MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose"

Transcription

1 MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY Index: Introduction Information is a Corporate Resource Personal Responsibility Information Accessibility Keeping Records of what we do Ensuring Information is Accurate and Fit for Purpose Compliance with Statutory and Regulatory Requirements Annex 1 Personal Responsibilities Annex 2 Retention and Disposal strategy 1

2 Introduction 1. The Tribunal was formed on 5 October 2005 as a result of the Mental Health (Care and Treatment) (Scotland) Act The Tribunal s administration is provided to the Mental Health Tribunal for Scotland by the Justice Department of the Scottish Government (SG). Duties are delegated by the President. 2. This paper describes the policy for the management of all records of the Mental Health Tribunal for Scotland (MHTS). It takes account of the need for the MHTS to adhere to the principles of the Public Records Act 1958 and This Act determines that all files are reviewed regularly for disposal and examined for possible historical preservation by the National Archives of Scotland (NAS). 3. The policy is also based firmly on the agreed Scottish Government Information Management Principles as they apply to MHTS, namely: Information is a Corporate Resource MHTS information is a corporate resource. Personal Responsibility - Everybody is personally responsible for the effective management of the information they create or use. Information Accessibility - We make our information accessible to others in MHTS except where there is a specific and agreed reason not to. Keeping Records of What We Do - We retain details of all the decisions made on behalf of MHTS. Ensuring Information is Accurate and Fit for Purpose - We ensure that the information we create on behalf of MHTS is accurate and fit for purpose. Compliance with Statutory and Regulatory Requirements - We ensure that our information management practices comply with all statutory and regulatory requirements. Further guidance on compliance with the Information Management principles can be found via: 4. The policy considers the impact of the Data Protection Act 1998 (DPA) and Freedom of Information (Scotland) Act 2002 (FOISA), including the Code of Practice on Records Management and Code of Practice on Access to Scottish Government Information. It also takes account of advice from SG Records Management Branch, SG Freedom of Information Unit and National Archives Scotland on the appropriate retention period for files and the materials they contain. Due to the judicial nature of the Tribunal, an exemption from Freedom Of Information (FOI) requests applies. Furthermore it is the policy of the Tribunal not to release the recording (digital or otherwise) of any hearing to any person unless ordered to do so by a Court. It is possible, however, to make an FOI request in relation to information of a non-judicial nature. 2

3 Information is a Corporate Resource 5. Information is a resource "owned" by MHTS, not by the individual who creates or receives information on behalf of the organisation. 6. With the enactment of DPA and FOISA, it is essential that the corporate record is reliable, complete and retrievable with a systematic records management system. 7. With this in mind, all MHTS files must be classified under the system of ciphers set out in the associated operational guidance and be organised according to file themes and topics contained within the MHTS filing structure which reflect our corporate responsibilities. 8. All files other than work-in-progress files will be integrated within the MHTS records management filing system, and be registered on a communal and fully indexed masterfile list. This identifies who is responsible for management of each file. 9. Paper and electronic files are the corporate record, the authoritative source and repository of information. As such they must be maintained to ensure that they are complete, accurate, authentic and, subject to the necessary security requirements, accessible. This means that all relevant documents either received or generated electronically must be printed off and placed in the paper file unless stored electronically. 10. All documentation received in hard copy which is required as part of the corporate record will be scanned and held on the electronic record. There will be an average ten per cent quality control check to ensure that scanned copies are of an acceptable standard. Certified copies of scanned documents will be provided when required. Personal Responsibility 11. While MHTS "owns" the information created and held in its name, responsibility for the standard, accuracy and completeness of how this information is managed and used on a daily basis lies with individual staff. This means that individuals are responsible for ensuring that the information they create or receive is managed appropriately. A detailed list outlining personal responsibilities can be found in annex 1 of this paper. 3

4 Information Accessibility 12. Following the principle that openness is at the heart of what we do, information we create or hold should be accessible to as wide an audience as possible, including to external contacts and the general public, when this is appropriate. It should be noted that anything that can identify a patient or details of an individual case would not be open to the public. 13. In line with this principle, MHTS will make our information as accessible to as wide an audience as we can unless there is a specific reason not to such as medical records or proceedings before a tribunal. Whenever possible, we will publish our information. We have also produced a publication scheme which sets out the information that we publish, in what form it is published, and details of any costs which would be incurred in obtaining information. The scheme can be accessed by MHTS staff via their shared Drive. 14. The publication scheme does not list all of the information held or published by MHTS. If information is sought from MHTS which is not included in the scheme, MHTS will determine whether this information can be disclosed by following the guidelines on handling requests for information which is found in the MHTS publication scheme via the above link. We will comply with the protocol on FOISA handling and other obligations agreed between MHTS and SG. This protocol can be accessed by MHTS staff via their shared Drive. Keeping Records of What We Do 15. We are required to keep records of what we do. It is critical that records of decisions and actions are complete and accurate. MHTS must be able to provide a full history of its decisions and actions and these must be accessible to those within (and, potentially, outside) the organisation who may reasonably require them. Full records might be needed for a number of reasons, such as demonstrating the chain of events and decisions that led to a particular course of action or to respond to requests for information. This means that details relevant to decisions or actions, including s and notes that are needed to complete the "story", are retained for an appropriate period and can be found if required. 16. MHTS has an agreed records management schedule to ensure that records are organised effectively and we meet our legal obligations. It is essential that we apply and adhere to the principles of that schedule, which are that we will: clarify what information is held and ensure that information is appropriately ordered and readily accessible to staff by storing it appropriately within the corporate file structure; 4

5 clearly annotate materials required as part of the corporate record with the reference number. Electronic files need to be saved within the appropriate area on the G-Drive and CMS with a unique document title which clearly relates to the content of the material to assist with retrieval. ensure that paper files in frequent use are held by caseworkers in Bothwell House for ease of access; ensure that all materials generated within MHTS are retained only for as long as there is an operational or legislative need to do so. use the Scottish Government Records Management Manual as a source of guidance and adhere in particular to Annex 2 of this guidance in relation to the retention and disposal of files. follow the principles outlined by The National Archives as a source of guidance for retention of retention of FOISA materials. This guidance can be found by accessing: consider files for preservation if there is a specific reason to do so. Generally, this will involve those which are of genuine historical interest. Guidelines for selecting records for preservation can be found by accessing appendix 3 of the Scottish Government Records Management Manual; 17. MHTS retention and disposal strategy can be found in annex 2 of this document. Ensuring Information is Accurate and Fit for Purpose 18. Staff working at MHTS have a responsibility to create and maintain information in a way that is appropriate for its intended purpose. We need to be able to rely on the information we hold to give us, the Scottish Government Ministers and our external audiences confidence that our decisions are based on accurate and up to date information. We need to provide factually accurate answers in response to requests for information and it is important that information we produce is seen to be authoritative unless exempt. This includes the accurate capture of documents as a history of business activities and the accuracy of the content of an individual document as well as only using or recording personal information when there is a specific operational need to do so. 5

6 Compliance with Statutory and Regulatory Requirements 19. This principle places a responsibility on staff working at MHTS to comply with guidance relating to legislative and regulatory requirements. It is essential that MHTS sets a positive example by complying fully with such requirements and it is in our own interests to do so since compliance will help us ensure that our information management practices are consistent and appropriate. Guidance that staff have to comply with includes Data Protection, Freedom of Information, Copyright legislation and the Disability Discrimination Act. Further guidance on compliance with these authorities can be found via: This policy is under constant review. 6

7 Annex 1 Personal Responsibilities 1. It is the responsibility of the Business Manager: to ensure that the evaluation guidance for their inspection or review model fully recognises the requirements of MHTS Records Management Policy and is fit for purpose ; to ensure that evaluation material is recorded in a way compatible with the standards outlined in paragraph It is the responsibility of MHTS: The Casework and Scheduling Manager, Hearings Manager, Resource Manager, Communications Officer, ICT Manager and the Business Manager hereinafter referred to as Document Records Managers to take responsibility for ensuring that their files are sorted properly and contain only relevant material; when Document Records Managers, ensure adequate administrative arrangements are agreed with their support staff to assist evaluation activities and ensure that files are sorted properly and contain only relevant material; when group chairs or task managers, as Document Records Managers, inform the Business Manager when new files are to be set up for new tasks, commissions or other purposes and; when Document Records Managers to ensure that papers which might be relevant to more than one file (for example a record of a visit to an establishment associated with a task should be recorded on the task file and the establishment intelligence file) are accurate, complete and annotated to highlight other relevant files; when Document Records Managers, to review files on closure and in conjunction with the MHTS Records Management Policy as appropriate, decide whether they should be considered for preservation, and advise the Business Manager accordingly. In the case of permanent files, identify any materials worthy of preservation before weeding takes place. All material not considered for preservation should be destroyed in line with the retention and disposal strategy; to pass all appropriate papers and electronic records to the Business Manager for filing on registered files and electronic folders, annotated with the relevant file name and reference; 7

8 to ensure that working documents held outwith the corporate record are kept to a minimum (generally for ongoing tasks) and are accessible to others. Working files should contain no sole or original documents and should be disposed of once the task is complete and all materials required as part of the corporate record have been filed appropriately; to notify MHTS Business Manager of any transfer of responsibilities; 3. It is the responsibility of the Business Manager to ensure that administrative guidelines fully recognise this Records Management Policy. This includes prompting Document Records Managers in their offices to confirm that file management procedures are being adhered to appropriately. 4. It is the responsibility of the Business Manager: when acting as a Document Records Manager, to take responsibility for ensuring that their files are sorted properly and contain only current and relevant material to keep files, particularly evaluation files, complete and up to date in line with Document Records Managers instructions and file checklists; to alert the relevant Document Records Managers to any difficulties in keeping the file complete and up to date; to ensure that locally held paper files are properly managed in line with Document Records Managers instructions and that material is filed promptly in date order; to destroy all paper and electronic materials in line with file checklists and retention/disposal guidelines; to open new files and ensure that they are entered on the masterfile index, and include any relevant file notes as instructed by Document Records Managers and; to dispose of files marked for destruction by Document Records Managers, and record the corporate masterfile list, appropriately 5. It is the responsibility of the Business Manager: to ensure detailed operational guidance is available for MHTS practitioners; to advise on any aspect of records management, and promote good practice to arrange adequate training for all MHTS staff on effective records management practice and the requirements of FOISA and; to oversee the maintenance of the corporate masterfile list and make amendments as required by Document Records Managers. 8

9 Annex 2 Retention and Disposal strategy Records Schedule for Documents Not Governed by Data Protection 1998 Act or Freedom of Information Type of File Scanned Hard Copy Archived From CMS Case Management Yes Destroyed immediately 5 years after System: Class 1* after all forms and other order issued. correspondence are attached to the case on Case Management System: Class 2** and all Hearings Documents Case Management System: Class 3*** and all Hearings Documents Yes Yes the CMS. Held for 3 months after last possible appeal date then destroyed or 3 months after last day of appeal. Held for 3 months after last possible appeal date then destroyed or 3 months after last day of appeal. 5 years after last order issued. 5 years after last order issued. Audio Recordings: No N/A 1 year after last order issued or appeal etc. Archive Destroyed 15 years after last order issued. Held indefinitely and reviewed every 5 years after last order issued. 25 years after last order issued. Held for 1 year then destroyed. ` * Class 1 Form types DET2, DET4, REV1, REV2, CT03a, CT09, C02a and associated correspondence or any other papers is connection with sections 46, 48, 49, 52, 82, 86, 116, or 153. ** Class 2 Form types CORO1, CORO2, EXS1, EXS2, EXS3, HD2 and associated correspondence or any other papers in connection with sections 185,187, 189,191, 192, 201, 204, 210, 2111, 213, 214, 219, 220, 264, 265, 266, 267, 268, 271, 290 or 291. *** Class 3 all other forms and papers associated with any other sections of the Act. All papers connected with a case are given the same classification and will be destroyed as a group of records. 9

10 Records Schedule for Documents Governed by Data Protection 1998 Act or Freedom of Information Type of File Policy: Policy documents including consultation papers, minutes and responses, working party papers and final reports. Any document that records what MHTS has done, why it was done and who authorised it. Policy correspondence with other Government Departments, public bodies etc. Development: Documents recording changes in structure or resources of MHTS. Disposal of Electronic Record or Hard Copy if no E-copy available. Destroy 10 years after closure except as stated in notes. Destroy 5 years after closure except as stated in notes. Notes One review only if subject likely still to be live. One review unless clearly of minor interest, when immediate decision to destroy in 5 years might be possible. Consultation papers and responses. Contacts Procurement All procurement papers, award and management of contracts. Ministerial: Ministerial meetings and visits briefings. Minutes and agendas and reports. Submissions to Ministers and replies from Private Offices. Finance: PES records Estimates records Appropriation Account records Payment records Management Meetings: Including minutes, agendas and responses to actions. Preserve. Destroy 5 years after closure. Destroy 5 years after closure. Destroy 10 years after closure. Destroy 10 years after closure. Destroy 10 years after closure. Destroy 7 years after closure. Destroy 5 years after closure. 10 Are the records candidates for early or extended closure? If so inform NAS accordingly. (Not possible if respondents wish views to be confidential.)

11 Office Procedures: Work plans, training, manpower requirements, management planning. Procedure manuals. Correspondence: General correspondence documents. Destroy 5 years after closure. Preserve. Destroy 5 years after closure. Are the records candidates for early or extended closure? If so, inform NAS accordingly. 11

12 Annex 3 POLICY ON THE SECURE HANDLING, USE, STORAGE AND RETENTION OF DISCLOSURE SCOTLAND INFORMATION 1 General Principles 1. MHTS complies fully with the Code of Practice, issued by Scottish Ministers, regarding the correct handling, holding and destroying of Disclosure information provided by Disclosure Scotland under Part V of the Police Act 1997 ( the 1997 Act ), for the purposes of assessing applicants' suitability for employment purposes, voluntary positions, licensing and other relevant purposes. It also complies fully with the Data Protection Act 1998 and other relevant legislation pertaining to the safe handling, use, storage, retention and disposal of Disclosure information and has a written policy on these matters. This policy is available to anyone who wishes to see it on request. Usage 2. We use Disclosure information only for the purpose for which it has been provided. The information provided by an individual for a position within MHTS (including public appointments) is not used or disclosed in a manner incompatible with the purpose. We process personal data only with the express consent of the individual. We notify the individual of any non-obvious use of the data, including further disclosure to a third party, identifying the Data Controller, the purpose for the processing, and any further relevant information. Handling 3. MHTS recognises that, under section of the 1997 Act, it is a criminal offence to disclose Disclosure information to any unauthorised person. We, therefore, only pass Disclosure information to those who are authorised to see it in the course of their duties. MHTS will not disclose information provided under subsection 113(B)(5) 2 of the 1997 Act, namely information which is not included in the Disclosure, to the applicant. 1 The Serious Organised Crime and Police Act 2005 ( the 2005 Act ) Schedule 14, Paragraph 12 amended section Subsection 163(2) of the 2005 Act inserted subsection 113B into the 1997 Act. Subsection 113B(5) of the 2005 Act replaces subsection 115(8) of the 1997 Act. 12

13 Access and Storage 4. We do not keep Disclosure information on an individual's personnel file. It is kept securely, in lockable, non-portable storage containers. Access to storage units is strictly controlled to authorised and named individuals, who are entitled to see such information in the course of their duties. These are: The President of the Tribunal; Retention The Tribunal s Legal Secretary; The Tribunal s Head of Administration and Deputy Head of Administration; The Tribunal s Business Support Officer and the Tribunal s Communications Officer who will jointly be responsible for administering a control database of certificates that have been applied for and received. 5. We do not keep Disclosures or Disclosure information for any longer than is required after a recruitment (or any other relevant) decision has been taken. In general, this is no longer than 90 days. This is to allow for the resolution of any disputes or complaints. Disclosure information will only be retained for longer than this period in exceptional circumstances which justify retention for a longer period. The same conditions relating to secure storage and access will apply during any such period. Disposal 6. Once the retention period has elapsed, we will ensure that Disclosure information is immediately destroyed in a secure manner i.e. by shredding. MHTS will ensure that Disclosure information which is awaiting destruction will not be kept in any insecure receptacle (e.g. a waste bin or confidential waste sack). We will not retain any image or photocopy or any other form of the Disclosure information. We will, however, keep a record of the date of issue of the Disclosure, the name of the subject, the Disclosure type, the position for which the Disclosure was requested, the unique reference number of the Disclosure and details of the recruitment decision taken. 13

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

DISCLOSURE AND BARRING SERVICE (DBS) CHECKS POLICY

DISCLOSURE AND BARRING SERVICE (DBS) CHECKS POLICY DISCLOSURE AND BARRING SERVICE (DBS) CHECKS POLICY Owner: Director of HR and Development Approved by: SLT Version: Final Date of approval: October 2013 Effective from: October 2013 Date of next review:

More information

Risk Management Authority

Risk Management Authority Risk Management Authority Records Management Plan RMA Records Management Plan 0 Contents Page 1. Introduction 2 1.1 Background 2 1.2 Records Management in the RMA 3 1.3 Records covered by this Plan 3 1.4

More information

LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER

LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER LORD CHANCELLOR S CODE OF PRACTICE ON THE MANAGEMENT OF RECORDS UNDER SECTION 46 OF THE FREEDOM OF INFORMATION ACT 2000 NOVEMBER 2002 Presented to Parliament by the Lord Chancellor Pursuant to section

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

DATA PROTECTION ACT POLICY

DATA PROTECTION ACT POLICY DATA PROTECTION ACT POLICY Personal data shall be obtained, maintained, stored, used and passed on only in strict accordance with the Act 1998. KIDS is registered according to the Data Protection Act 1998

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

West Sussex County Council. Guidance on Information Law for Schools

West Sussex County Council. Guidance on Information Law for Schools This guidance recognises that schools already deal with a great variety and number of requests for information and provides a straightforward approach to compliance with the following legislation: Education

More information

Data Protection Policy

Data Protection Policy London Borough of Enfield Data Protection Policy Author Mohi Nowaz Classification UNCLASSIFIED Date of First Issue 10/08/2012 Owner IGB Issue Status DRAFT Date of Latest Re-Issue 12/09/2012 Version 0.6

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

SDS Retention and Disposal Policy. February 2014

SDS Retention and Disposal Policy. February 2014 SDS Retention and Disposal Policy February 2014 Title SDS Retention and Disposal Policy Prepared By PRSA Executive Reviewed By Head of Corporate Office Signed off By ELG (March 2014) Version Number 1.0

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY 1. POLICY OBJECTIVE 1.1 The University of South Africa (Unisa) has the responsibility to manage, store and retain certain documentation, records and other forms of information

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Introduction This policy sets out the framework for a consistent SDS wide approach to handling information relating to identifiable individuals (Personal Data). Skills Development

More information

OM006 Document Retention and Destruction POLICY

OM006 Document Retention and Destruction POLICY Title: Author: OM006 Document Retention and Destruction POLICY SLCC Date: September 2010 Intentionally blank for double-sided printing Table of Contents 1 Introduction... 5 2 Statement... 5 3 The Records

More information

Staff DBS Checks and Employing Exoffenders:

Staff DBS Checks and Employing Exoffenders: Staff DBS Checks and Employing Exoffenders: Guide to Policy and Procedures for Managers of Applicants 1 INDEX 1. Introduction 2. Recruiting ex-offenders 3. Disclosure and barring service (DBS) checks procedural

More information

CCG: IG06: Records Management Policy and Strategy

CCG: IG06: Records Management Policy and Strategy Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of

More information

INFORMATION SHARING AGREEMENT

INFORMATION SHARING AGREEMENT University of Essex And Essex Police INFORMATION SHARING AGREEMENT September 2011 Version Published 1 1. INTRODUCTION 2. PURPOSE AND SCOPE OF THIS AGREEMENT 3. BENEFITS OF SHARING THIS INFORMATION 4. AGREEMENT

More information

Policy Procedure. Data Protection Act Contents

Policy Procedure. Data Protection Act Contents Policy Procedure Data Protection Act 1998 New policy number: 351 Old instruction number: MAN:A030:a2 Issue date: 20 April 2004 Reviewed as current: 16 January 2015 Owner: Head of Information and Communications

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

Non-absolute exemptions (subject to Substantial Prejudice Test and/or Public

Non-absolute exemptions (subject to Substantial Prejudice Test and/or Public EXEMPTIONS to the release or provision of information under Freedom of Information (Scotland) Act 2002 Contents Information Does not have to be Provided Definition of Information Held by the Council Absolute

More information

OFFICIAL. NCC Records Management and Disposal Policy

OFFICIAL. NCC Records Management and Disposal Policy NCC Records Management and Disposal Policy Issue No: V1.0 Reference: NCC/IG4 Date of Origin: 12/11/2013 Date of this Issue: 14/01/2014 1 P a g e DOCUMENT TITLE NCC Records Management and Disposal Policy

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to

More information

The Chafford School. Data Protection and Freedom of Information Policy

The Chafford School. Data Protection and Freedom of Information Policy The Chafford School Data Protection and Freedom of Information Policy INDEX Aims & Objectives... 3 Data Protection The law... 3 Processing, storing, archiving and deleting personal data: Guidance... 3

More information

Records Management Policy

Records Management Policy Records Management Policy If you need this information in another language or format, please contact us to discuss how we can best meet your needs. Phone 0303 123 1015 or email equalities@southlanarkshire.gov.uk

More information

Records Management Plan. April 2015

Records Management Plan. April 2015 Records Management Plan April 2015 Prepared in accordance with the Public Records (Scotland) Act 2011 and submitted to the Keeper of the Records of Scotland for their agreement on 28 April 2015 (Revised

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT

FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT FREEDOM OF INFORMATION (SCOTLAND) ACT 2002 CODE OF PRACTICE ON RECORDS MANAGEMENT November 2003 Laid before the Scottish Parliament on 10th November 2003 pursuant to section 61(6) of the Freedom of Information

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Date approved by Heads of Service 3 June 2014 Staff member responsible Director of Finance and Corporate Services Due for review June 2016 Data Protection Policy Content Page 1 Purpose

More information

Freedom of Information Act 2000

Freedom of Information Act 2000 ch3600a00a 02-12-00 01:13:30 ACTA Unit: PAGA Rev RA Proof, 29.11.2000 Freedom of Information Act 2000 CHAPTER 36 ARRANGEMENT OF SECTIONS Part I Access to information held by public authorities Right to

More information

Not Protectively Marked

Not Protectively Marked TITLE CCMT Sponsor Department/Area Section/Sector INFORMATION SECURITY POLICY Deputy Chief Constable Professional Standards Department Force Security 1.0 Rationale 1.1 This policy sets out the approach

More information

Freedom of Information Policy

Freedom of Information Policy Freedom of Information Policy 1. PART 1: Scope of this Policy 1.1 This policy covers requests for information under the Freedom of Information Act 2000 ( FOIA ). It also covers enquiries relating to matters

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY Version 8.0 Purpose: For use by: This document is compliant with /supports compliance with: To outline the lifecycle of a record and to provide guidance on retention and disposal

More information

BIG LOTTERY FUND Document archive and retention policy

BIG LOTTERY FUND Document archive and retention policy BIG LOTTERY FUND Document archive and retention policy December 2010 Sonia Howe Head of Information Governance For further information regarding retention schedules please contact Page 1 of 18 Version

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction and purpose 1.1 Children s Hearings Scotland (CHS) is required to maintain certain personal data about individuals for the purposes of satisfying our statutory, operational

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal

More information

Data Protection Policy

Data Protection Policy Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order

More information

Staffordshire County Council. Records Management Policy

Staffordshire County Council. Records Management Policy Staffordshire County Council Records Management Policy Version Author Approved By Date Published Review V. 2.0 Information Governance Unit Philip Jones, Head of Information Governance 2/11/2012 November

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT

More information

Information Security Policy

Information Security Policy Information Security Policy v2.0 Target Audience: Policy Endorsed by: ESCC Staff, members and other agencies handling ESCC information Governance Committee Final V2.0 Page 1 of 13 Information Security

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY RECORDS MANAGEMENT POLICY POLICY STATEMENT The records of Legal Aid NSW are a major component of its corporate memory and risk management strategies. They are a vital asset that support ongoing operations

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise

More information

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES 1 1 Definitions In these conditions:- We means Scotland s Commissioner for Children and Young People,

More information

East Northamptonshire Council Policy & Community Development. Data Protection Policy December 2007

East Northamptonshire Council Policy & Community Development. Data Protection Policy December 2007 East Northamptonshire Council Policy & Community Development Data Protection Policy December 2007 If you would like to receive this publication in an alternative format (large print, tape format or other

More information

June Fair processing notice Our policy for handling personal data

June Fair processing notice Our policy for handling personal data June 2016 Fair processing notice Our policy for handling personal data The Government Actuary s Department (GAD) handles personal information in compliance with the Data Protection Act 1998 (the Act).

More information

Information Protective Marking and Handling Policy

Information Protective Marking and Handling Policy Information Protective Marking and Handling Policy Change History Version Date Description Author 0.1 11/01/2013 First Draft Anna Moore 0.2 28/02/2013 Amended taking into account SSTP protective marking

More information

Clause 1. Definitions and Interpretation

Clause 1. Definitions and Interpretation [Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-

More information

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Page 1 of 10 Table of Contents 1. Points of Contact for this Policy 4 2. Purpose of Data Protection Policy 4 3. Overview of the Data Protection Act 1998 5 4. Confidentiality and

More information

Policy Document RECORDS MANAGEMENT POLICY

Policy Document RECORDS MANAGEMENT POLICY The District Council Of Elliston Policy Document RECORDS MANAGEMENT POLICY Date Adopted: 16 th December 2005 Review Date: Ongoing, as necessary Minute Number: 300. 2005 E:\WPData\Jodie\My Documents\policies

More information

biometric identification systems in schools guidance for education authorities, learning establishments and schools

biometric identification systems in schools guidance for education authorities, learning establishments and schools biometric identification systems in schools guidance for education authorities, learning establishments and schools schools good governance protecting personal information biometric identification systems

More information

Records Management - Department of Health

Records Management - Department of Health Policy Directive Records Management - Department of Health Document Number PD2009_057 Publication date 24-Sep-2009 Functional Sub group Corporate Administration - Records Ministry of Health, NSW 73 Miller

More information

15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters

15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters 15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters Principle 1 (Protection of rights and freedoms) 1. Personal data must

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records

NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records NHS LANARKSHIRE HEALTH RECORDS POLICY Management and Maintenance, Security, Storage, Distribution and Retention of Health Records Author: Responsible Lead Executive Director: Endorsing Body: Governance

More information

It is hereby notified that the President has assented to the following Act which is hereby published for general information-

It is hereby notified that the President has assented to the following Act which is hereby published for general information- NO. 43 OF 1996: NATIONAL ARCHIVES OF SOUTH AFRICA ACT, 1996. No. 1595. 2 October 1996 PRESIDENT'S OFFICE NO. 43 OF 1996: NATIONAL ARCHIVES OF SOUTH AFRICA ACT, 1996. It is hereby notified that the President

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Information Management Advice 50 Developing a Records Management policy

Information Management Advice 50 Developing a Records Management policy Information Management Advice 50 Developing a Records Management policy Introduction This advice explains how to develop and implement a Records Management policy. Policy is central to the development

More information

SCOTTISH GOVERNMENT RECORDS MANAGEMENT: NHS CODE OF PRACTICE (SCOTLAND) Version 2.1 January 2012

SCOTTISH GOVERNMENT RECORDS MANAGEMENT: NHS CODE OF PRACTICE (SCOTLAND) Version 2.1 January 2012 SCOTTISH GOVERNMENT RECORDS MANAGEMENT: NHS CODE OF PRACTICE (SCOTLAND) Version 2.1 January 2012 Records Management: NHS Code of Practice (Scotland) The Scottish Government, Edinburgh 2012 Crown copyright

More information

Number 27 of 1971 EMPLOYMENT AGENCY ACT 1971 REVISED. Updated to 2 August 2011

Number 27 of 1971 EMPLOYMENT AGENCY ACT 1971 REVISED. Updated to 2 August 2011 Number 27 of 1971 EMPLOYMENT AGENCY ACT 1971 REVISED Updated to 2 August 2011 This Revised Act is an administrative consolidation of the Employment Agency Act 1971. It is prepared by the Law Reform Commission

More information

Decision 084/2006 Mr Ian Cameron and Aberdeenshire Council

Decision 084/2006 Mr Ian Cameron and Aberdeenshire Council Huntly Nordic Ski and Outdoor Centre Reference No: 200600082 Decision Date: 30 March 2009 Kevin Dunion Scottish Information Commissioner Kinburn Castle Doubledykes Road St Andrews KY16 9DS Tel: 01334 464610

More information

Information Security Policy

Information Security Policy Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments

More information

Retention and destruction of requested information

Retention and destruction of requested information ICO lo Retention and destruction of requested information Freedom of Information Act Environmental Information Regulations Contents Introduction... 2 Overview... 2 Destruction of information before request

More information

St Margaret s CE Primary school, Withern Data Protection Policy

St Margaret s CE Primary school, Withern Data Protection Policy St Margaret s CE Primary school, Withern Data Protection Policy Reference Points Data Protection Act 1998 See https://www.gov.uk/data-protection/the-data-protection-act Information Commissioners' Office

More information

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data

More information

NOT PROTECTIVELY MARKED FORCE PROCEDURES. Using the Off-Site Storage Facility for Physical Records - v03. Records Manager

NOT PROTECTIVELY MARKED FORCE PROCEDURES. Using the Off-Site Storage Facility for Physical Records - v03. Records Manager FORCE PROCEDURES Using the Off-Site Storage Facility for Physical Records - v03 Procedure Reference Number: 2010.07 Procedure Author: Samantha Hampson Records Manager Procedure Review Date: February 2013

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY [Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body

More information

Facsimile If you are making this request on behalf of an organisation or business

Facsimile If you are making this request on behalf of an organisation or business Request for Information Under FOI Please note a valid FOIA request must contain your name and an address. The provision of any other contact details is optional, however any additional information you

More information

Council Policy. Records & Information Management

Council Policy. Records & Information Management Council Policy Records & Information Management COUNCIL POLICY RECORDS AND INFORMATION MANAGEMENT Policy Number: GOV-13 Responsible Department(s): Information Systems Relevant Delegations: None Other Relevant

More information

PLEASE NOTE. For more information concerning the history of this Act, please see the Table of Public Acts.

PLEASE NOTE. For more information concerning the history of this Act, please see the Table of Public Acts. PLEASE NOTE This document, prepared by the Legislative Counsel Office, is an office consolidation of this Act, current to December 2, 2015. It is intended for information and reference purposes only. This

More information

Access to Information: Data Protection and Freedom of Information

Access to Information: Data Protection and Freedom of Information Access to Information: Data Protection and Freedom of Information Records Management Section Data protection: key concepts Personal data Sensitive personal data Data subjects Data protection principles

More information

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013

Information Governance Policy A council-wide information management policy. Version 1.0 June 2013 Information Governance Policy Version 1.0 June 2013 Copyright Notification Copyright London Borough of Islington 2012 This document is distributed under the Creative Commons Attribution 2.5 license. This

More information

Data Protection Policy

Data Protection Policy Data Protection Policy This policy applies to the national office of Special Olympics GB; athletes, volunteers, and paid staff its clubs and regions; all Special Olympics GB donors, sponsors, and supporters;

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Crime (International Co-operation) Act 2003

Crime (International Co-operation) Act 2003 Crime (International Co-operation) Act 2003 CHAPTER 32 CONTENTS PART 1 MUTUAL ASSISTANCE IN CRIMINAL MATTERS CHAPTER 1 MUTUAL SERVICE OF PROCESS ETC. Service of overseas process in the UK 1 Service of

More information

Information Management Policy for The Treasury Department

Information Management Policy for The Treasury Department Information Management Policy for The Treasury Department File reference: [ITM/POL/01] Table of contents Topic Page Purpose 1 Scope 1 Policy statement 2 Policy context Laws and standards Record keeping

More information

Information Management Policy for The Tax Information Authority

Information Management Policy for The Tax Information Authority CA YMAN ISLANDS Information Management Policy for The Tax Information Authority File reference: [ITM/POL/OI-OI] Table of contents Topic Page 3-5 5-6 67 123 Purpose The purpose of this policy is to establish

More information

TOWN OF COTTESLOE POLICY EMAIL MANAGEMENT

TOWN OF COTTESLOE POLICY EMAIL MANAGEMENT EMAIL MANAGEMENT POLICY STATEMENT Town of Cottesloe email accounts are intended for business transactions in support of the Town s strategic goals and objectives. Accordingly any email transmission residing

More information

Satisfaction of principles In order to meet the requirements of the principles, Team Bees will:

Satisfaction of principles In order to meet the requirements of the principles, Team Bees will: Data Protection Policy Introduction. Team Bees is required to maintain certain personal data about living individuals for the purposes of satisfying operational and legal obligations. Team Bees recognises

More information

Public Information Program

Public Information Program Public Information Program Public Records Policy Purpose This policy is adopted pursuant to the Government Records Access and Management Act Utah Code Ann. 63G-2-701 ( GRAMA ) and applies to District records

More information

Decision Notice. Decision 136/2015: Mr Patrick Kelly and NHS Tayside. Information relating to Professor Muftah Salem Eljamel

Decision Notice. Decision 136/2015: Mr Patrick Kelly and NHS Tayside. Information relating to Professor Muftah Salem Eljamel Decision Notice Decision 136/2015: Mr Patrick Kelly and NHS Tayside Information relating to Professor Muftah Salem Eljamel Reference No: 201500390 Decision Date: 24 August 2015 Summary On 2 December 2014,

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY Directorate of Performance Assurance INFORMATION GOVERNANCE POLICY Reference: DCP074 Version: 2.5 This version issued: 27/03/15 Result of last review: Minor changes Date approved by owner (if applicable):

More information

Corporate Information Security Policy

Corporate Information Security Policy Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives

More information

NATIONAL ARCHIVES AND RECORDS SERVICE OF SOUTH AFRICA ACT (ACT NO. 43 OF 1996)

NATIONAL ARCHIVES AND RECORDS SERVICE OF SOUTH AFRICA ACT (ACT NO. 43 OF 1996) NATIONAL ARCHIVES AND RECORDS SERVICE OF SOUTH AFRICA ACT (ACT NO. 43 OF 1996) as amended by Cultural Laws Amendment Act 36 of 2001 ACT To provide for a National Archives and Record Service; the proper

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

Vyners Learning Trust Data Protection and Retention Policy

Vyners Learning Trust Data Protection and Retention Policy Vyners Learning Trust Data Protection and Retention Policy 1. Background Vyners Learning Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact

More information

Paperless World Limited

Paperless World Limited Paperless World Limited Security Policy Statement Contents Section 1: Paperless World Limited Security Policy Statement... 2 Section 2: The Data Protection Act 1998... 2 Section 3: Definitions... 2 Personal

More information

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission

Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission Records disposal schedule Records Disposal Schedule Anti-Discrimination Services Northern Territory Anti-Discrimination Commission Disposal Schedule No. 2015/12 August 2015 NT Archives Service For information

More information