DATA PROTECTION ACT POLICY

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "DATA PROTECTION ACT POLICY"

Transcription

1 DATA PROTECTION ACT POLICY Personal data shall be obtained, maintained, stored, used and passed on only in strict accordance with the Act KIDS is registered according to the Data Protection Act 1998 under the category realising the objectives of a charitable organisation or voluntary body. The registration lists the data subjects (people) data classes (details) and the recipients (specific groups) that appertain to KIDS. See appendix 2 for the register entry. Introduction Under the Act (DPA) KIDS is compelled to comply with the Data Protection Principles (see below) in relation to all personal data for which the Chief Executive is the 'data controller. Definitions Personal data are defined in the Act, as follows: "Data which relate to a living individual who can be identified: (a) (b) from those data; or from those data and other information that is in the possession of, or is likely to come into the possession of, the data controller. This includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual". A data controller is: "... a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed". The Act principles The act contains eight Principles. These specify that personal data must be: Processed fairly and lawfully. Obtained for specified and lawful purposes. Adequate, relevant and not excessive. 1/10

2 (vi) (vii) (viii) Accurate and up to date. Not kept any longer than necessary. Processed in accordance with the data subject s (the individual s) rights. Securely kept. Not transferred to any other country without adequate protection in situ. For a full explanation of what these principles mean please see appendix 1 Handling or Processing Personal Data All KIDS staff, when handling, collecting, processing or storing personal data, must ensure that: (vi) (vii) all personal data is both accurate and up to date errors are corrected effectively and promptly the data is deleted/destroyed when it is no longer needed the personal data is kept secure at all times (protecting from unauthorised disclosure or access) the Act is considered when setting up new systems or when considering use of the data for a new purpose. written contracts are used when external bodies process/handle the data explicitly specifying the above requirements with respect to the data It is equally important NOT to: access personal data that you do not need for your work use the data for any purpose it was not explicitly obtained for keep data that would embarrass or damage KIDS if disclosed (e.g.: via a subject access request see below) transfer personal data outside of the European Economic Area unless you are certain you are entitled to or consent from the individual concerned has been obtained store/process/handle sensitive personal data (see below) unless are certain you are entitled to or consent from the individual concerned has been obtained "Subject Access and Subject Rights Individuals, to whom the data relates, have various rights: to receive, on request, (a subject access request ) details of the processing relating to them. This includes any information about themselves including information regarding the source of the data and about the logic of certain fully automated decisions to have any inaccurate data corrected or removed in certain circumstances to stop processing likely to cause substantial damage or substantial distress 2/10

3 to prevent their data being used for advertising or marketing not to be subject to certain fully automated decisions if they significantly affect him/her When a subject access request is received, it is important to: treat the requestor with courtesy and try to understand what exactly is being sought act promptly and effectively as certain time scales are imposed regarding response Other Definitions and Notes Sensitive Data means data pertaining to: racial or ethnic origin; religious or similar beliefs; trade union membership; physical or mental health or sexual life; political opinions; criminal offences. This data may only be held in strictly defined situations or where explicit consent has been obtained. Data Controller is a person who determines the purposes for which and the manner in which any personal data are, or are to be, processed. Subject Access is the right of individuals to have access to the data about them and other related information. Notification is the process of notifying the Authority of the purposes for which personal data is held/processed NOTES: The Act covers both electronic and paper based information and data Equivalent legislation is in place in many other countries based upon the same principles as the UK Act Data from which personal data can be deduced is also covered by the act (for instance data about a sole trader) The Data protection act also covers the use of closed circuit television please see appendix 3 3/10

4 Appendix 1 DATA PROTECTION PRINCIPLE 1 - Processed fairly and lawfully When collecting personal data make sure that people know: Who KIDS is and what service they will be receiving what the data will be used for to whom it will be disclosed This information can often be provided on a referral form or similar. All personal data must be relevant and not excessive in relation to the purpose(s) for which it is processed. There must be a service need to hold or process all personal data collected. It is important NOT to collect more personal data than is actually needed. Unless consent has been obtained from the individual (data subject), processing of all personal data must be necessary for at least one of the following: needed to enter a contract with the individual compliance with a legal obligation to protect the vital interests of the individual the administration of justice the exercise of any function of the government or of a public nature in the public interest. For KIDS the most likely cause of collecting or using data without permission is child protection. Sensitive data Sensitive personal data means data pertaining to: (vi) racial or ethnic origin political opinions religious or similar beliefs trade union membership physical or mental health or sexual life criminal offences Unless explicit consent has been given by the data subject, sensitive data may only be processed or held with respect to the following: national security legal proceedings/advice/requirements c assessment/ collection of tax health, education and social work matters as subject to an order by the Secretary of State 4/10

5 (vi) (vii) required by employment law or for equal opportunity monitoring certain journalistic, literary or artistic purposes to protect the vital interests of the data subject. DATA PROTECTION PRINCIPLE 2 - Obtained for specified and lawful purposes. If KIDS hold information about individuals (data subjects) solely for the purpose of providing a service then this would be defined as specified and lawful DATA PROTECTION PRINCIPLE 3 - Ensure that all personal data is adequate, relevant and not excessive in relation to the purpose(s) for which it is processed. There must be a service need to hold or process all personal data. DATA PROTECTION PRINCIPLE 4 - Ensure that all personal data is accurate and, where necessary, kept up to date. "Reasonable steps" must be taken to ensure accuracy. This means that if if personal data is thought to be inaccurate, the data should be destroyed information on rectification, blocking, erasure or destruction to be passed on to a third party if appropriate. personal information obtained from third parties must be checked and validated DATA PROTECTION PRINCIPLE 5 - Personal data must be promptly destroyed or de-personalised when it is no longer needed. All KIDS services or departments must have a policy for the retention period of data, as well as ensuring that deletion procedures are in place. Housekeeping procedures should be developed to regularly remove/delete/archive redundant data. DATA PROTECTION PRINCIPLE 6 - Processed in accordance with the individual s (data subject s) rights For automated systems - reports produced detailing the personal data held/processed for the individual concerned must be provided in an intelligible form and explanations must be provided for any non-obvious terms. For manual systems, copies of the relevant data must be provided if requested by the individual (data subject). Archive files are also covered by the legislation and so need to be accessible. 5/10

6 NOTE: 1. Some exemptions apply -for example: (vi) (vii) (viii) certain crime and taxation information management forecasts certain information concerned with corporate finance negotiations examination marks legal professional privilege self-incriminatory data certain regulatory activities For a more comprehensive list see PART IV (Schedule 7) of the actual Act Under the legislation, KIDS must be able to prevent processing where the data subject objects in writing on the ground that the processing is 'likely to cause substantial damage or substantial distress to him or to another' or where such damage or distress would be 'unwarranted'. Procedures should be in place to respond in writing to such a request within 21 days of receipt. 3. KIDS must ensure that procedures are in place to prevent processing for direct marketing at the written request of the data subject. Data subjects must be made aware that they may object to fully automated decisions if they 'significantly affect' him or her. However, the objection will not stand if the automated decision is needed for the entering of a contract with him or her. The objection will also not stand if the decision is required by an enactment or law. 4. KIDS must ensure that the data subject is made aware of how his personal information is used and by whom it is used. 5. KIDS must Identify all instances in which personal data is obtained from third party sources and ensure that the data subject is provided with the necessary information when the data is first processed or first disclosed (if disclosure is envisaged 'within a reasonable period'). The necessary information includes how the information is used and by whom. 6. KIDS, prior to undertaking direct marketing activity, ensure consent has been obtained from the data subject. DATA PROTECTION PRINCIPLE 7 - Ensure that consent has been given to those who legitimately procure or disclose personal data For all internal processing, KIDS must ensure that appropriate security measures are in place to safeguard against unauthorised or unlawful processing of personal data. 6/10

7 Having regard for technology and cost, the measures must ensure a level of security appropriate to: the harm that might result from the unauthorised processing/loss/etc of the data the nature of the data. KIDS must ensure that 'reasonable steps' are taken to ensure the reliability of employees who have access to personal data. These steps might include vetting, contracts, training and awareness measures For all processing carried out on KIDS behalf by a third party, KIDS must ensure that the third party provides sufficient guarantees in respect of the security measures applied to safeguard against unauthorised or unlawful processing of the personal data. Where processing of personal data is carried out by a third party on KIDS behalf, KIDS must ensure that suitable written contracts are in place. The contracts should specify that the third party should act only on KIDS instructions with respect to the data. Furthermore, the contracts must also stipulate appropriate security obligations (equivalent to those imposed directly). Note: Staff must only access and use data that is necessary to perform their job function. DATA PROTECTION PRINCIPLE 8 - Where processing across more than one national boundary is undertaken, it is necessary to determine which national law applies to which processing operation. This means that KIDS should get permission from the data subject when data is transferred to countries outside the EEC. 7/10

8 Appendix 3 DATA PROTECTION ACT POLICY RELATING TO CCTV SURVEILLANCE Code of Practice Before installing CCTV KIDS will: Establish who is legally responsible for the scheme. Assess and document. Notify the Office of the Commissioner with its purposes. Establish and document those responsible for ensuring day-to-day compliance with the Code of Practice. Position of cameras Cameras should only cover areas related to the purpose of the system. If domestic areas border those spaces then the user should consult with the owner as to whether images might be recorded. If cameras are adjustable, they should be restricted so that they do not overlook spaces not intended to be covered. If it is not possible to avoid recording such images, then operators should be trained in recognising the privacy implications of viewing such spaces. Signage For a CCTV system to operate fairly, the public must be aware of it. Warning signs must: Be clearly visible and legible. Be an appropriate size for whoever is passing the sign, e.g. A3 for a driver entering a car park. Have a name and telephone number for the controller of the CCTV scheme. Covert installations In certain instances, the use of signs may jeopardise the purpose of the scheme. Such systems should operate under the following conditions and for no longer duration than necessary: Where specific criminal activity has been identified. Where evidence is required of that criminal activity. Where signs would prejudice success in obtaining evidence. 8/10

9 Quality of images The system must continually operate at an appropriate quality and accurately. Regular checks must be made and their results documented. The following points should be considered: Only use good quality tapes, which are cleaned so that images are not recorded on top of previous images. Dispose of tapes when their quality has deteriorated. If date and time stamped, this should be accurate and regularly checked. Cameras should be situated so that they capture images relevant to the scheme s purpose. When installing, consideration must be given to the physical conditions in which the cameras are located, e.g. extra lighting may need to be installed. Users should assess whether 24 hour recording is necessary or excessive. Cameras should be maintained to ensure clear images. Cameras should be protected from vandalism and in good working order. A maintenance log should be kept. If a camera is damaged, it must be fixed within a specific time and the quality of the work should be monitored. Processing images Images should not be retained for longer than necessary and must be kept secure with limited access. Once this period has expired, the images should be removed. If the images are retained for evidence, they must remain in a secure place with controlled access. On removing the cassette for evidence, the details should be documented. Monitors displaying images from areas where individuals expect a degree of privacy should only be viewed by designated personnel. Designated personnel must decide whether to allow access by third parties. Viewing the recorded images should take place in a restricted area where other employees do not have access when a viewing is taking place. Designated personnel should be aware of the procedure, they need to follow when accessing the recorded images. Access to images by third parties/subjects CCTV images must be kept secure to preserve the individual s rights and that evidence remains intact should they be required. Users must ensure that the reason for access is compatible with the purpose for which they obtained those images. Access to images should be restricted to designated personnel only and clearly documented. 9/10

10 Disclosure to third parties should only be made in limited circumstances and if access is denied, the reason should be documented. Recorded images should not be made widely available e.g. placed on the internet. If images are disclosed, individuals may need to be disguised so that they are not identifiable. Procedure must be followed when access is requested and the subject provided with a Subject Access Form. This can ask for necessary information to find the images of the subject and a small fee for making the search. If the request is not complied with, they must set out their reasons to the individual, who may ask in writing for this to be reconsidered within 21 days. Complying with the Code Other matters to consider include: The contact point indicated on the Warning signs must be manned during office hours. Designated personnel should undertake regular reviews of procedures to ensure that the Code is being complied with. 10/10

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

The Manchester College

The Manchester College The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored

More information

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

Data Protection Act a more detailed guide

Data Protection Act a more detailed guide Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

Paperless World Limited

Paperless World Limited Paperless World Limited Security Policy Statement Contents Section 1: Paperless World Limited Security Policy Statement... 2 Section 2: The Data Protection Act 1998... 2 Section 3: Definitions... 2 Personal

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

Data protection policy

Data protection policy Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data

More information

DATA PROTECTION ACT 2002 The Basics

DATA PROTECTION ACT 2002 The Basics DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Data Protection and Community Councils Briefing Note

Data Protection and Community Councils Briefing Note Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.

More information

University of Limerick Data Protection Compliance Regulations June 2015

University of Limerick Data Protection Compliance Regulations June 2015 University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

Data Protection Policy

Data Protection Policy Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order

More information

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and

More information

SECURITY ENCRYPTION DATA PROTECTION. The Complete Guide to Body Worn Camera Data Protection BODY WORN CAMERA STORAGE

SECURITY ENCRYPTION DATA PROTECTION. The Complete Guide to Body Worn Camera Data Protection BODY WORN CAMERA STORAGE SECURITY DATA PROTECTION ENCRYPTION BODY WORN CAMERA STORAGE The Complete Guide to Body Worn Camera Data Protection Overview Edesix has been providing technology solutions to organisations for over ten

More information

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy) PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard

More information

Data Compliance. And. Your Obligations

Data Compliance. And. Your Obligations Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012 UNIVERSITY COLLEGE LONDON CCTV POLICY Endorsed by the Security Working Group - 17 October 2012 Endorsed by the Infrastructure IT Services Strategy Group - 18 October 2012 Reviewed and endorsed (with one

More information

DATA PROTECTION AUDIT GUIDANCE

DATA PROTECTION AUDIT GUIDANCE DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the

More information

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations

More information

Personal Data Act (1998:204);

Personal Data Act (1998:204); Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents

More information

Falkirk Council Data Protection Guidelines

Falkirk Council Data Protection Guidelines Falkirk Council Data Protection Guidelines Contents Contents 2 Objectives 3 What does the Data Protection Act 1998 do? 3 Who is who under the Data Protection Act 1998? 4 Definitions 4 The Eight Principles

More information

Data Protection Policy

Data Protection Policy Data Protection Policy BMBC Data Protection Policy V1 Page 1 of 7 Table of Contents 1 INTRODUCTION... 3 2 POLICY STATEMENT... 3 3. SCOPE... 3 4 DATA PROTECTION PRINCIPLES... 4 5 PREREQUISITE CONDITIONS

More information

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0 PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner

More information

DATA PROTECTION MANUAL

DATA PROTECTION MANUAL DATA PROTECTION MANUAL VERSION TABLE Version Date Published CO Circular 1 September 2008 3 July 2015 July 2015 2 CONTENTS Part A: General Guidance 1 Introduction to the Data Protection Act 1998 5 2 The

More information

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format. University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose

MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY Index: Introduction Information is a Corporate Resource Personal Responsibility Information Accessibility Keeping Records of what we do Ensuring

More information

CCTV CODE OF PRACTICE

CCTV CODE OF PRACTICE CCTV CODE OF PRACTICE Policy area: Operation of CCTV on University Premises Definitions CCTV means Closed Circuit Television. Control Room(s) means those Control Rooms manned by Security staff at the City,

More information

10 DATABASE PRACTICE

10 DATABASE PRACTICE 10 DATABASE PRACTICE Background Marketers must comply with all relevant data protection legislation. Guidance on that legislation is available from the Information Commissioner's Office. Although data

More information

INFORMATION PRIVACY STATEMENT

INFORMATION PRIVACY STATEMENT INFORMATION PRIVACY STATEMENT Victoria Police is bound by the Privacy and Data Protection Act 2014 in how it manages personal information. Victoria Police is committed to protecting the personal information

More information

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary

More information

singapore american school

singapore american school Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

Access to Information: Data Protection and Freedom of Information

Access to Information: Data Protection and Freedom of Information Access to Information: Data Protection and Freedom of Information Records Management Section Data protection: key concepts Personal data Sensitive personal data Data subjects Data protection principles

More information

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each; DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules

More information

1. Introduction Purpose The purpose of this policy is to:

1. Introduction Purpose The purpose of this policy is to: 1. Introduction 1.1. Overview The use of Closed Circuit Television or Surveillance Cameras (collectively known as CCTV) that capture and process images of individuals, who can be identified from those

More information

Data Protection Policy

Data Protection Policy Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's

More information

Chapter 1 Introduction and guidance for employers

Chapter 1 Introduction and guidance for employers A Thorogood Special Briefing Chapter 1 Introduction and guidance for employers Introduction Subject access request Compliance Changing law The Employment Practices Code Personal data Making access requests

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction and purpose 1.1 Children s Hearings Scotland (CHS) is required to maintain certain personal data about individuals for the purposes of satisfying our statutory, operational

More information

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The

More information

Data Protection and Privacy Policy

Data Protection and Privacy Policy Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.

More information

Data Protection Policy

Data Protection Policy Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...

More information

Data Protection Workshop: How the Law Affects You Practice Questions

Data Protection Workshop: How the Law Affects You Practice Questions Data Protection Workshop: How the Law Affects You Practice Questions 1. Which of the following is not personal data covered by the Data Protection Act (pick one or more): A. Comments about an individual

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

Data Protection Guidance

Data Protection Guidance 53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

GUIDANCE FOR CHARITIES (Non-profit making organisations)

GUIDANCE FOR CHARITIES (Non-profit making organisations) DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE FOR CHARITIES (Non-profit making organisations) GD17 1 2 Introduction The new Data Protection (Jersey) Law 2005 came into force on 1 December 2005. The intention

More information

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.

More information

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency

More information

Decision 084/2006 Mr Ian Cameron and Aberdeenshire Council

Decision 084/2006 Mr Ian Cameron and Aberdeenshire Council Huntly Nordic Ski and Outdoor Centre Reference No: 200600082 Decision Date: 30 March 2009 Kevin Dunion Scottish Information Commissioner Kinburn Castle Doubledykes Road St Andrews KY16 9DS Tel: 01334 464610

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

DATA PROTECTION CORPORATE POLICY

DATA PROTECTION CORPORATE POLICY DATA PROTECTION CORPORATE POLICY Information Management V1.1 03 July 2012 Not protectively marked This policy must be complied with fully by all Members, Officers Agents and Contractors of Plymouth City

More information

PRIVACY AND CREDIT REPORTING POLICY

PRIVACY AND CREDIT REPORTING POLICY PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal

More information

Data Protection Procedures

Data Protection Procedures Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council

More information

Data Protection. Policy and Application July 2009

Data Protection. Policy and Application July 2009 Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

ATMD Bird & Bird. Singapore Personal Data Protection Policy

ATMD Bird & Bird. Singapore Personal Data Protection Policy ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

Data Protection for the Guidance Counsellor. Issues To Plan For

Data Protection for the Guidance Counsellor. Issues To Plan For Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)

More information

Data Protection Good Practice Note

Data Protection Good Practice Note Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection

More information

John Leggott College. Data Protection Policy. Introduction

John Leggott College. Data Protection Policy. Introduction John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and

More information

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS 1. SCOPE This policy details the College s privacy policy and related information handling practices and gives guidelines for access to any personal information retained by the College. This includes personal

More information

Data Protection Policy Information for Clients

Data Protection Policy Information for Clients Data Protection Policy Information for Clients Foreword This document outlines Numis Securities Limited s ( the Firm or Numis ) legal obligations and policy on data protection. Further information can

More information

Data Protection Acts 1988 and 2003: Informal Consolidation

Data Protection Acts 1988 and 2003: Informal Consolidation Page 1 of 55 Data Protection Acts 1988 and 2003: Informal Consolidation IMPORTANT NOTICE This document is an informal consolidation of the Data Protection Acts 1988 and 2003, prepared by the Office of

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998. Contents

EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998. Contents EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998 Contents 1. Introduction Page 2 2. The Data Protection Act 1998 Page 2 3. Review of data used in College departments Page 3 4. Security

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy

More information

Data Protection Consent Clause and Policy Background

Data Protection Consent Clause and Policy Background Data Protection Consent Clause and Policy Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use,

More information

INERTIA ETHICS MANUAL

INERTIA ETHICS MANUAL SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible

More information