1 Everyone in the workplace has a legal duty to protect the privacy of information about individuals AEP/BELB/LJ/2010 Awareness Session
2 During 2007 alone, 36,989,300 people in the UK have had their private records compromised. and they all thought It could never happen to us..
3 Information Security means guaranteeing the confidentiality, integrity and availability of data. Confidentiality- only people who are authorised to process information can access. Integrity- personal information should be accurate and not kept for longer than necessary. Availability- ONLY authorised users should be able to access the data if they need it for specific purposes.
4 Named and Shamed in Media Education records found by road side in NI. Unencrypted computer discs containing the names and addresses of 6,000 N I motorists missing in post. Hospital laptop with 5000 medical records lost. DVLA lost three million learner driver records. Nine NHS trusts lost 168,000 confidential records. Citizens Advice Bureau in Belfast lost 60,000 records along with bank details - stolen laptop. TK Maxx lost an estimated five million UK credit card records and compromised accounts for 200 million customers worldwide records from loans. co. uk were compromised when a member of staff sold them. Leeds Building Society managed to lose data on its entire workforce of 1,000 people. 600,000 personal details of applicants to armed forces were stolen with an unencrypted MoD laptop.- MoD admits having lost 658 laptops containing unencrypted information since ETC, ETC, ETC
6 25 Million Lost Records
7 Everyone has a Duty to Protect Information Do not keep paper records for longer than necessary. Destroy when not needed. Adopt disposal dates. Seek advice from school/belb on protocols. Sensitive paper based records- lock away when not in use, in desks, filing cabinets or cupboards. Keys should be kept in a safe place. Ensure you securely dispose of paper and electronic records. Encryption- USE- if your job requires taking information out of the office setting. Have you a policy on this? REMEMBER -You need to know what records you have, why you are keeping them, where and how you are keeping them and how long you really need to keep them.
8 Good Practice Never give anyone your password or use another persons password. Make sure you have and follow procedures for using computers securely. If working in an open plan office be careful if discussing a persons detailsyou don t know who is listening. Ensure information displayed on your computer screen cannot be seen by any unauthorised person.
9 Security Everyone s Responsibility! Refer to guidance offered by belb/schools or the office of the Information Commissioner. Existing practices often need revisited and reviewed. Remember- data security is everyone's responsibility.
10 Ask Yourself Are you registered with ICO. Do you have a policy for handling data. Are you aware of your responsibilities under DPA. Are your staff aware of their responsibilities. Are you aware of the 8 Data Protection Principles. Do you keep information securely. Do you dispose of information securely. Do you know how long you need to keep information- You need to identify the information you have, understand why you are keeping it, know where / how it is kept and agreed how long it needs to be kept.
11 Who can Ask for Information? Anyone can ask for information-they have legal rights under law. 1. Data Protection Act (DPA)- subjects personal information. applies to anyone who keeps data. 2. Freedom of Information Act (FOIA)- policies, procedures, decision making etc. applies to those designated. If you hold information which originated from a school or elb s, you can be asked for it. 3. Environmental Information Regulations.- e.g. recycling, fuel use, car parking etc. those designated.
12 Data Protection Act
13 Belb Responsibilities All contractor s, agents and other nonpermanent staff used are aware of and comply with the Data Protection Act All personal data they hold is kept securely and is disposed off in a safe and secure manner when no longer needed. Comply with protocols agreed with schools/belb.
14 DPA -YOU MUST 1. Register with the Information Commissioner (IC)- this is known as notification. This is done annually. 2. Observe the eight data protection principles or rules of good information handling. 3. Allow the data subject to exercise their rights. This can include pupils! Criminal offence not to register with IC. ARE YOU REGISTERED?
15 About DPA Applies to both public and private sectors. Gives individuals certain legal rights to access information held about themselves. Sets rules about the way personal data should be handled and processed. Establishes 8 rules of good information handling. Organisations must be open about how information is used, kept and destroyed.
16 Formats Applies to all recorded information, whether stored electronically/paper based filing systems, all media such as audio, video, photographs, camcorder footage, internet.
17 1. Fair and lawful processing. 2. Processing for specific & lawful purpose. 3. Relevant not excessive. 8 Data Protection Rules. 4. Accuracy of data. Personal data shall be accurate, and where necessary, kept up to date. 5. Not kept for longer than necessary. Personal data shall not be kept for longer than is necessary, for the purposes for which it is being processed. 6. Processed in accordance with data subjects rights. 7. Kept securely. Appropriate security measures shall be taken against the unauthorised or unlawful processing, accidental loss, destruction, or damage of personal data. 8. Personal information shall not to be exported outside the European Economic area i.e. to any country without adequate subject protection rights.
18 DPA Requests Must be made in writing and responded to within 40 calendar days. Telephone enquiries-make sure you have a policy on releasing information that your staff know about. Do not release information verbally. Always check applicants identity. Never give out information about another person i.e. home address to friends or relatives of an employee/pupil. Do not be bullied into giving information. Police should submit a Form 81 if requesting information.
19 DPA Requests If you are not sure what information you can release Ask. Check if you can legally withhold information- remember the data subject has rights. Always keep a record of exactly what you have released or withheld. If handling sensitive data- think- Is releasing it by post/fax/ e- mail really a secure format? Could applicant collect it in person?
20 Handling Requests Don't release information to ANYONE- unless you have been authorised to do so. Remember the DPA applies to all personal data held in whatever format. Wilful disclosure of personal information may be treated as a disciplinary offence. Individual staff can be liable where it can be shown they acted outside their authorized limits or if they deliberately or recklessly acted in breach of the law Fines, criminal record and damages can be imposed.
22 s are Public and Permanent. is insecure. Compare it to sending a post card anyone who receives it can read it. E- mails are hard to destroy. Don t assume that deletion means its gone for ever. Electronic documents are backed up and recoverable. Don t discuss sensitive issues. Beware sending inappropriate material- it could be misunderstood. Be careful what you say- you cannot control who will read your comments.
23 E- Mails are Public and Permanent E- mail is a fast and easy way to communicate non confidential information. Remember -don t do any thing that will harm you privately or professionally.
24 Freedom of Information Act
25 What does the FOIA Do? Gives greater access and establishes two related rights in law: 1. The right to be told if information exists; 2. The right to receive the information- There are specific exemptions from that right. FOIA provides for the release of exempt information if assessed to be in the public interest. Applicant can make a complaint if not satisfied with how their request is handled. Note: Does not apply to applicants personal data- this is handled under DPA. The FOIA became law in Information is available on the Information Commissionersweb site -
26 Are you a Public Authority for Purposes of FOIA? FOIA applies to organisations designated as public authorities under legislation. Your designation depends on the amount and type of information you process. Groups with charitable status may be subject to FOIA. To find out it your organisations status you need to contact the Information Commissioners Officehttp:// Phone They will discuss with you if your organisation is exempt from answering FOI requests.
27 If you hold Data on Behalf of a Public Authority? Schools and elb s are Public Authorities. If you hold information on behalf of either and the ICO has advised that your organisation is exempt from FOI, you must however advise the school or the board that such information has been requested and redirect the request. FOIA schedule 3 (2) (b) refers. Requests are time sensitive- 20 working days to respond. You need to be able to identify such requests and pass them on quickly.
28 If you are NOT Exempt from Responding to FOIA requests FOIA became law Anyone can access minutes, financial details, job descriptions, correspondence etc- everything you hold. Advice available from the ICO at Brief FOIA guidance follows-
29 Key Elements FOI Process Handling the request. The response. Internal review. (appeal) Communication. Reason for Request. Curiosity- commercial reasons-research- public interestexisting dispute-whistle blowing- to understand how you make decisions. Pure guess we cannot ask for reasons!
30 What is a Valid FOI request? 1. Verbal enquiries -NOT covered by the FOIA. 2. An FOI request should: Be in writing (includes fax & ) Give name and address (e- mail address OK ) Describe the information. No need for applicant to mention FOIA when making the request. You decide if the information requested is dealt with under the Act. 20 working days to respond. A subjects own personal information cannot be requested using the FOIA- refer to DPA.
31 Important to Know FOI requests must be made in writing. Anyone in workplace can receive a request. You need to have a procedure in place to identify requests quickly and refer them to line manager/ designated person. Check post or e- mails of staff who are not at work- consider using out of office assistant in e- mails. Make sure date of receipt is stamped on all post. Acknowledge receipt of request ASAP.
32 Who can Ask for Information? Anyone- a body or individual. From anywhere
33 Beware of Unstructured Information Every Note Every Doodle Every Scribble Information access laws such as FOIA and DPA have implications on how we record information. Don t write anything embarrassing. There is no exemption for embarrassment.
34 What Happens if you don t get it Right? Complaint to Information Commissioner. IC can inspect information & order release. Breach of the act to fail to respond within the designated time limit- 20 days. Criminal offence to remove, hide, or not disclose information recorded in a document Maximum penalty 2 years prison- plus fine
35 Adopting clear policies for handling records will make life much easier- really! You need to think about: What you record. How you record it. Who you circulate to. What you keep! How long you keep it. Method of storage and disposal. Information is valuable- but it is only useable if it can be easily accessed when needed.
36 Why do I need take extra care? Who said? I have never been in an accident of any sort and have never been wrecked, nor was I ever in any predicament that threatened to end in disaster of any sort E. J. Smyth - Captain of the Titanic
Good Practice in Records Management and Information Security BELB LJ Schools 2013 How Valuable are Records & Documents? Valuable only because of the information they contain. Usable if they can be accessed
CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
Overview of Freedom of Information & Data Protection Acts for Schools FOI Unit BELB Delivered through Board of Governor Programme 2012 Purpose of Presentation Provide an overview. Offer advice & support.
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
Data Protection Policy Date approved by Heads of Service 3 June 2014 Staff member responsible Director of Finance and Corporate Services Due for review June 2016 Data Protection Policy Content Page 1 Purpose
Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May
East Northamptonshire Council Policy & Community Development Data Protection Policy December 2007 If you would like to receive this publication in an alternative format (large print, tape format or other
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
Rick Parsons Information Governance Officer County Hall 01865 323593 firstname.lastname@example.org 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
Policy Procedure Data Protection Act 1998 New policy number: 351 Old instruction number: MAN:A030:a2 Issue date: 20 April 2004 Reviewed as current: 16 January 2015 Owner: Head of Information and Communications
Data Protection Policy This policy applies to the national office of Special Olympics GB; athletes, volunteers, and paid staff its clubs and regions; all Special Olympics GB donors, sponsors, and supporters;
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
Data Protection Policy Introduction. Team Bees is required to maintain certain personal data about living individuals for the purposes of satisfying operational and legal obligations. Team Bees recognises
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
A common sense guide to the Data Protection Act 1998 for volunteers Why is it necessary? The Data Protection Act 1998 is a law introduced to control the way information held about individuals is handled
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
Data protection Report on the data protection guidance we gave schools in 2012 Contents 1. Background 2. Summary of recommendations 3. tification 4. Personal data 5. Fair processing 6. Information security
Photography and filming in schools Code of Practice Data Protection compliance September 2010 Photography and filming in schools September 2010 1 Contents 1. About this code 3 2. Complying with the Data
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
May 2013 Bring Your Own Device Policy Template for Further Education Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision. Table
Data Protection Policy 2011 Contents Page 1. Introduction... 3 2. Statement of Policy. 3 3. The Eight Principles of Data Protection...... 4 4. Scope.... 5 5. Roles and Responsibilities. 5 6. Development
LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY Introduction 1. Looe Community Academy Trust (the Academy) is required to maintain certain personal data about living individuals for the purposes of
This guidance recognises that schools already deal with a great variety and number of requests for information and provides a straightforward approach to compliance with the following legislation: Education
Portable Devices and Removable Media Acceptable Use Policy v1.0 Organisation Title Creator Oxford Brookes University Portable Devices and Removable Media Acceptable Use Policy Information Security Working
ROYAL BOROUGH OF WINDSOR AND MAIDENHEAD SECURITY POLICY INFORMATION HANDLING Introduction and Policy Aim The Royal Borough of Windsor and Maidenhead (the Council) recognises the need to protect Council
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
Data Protection Policy January 2016 Next Review Due: January 2017 Co-ordinator: Miss M Rudge/Mrs J McColl 1 ACADEMY DATA PROTECTION POLICY POLICY DATE: JANUARY 2016 REVIEW DATE: JANUARY 2017 Introduction
Human Resources Policy No. HR46 Maintaining Personal Files and ESR Records Additionally refer to HR04 Verification of Professional Registration HR33 Recruitment and Selection HR34 Policy for Carrying Out
Document Control Table Document Title: Author(s) (name, job title and Division): Version Number: Document Status: Date Approved: Approved By: Effective Date: Date of Next Review: Superseded Version: Data
A Mobile Phone and Camera Toolkit for Early Years Settings Early Years Services April 2013 Version 1.0 Contents 1.0 Introduction Who is the Toolkit for? 2.0 Mobile Phone Policy and Procedure 2.1 Aim 2.2
Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council
Policy Number: Revision Number: 0 QP1.44 Date of issue: March 2009 Status: Approved Date of approval: April 2009 Responsibility for policy: Responsibility for implementation: Responsibility for review:
PAPER RECORDS SECURE HANDLING AND TRANSIT POLICY CORPORATE POLICY Document Control Title Paper Records Secure Handling and Transit Policy Author Information Governance Manager ** Owner SIRO/CIARG Subject
INTRODUCTION These Policies and Procedures apply to all CIPFA volunteers that have access to, use, store and share significant amounts of personal data. It is critically important that this data is handled
Trafford Council Data Protection Policy, Statement and Guidance for Employees Author Nick Evans Date August 2009 Status Final Version 1.3 Review Date October 2015 Review By Kathryn Wright Next Review October
Information Management Handbook for Schools London Borough of Barnet Document Name Document Description Information Management Handbook for Schools This document is intended for use by Barnet Borough Schools.
Data Breach Trends October 2015 Introduction In October 2015 the Information Commissioner s Office (ICO) published the latest data breach trends including incidents by quarter, type of incident and incidents
DATA PROTECTION POLICY Document Management: Date Policy Approved: 29 April 2015 Date Amended: Next Review Date: April 2017 Version: 1 Approving Body: Resources Committee 1 1. Introduction The Data Protection
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
What I need to know about data protection and information security when purchasing a service that requires access to my information by a third party. www.neelb.org.uk Web Site Download Carol Johnston Corporate
Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal
Information and Data Security Guidance for Knowsley Schools Version 4.0 Version Control Record: Revision Date Author Summary of Changes V1.0 19 th November 2008 L Hornsby V2.0 18 February 2010. Maria Bannister
4 Dental records Dental records are an essential clinical tool for the dental professional. A patient s records may include: clinical notes radiographs consent forms photographs study casts audio or visual
Data Protection Policy 1. Introduction and purpose 1.1 Children s Hearings Scotland (CHS) is required to maintain certain personal data about individuals for the purposes of satisfying our statutory, operational
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments
WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...
St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
Access to Information: Data Protection and Freedom of Information Records Management Section Data protection: key concepts Personal data Sensitive personal data Data subjects Data protection principles
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us
ICO lo Data Protection Act Contents Introduction... 1 Overview... 2 What the DPA says... 3 Create an asset disposal strategy... 3 How will devices be disposed of when no longer needed?... 3 Conduct a risk
DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention
ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...
Data Protection in Schools Ian Gover Education Technology Adviser Somerset LA All materials are copyright or licensed and cannot be used without permission Day supported by Slides: http://el.im/weictdp
Senior School 1 PURPOSE The policy defines and describes the acceptable use of ICT (Information and Communications Technology) and mobile phones for school-based employees. Its purpose is to minimise the
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: December 2015 Version: 6.0 Classification: Not Protectively Marked Page 1 Table of Contents
HFS DATA SECURITY TRAINING WITH TECHNOLOGY COMES RESPONSIBILITY Illinois Department of Healthcare and Family Services Training Outline: Training Goals What is the HIPAA Security Rule? What is the HFS Identity
London Borough of Enfield Data Protection Policy Author Mohi Nowaz Classification UNCLASSIFIED Date of First Issue 10/08/2012 Owner IGB Issue Status DRAFT Date of Latest Re-Issue 12/09/2012 Version 0.6
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
Data Transfer Policy Data Transfer Policy London Borough of Barnet Document Control POLICY NAME Data Transfer Policy Document Description Policy surrounding data transfers (electronic and paper based).
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2
DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE 1. INTRODUCTION Annex C 1.1 Surrey Heath Borough Council (SHBC) processes personal data and must respond appropriately against unauthorised or unlawful
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:
Data protection policy Introduction The College is required to keep certain information about employees, students and other users to allow it to monitor performance, achievements, health and safety, recruitment
Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How
Information Security Policy 1 Issue Date: December 2014 Version: 3.0 DOCUMENT CONTROL...3 1 INTRODUCTION...4 2 WHAT MUST I KNOW?...4 3 HOW DO THE KEY PRINCIPLES RELATE TO ME?...5 2 Document Control Policy
Schedule 13 Security Incident and Data Breach Policy January 2015 v2.1 Document History Purpose Document Purpose Document developed by Document Location To provide a corporate policy for the management
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in