to victims and witnesses in connection with expenses. Sharepoint (also known as KIM) and other IT systems are used for this processing. KIM is a successful aspect of the T3 programme which has enabled the CPS to carry out more work electronically. There are a number of KIM-based systems used; each one has been through an assurance process. The person developing the KIM site is taken through inbuilt decision making processes and an approach to development of the new site is recommended based upon their answers. 27. Furthermore, the CPS is committed to carrying out a Privacy Impact Assessment (PIA), in line with Cabinet Office and ICO guidance, on all new ICT systems. Broadly speaking a Privacy Impact Assessment (PIA) is a process which helps assess privacy risks to individuals in the collection, use and disclosure of information. PIAs help identify privacy risks, foresee problems and bring forward solutions. A PIA will also identify data protection compliance liabilities for the CPS and protect the CPS's reputation. 28. For some smaller scale systems a Data Protection Act Compliance Check will be carried out. This aims to assist the organisation proposing change to investigate whether the personal information aspects of their project comply with the data protection principles in Schedule 1 of the Act. 29. There is a questionnaire on the CPS Infonet for staff to complete when a new system is being implemented. The information provided on this questionnaire is sent to the IMU to consider whether a PIA is necessary or a Data Protection Act Compliance check will suffice. No new system can be fully implemented without this assessment. The questionnaire is available on the Infonet: %20Compliance/NewForm.aspx?Source= /Lists/KIM%2520Data%2520Protection%2520Compliance/overview.aspx Retention of personal information 30. The CPS has a retention schedule contained in the Records Management Manual. This manual is available to all staff on the Infonet. The CMS referred to above, which is used for managing cases, has built in retention periods depending on the type of case; electronic case related material is therefore automatically deleted. 31. Areas and Directorates across the CPS are responsible for ensuring that their paper records are managed and destroyed in line with the retention schedule. Version 5.0 6
7 32. The CPS also has a policy for the removal of personal information from its website. This document is itself available on the website: Access rights 33. The CPS has a centralised unit that manages requests made under the Act. Requests made under the subject access right are known as subject access requests (SARs) and are all dealt with by the IMU. 34. The CPS has in place an informal access route for staff to view their personnel file. Staff can contact their local HR Advisor in order to arrange to view their personnel file without having to make a formal request under the Act. 35. Requests for personal data from criminal case files for specific purposes, such as in connection with legal proceedings or for the purposes of decisions made by regulatory bodies, are dealt with by the relevant CPS Area in line with the Disclosure of Material to Third Parties legal guidance: aspx?&chapterid=141 Sharing personal data 36. The CPS is committed to setting up Data Sharing Protocols where personal data is regularly being requested from other organisations. A Data Sharing Protocol enables the CPS to consider whether the processing is necessary, ensure it is done in line with the Act and to set out the type of information being shared and the responsibilities of the organisations involved. 37. Guidance is available to all staff on the Infonet regarding when a Data Sharing Protocol should be considered. The IMU will work with the Area or Directorate and the other organisation(s) involved to draft a protocol. Information Security 38. A large proportion of the information the CPS processes is sensitive personal data as defined in section 2 of the Data Protection Act 1998; it therefore requires extra protection. 39. The CPS ICT systems provide access to a wide range of sensitive information which the Department has a duty of care to handle appropriately and securely. Given the sensitivity of data and the potential impact upon CPS reputation all staff have a responsibility to protect the information the CPS processes and the systems and equipment the CPS uses. 40. There is a dedicated page on the Infonet to all aspects of ICT security and general data handling setting passwords, working on a laptop, blackberry or mobile phone policy and using the internet. 41. Information is vital to the CPS and it is important we work securely and protect it. There is a page on the CPS Infonet dedicated to general security advice and CPS policies on non-ict matters such as post handling, handling protectively marked material and serving evidence on CD/DVD. Version 5.0 7
8 42. Staff must report any security incident. There is a Security Incident Policy and this must be followed should a security incident happen. A security incident is defined in general terms as the compromise of confidentiality, integrity and availability of CPS assets. 43. Security incidents may include a range of situations which could lead to damage, such as operational effectiveness, harm to reputation both organisationally and personally and in the most extreme cases can lead to prejudice of national security, result in crime and even endanger lives. All security incidents, or potential incidents, are taken seriously and investigated in a swift and proportionate manner. 44. Failure to report a security incident could result in disciplinary action. Any queries in relation to the incident reporting process should be directed to the DSU: Departmental Security Unit Mailbox: Departmentalsecurityunit@cps.gsi.gov.uk 45. It is a mandatory requirement that staff using specific IT applications which contain case related information undertake specific training prior to its use. This ensures staff are aware of the sensitivity of the information contained on these systems and know how to use it appropriately. Protecting Information Learning Module 46. All CPS staff are required to do the Protecting Information learning module (level one) and this is now included within staff induction programmes. In addition to the level one training course IAOs and senior managers must also complete the level two of the Protecting Information module. 47. This module covers the handling, sharing and management of information. Staff are required to achieve a pass mark of 80%. Review 48. This policy was produced in September 2012 and will be routinely reviewed every two years. It will be updated as and when required by developments in data protection and security. Version 5.0 8
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationINFORMATION GOVERNANCE AND DATA PROTECTION POLICY
INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy
More informationINFORMATION GOVERNANCE STRATEGY
INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationInformation Governance and Assurance Framework Version 1.0
Information Governance and Assurance Framework Version 1.0 Page 1 of 19 Document Control Title: Original Author(s): Owner: Reviewed by: Quality Assured by: Meridio Location: Approval Body: Policy and Guidance
More informationCleveland Police. Data protection audit report. Executive summary November 2014
Cleveland Police Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationDATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;
DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationInformation Security Management System (ISMS) Policy
Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from
More informationInformation Security Incident Management Policy
Information Security Incident Management Policy Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT Policy & Regulation
More informationData Protection Procedures
Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date Approving Body N/A Governing Body Date of Approval
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationTasmanian Government Information Security Framework
Tasmanian Government Information Security Framework Tasmanian Government Information Security Charter Version 1.0 May 2003 Department of Premier and Cabinet Inter Agency Policy And Projects Unit 1 Purpose
More informationProcedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom
Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationInformation Governance Policy
Information Governance Policy Version 1.1 Responsible Person Information Governance Manager Lead Director Head of Corporate Services Consultation Route Information Governance Steering Group Approval Route
More informationData Protection Policy
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
More informationRecords Management Policy & Guidance
Records Management Policy & Guidance COMMERCIALISM Document Control Document Details Author Nigel Spencer Company Name The Crown Estate Department Name Information Services Document Name Records Management
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationIssue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager
Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security
More informationPolicy Checklist. Head of Information Governance
Policy Checklist Name of Policy: Information Governance Policy Purpose of Policy: To provide guidance to all staff on their responsibilities regarding information governance and to ensure that the Trust
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationAuditing data protection a guide to ICO data protection audits
Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationInformation Management Strategy. July 2012
Information Management Strategy July 2012 Contents Executive summary 6 Introduction 9 Corporate context 10 Objective one: An appropriate IM structure 11 Objective two: An effective policy framework 13
More informationWe then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.
Good Practice Audit outcomes analysis Police Forces April 2013 to April 2014 This report is based on the final audit reports the ICO completed in the Criminal Justice sector, specifically of Police forces,
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Information Governance Policy Version: 5 Reference Number: CO44 Keywords: Information Governance Supersedes Supersedes: Version 4 Description of Amendment(s):
More informationHow To Protect School Data From Harm
43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:
More informationInformation Governance Policy
Information Governance Policy Policy Summary This policy outlines the organisation s approach to the management of Information Governance and information handling. It explains the accountability and reporting
More informationSomerset County Council - Data Protection Policy - Final
Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council
More informationCriminal Injuries Compensation Authority. Data protection audit report
Criminal Injuries Compensation Authority Data protection audit report Executive summary January 2016 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with
More informationCPS SECURITY & INFORMATION RISK MANAGEMENT POLICY CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014
CPS SECURITY & INFORMATION RISK MANAGEMENT POLICY 2013-2014 1 Version 1.0 CONTENTS Security Risks 3 Information Assurance Risk 3 Spreading Best Practice 3 Reporting Risks Upwards 4 Typical Risk Escalation
More informationRick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
More informationPS177 Remote Working Policy
PS177 Remote Working Policy January 2014 Version 2.0 Statement of Legislative Compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data Protection
More informationWest Dunbartonshire Council. Follow-up data protection audit report
West Dunbartonshire Council Follow-up data protection audit report Auditors: Lee Taylor (Audit Team Manager) Jonathan Kay (Engagement Lead Auditor) Data controller contacts: Michael Butler (Data Protection/Information
More informationCorporate Information Security Policy
Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives
More informationInformation Governance Policy
Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date
More informationInformation Governance Framework
Information Governance Framework Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date: March
More informationUNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY
UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY 1. Purpose 1.1 The Data Protection Act 1998 ( the Act ) has two principal purposes: i) to regulate the use by those (known as data controllers) who obtain,
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationIT SECURITY POLICY (ISMS 01)
IT SECURITY POLICY (ISMS 01) NWAS IM&T Security Policy Page: Page 1 of 14 Date of Approval: 12.01.2015 Status: Final Date of Review Recommended by Approved by Information Governance Management Group Trust
More informationIslington Data Protection Policy. A council-wide information policy Version 1.1 June 2014
A council-wide information policy Version 1.1 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document is distributed under the Creative Commons Attribution 2.5 license.
More informationNHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé
NHS HDL (2006)41 abcdefghijklm = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé Dear Colleague NHSSCOTLAND INFORMATION SECURITY POLICY Summary 1. NHSScotland IT Security Policy was
More informationBarnsley Clinical Commissioning Group. Information Governance Policy and Management Framework
Putting Barnsley People First Barnsley Clinical Commissioning Group Information Governance Policy and Management Framework Version: 1.1 Approved By: Governing Body Date Approved: 16 January 2014 Name of
More informationOFFICIAL. NCC Records Management and Disposal Policy
NCC Records Management and Disposal Policy Issue No: V1.0 Reference: NCC/IG4 Date of Origin: 12/11/2013 Date of this Issue: 14/01/2014 1 P a g e DOCUMENT TITLE NCC Records Management and Disposal Policy
More informationInformation Governance Policy (incorporating IM&T Security)
(incorporating IM&T Security) ONCE PRINTED OFF, THIS IS AN UNCONTROLLED DOCUMENT. PLEASE CHECK THE INTRANET FOR THE MOST UP TO DATE COPY Target Audience: All staff employed or working on behalf of the
More informationInformation Governance Policy
Information Governance Policy Information Governance Policy Issue Date: June 2014 Document Number: POL_1008 Prepared by: Information Governance Senior Manager Insert heading depending on Insert line heading
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationRECORDS MANAGEMENT POLICY
[Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body
More informationAn overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
More informationDate of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.
Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5
More informationInformation Governance Strategy. Version No 2.1
Livewell Southwest Information Governance Strategy Version No 2.1 Notice to staff using a paper copy of this guidance. The policies and procedures page of LSW Intranet holds the most recent version of
More informationData Protection Policy Information for Clients
Data Protection Policy Information for Clients Foreword This document outlines Numis Securities Limited s ( the Firm or Numis ) legal obligations and policy on data protection. Further information can
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationPolice use of Firearms
CODE OF PRACTICE ON Police use of Firearms and Less Lethal Weapons Contents 1. Introduction 1.1 Purpose of the code 1 1.2 Statutory basis of the code 1 1.3 Weapons covered by this code 2 1.4 Armed support
More informationInformation and Data Security
Information and Data Security Guidance for Knowsley Schools Version 4.0 Version Control Record: Revision Date Author Summary of Changes V1.0 19 th November 2008 L Hornsby V2.0 18 February 2010. Maria Bannister
More informationInformation Governance Policy A council-wide information management policy. Version 1.0 June 2013
Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This
More informationPolicy on Public and School Bus Closed Circuit Television Systems (CCTV)
DEPARTMENT OF TRANSPORT Policy on Public and School Bus Closed Circuit Television Systems (CCTV) Responsibility of: Public Transport Division TRIM File: DDPI2010/3680 Effective Date: July 2010 Version
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Page 1 of 46 Policy Title: Executive Summary: Information Governance Policy This policy seeks to identify the actions required to ensure that information is appropriately
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationHMG Security Policy Framework
HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationINFORMATION GOVERNANCE HANDBOOK
INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015
More informationIM&T Infrastructure Security Policy. Document author Assured by Review cycle. 1. Introduction...3. 2. Policy Statement...3. 3. Purpose...
IM&T Infrastructure Security Policy Board library reference Document author Assured by Review cycle P070 Information Security and Technical Assurance Manager Finance and Planning Committee 3 Years This
More informationHighland Council Information Security Policy
Highland Council Information Security Policy Document Owner: Vicki Nairn, Head of Digital Transformation Page 1 of 16 Contents 1. Document Control... 4 Version History... 4 Document Authors... 4 Distribution...
More informationInformation Governance Policy
Policy Policy Number / Version: v2.0 Ratified by: Audit Committee Date ratified: 25 th February 2015 Review date: 24 th February 2016 Name of originator/author: Name of responsible committee/individual:
More informationPOLICY. on the Protection of Personal Data of Persons of Concern to UNHCR DATA PROTECTION POLICY
POLICY on the Protection of Personal Data of Persons of Concern to UNHCR DATA PROTECTION POLICY CONTENTS 2 DATA PROTECTION POLICY 1 GENERAL PROVISIONS... 6 1.1 Purpose... 7 1.2 Rationale... 7 1.3 Scope...
More informationInformation Governance and Data Protection Policy
Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final
More informationInformation Governance Strategy. Version No 2.0
Plymouth Community Healthcare CIC Information Governance Strategy Version No 2.0 Notice to staff using a paper copy of this guidance. The policies and procedures page of PCH Intranet holds the most recent
More informationDisclosable under FOIA 2000: Yes Author: T/CI Nick Barker Force / Organisation: BTP Date Created: May 2009 Telephone: 0207 830 8930
Security Classification: NOT PROTECTIVELY MARKED Disclosable under FOIA 2000: Yes Author: T/CI Nick Barker Force / Organisation: BTP Date Created: May 2009 Telephone: 0207 830 8930 Association of Chief
More informationInformation Governance Plan
Information Governance Plan 2013 2015 1. Overview 1.1 Information is a vital asset, both in terms of the clinical management of individual patients and the efficient organisation of services and resources.
More informationData Protection Policy
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
More informationCyber Security Issues - Brief Business Report
Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying
More informationCorporate Policy and Strategy Committee
Corporate Policy and Strategy Committee 10am, Tuesday, 30 September 2014 Information Governance Policies Item number Report number Executive/routine Wards All Executive summary Information is a key asset
More informationInformation Governance Strategy :
Item 11 Strategy Strategy : Date Issued: Date To Be Reviewed: VOY xx Annually 1 Policy Title: Strategy Supersedes: All previous Strategies 18/12/13: Initial draft Description of Amendments 19/12/13: Update
More informationSECURITY ENCRYPTION DATA PROTECTION. The Complete Guide to Body Worn Camera Data Protection BODY WORN CAMERA STORAGE
SECURITY DATA PROTECTION ENCRYPTION BODY WORN CAMERA STORAGE The Complete Guide to Body Worn Camera Data Protection Overview Edesix has been providing technology solutions to organisations for over ten
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationInformation Governance
CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this
More informationHow To Ensure Network Security
NETWORK SECURITY POLICY Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Page 1 of 12 Review and Amendment Log/Control Sheet Responsible Officer:
More information