Vyners Learning Trust Data Protection and Retention Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Vyners Learning Trust Data Protection and Retention Policy"

Transcription

1 Vyners Learning Trust Data Protection and Retention Policy 1. Background Vyners Learning Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact with each of the individual schools which make up the Trust. This information is gathered in order to enable it to provide education and other associated functions. In addition, there may be a legal requirement to collect and use information to ensure that individual schools comply with their statutory obligations. This personal information must be handled properly and the Data Protection Act 1998 sets out a number of safeguards to ensure this. As a Data Controller, the Trust is registered with the Information Commissioner s Office (ICO) detailing the information held and its use. The details of our registration are available on the ICO s website. The Board of Directors of the Trust is ultimately responsible for the implementation of this policy. They delegate responsibility for day to day compliance with this policy to individual Headteachers. Further advice and information on the scope of the Data Protection Act is available from the Information Commissioner s Office, 2. Purpose This policy is intended to ensure that personal information is dealt with correctly and securely and in accordance with the Data Protection Act 1998, and other related legislation. It will apply to information regardless of the way it is collected, used, recorded, stored and destroyed, and irrespective of whether it is held in paper files or electronically. All staff involved with the collection, processing and disclosure of personal data will be made aware of their duty to adhere to these guidelines 3. Definition of personal information Personal information is defined as data which relates to a living individual who can be identified from that data, or other information held. The name of the individual need not necessarily be given. In the context of this document, personal data may include; School admission and attendance registers Pupil s curricular and attainment records Progress checks Records in connection with pupils entered for public examinations Staff and Governor records, including payroll Page 1

2 Pupil disciplinary records Personal information held for teaching purposes Records of contractors and suppliers If it is necessary for individual schools, or the Trust, to process certain personal data to fulfil its obligations to students or their parents / carers, then consent is not required. Consent is also not required where processing is necessary to exercise a right or obligation imposed on the individual school or Trust by law, or to protect the vital interests of an individual. Any information which falls under the definition of personal data and is not otherwise exempt will remain confidential. In these circumstances personal data will only be disclosed to third parties with the consent of the individual under the terms of this policy. 4. Definition of sensitive personal data Sensitive personal information includes the following: Ethnic or racial origin Political opinions Religious beliefs Other beliefs of a similar nature Membership of a trade union Physical or mental health condition Sexual life Offence or alleged offence Proceedings or court sentence. Where sensitive personal data is processed by the individual school or Trust, the explicit consent of the individual will be sought in writing unless processing is necessary to exercise a right or obligation imposed on the school by law, or to protect the vital interests of an individual. 5. Disclosure of Information to Third Parties The Trust confirms that it will not generally disclose information to third parties unless the individual has given their consent, or one of the exemptions under the Act applies. For clarity, however, the Trust will make the following third party disclosures: Confidential references to any education institution that a student may wish to attend Transfer of a student s educational record to any education institution that they will be registered at The publication of public examination results or other achievements of individual schools, or the Trust The release of medical information about a student where it is in their interest to do so (eg to the organiser of a school trip or to medical professionals where such information is required to facilitate treatment) Where an individual school receives a request to disclose information to a third party it will always take action to establish the identity of that third party before releasing any information. Page 2

3 6. Data Protection Principles The Trust shall, so far as is reasonably practicable, comply with the either Data Protection principles contained in the Act to ensure all data is: processed fairly and lawfully; only used for the specific and lawful purposes for which it is collected; adequate, relevant and not excessive; accurate and kept up to date; not kept for longer than necessary; processed in accordance with the rights of individuals under the Data Protection Act 1998; kept secure not transferred to a country or territory outside the European Economic Area, without adequate data protection. The Trust is committed to maintaining the above principles at all times. Therefore individual schools, acting on behalf of the Trust, will: Inform individuals why the information is being collected when it is collected Inform individuals when their information is shared, and why and with whom it was shared Check the quality and the accuracy of the information it holds Ensure that information is not retained for longer than is necessary Ensure that when obsolete information is destroyed that it is done so appropriately and securely Ensure that clear and robust safeguards are in place to protect personal information from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded Share information with others only when it is legally appropriate to do so Set out procedures to ensure compliance with the duty to respond to requests for access to personal information, known as Subject Access Requests Ensure our staff are aware of and understand our policies and procedures 7. Right of Access Individuals have a right of access to information held on them by the Trust or by individual schools. The procedures to be followed for a subject access request are detailed at Annex 1. Certain data is exempt from the right of access under the Act. This can include Information which identifies other individuals Information which the individual school or Trust reasonably believes will cause damage or distress Information subject to legal professional privilege The school / Trust will also treat as confidential any reference given for the purpose of the education, training, employment or prospective education of any pupil. Page 3

4 The Trust acknowledges that individuals may have a right of access to any reference relating to them received by an individual school. Such a reference will only be disclosed if doing so does not identify the person supplying the reference or the referee has given their consent or is disclosure is considered reasonable. 8. Rights of Students Under the Data Protection Act, the rights to the data belong to the individual to whom the data relates. However, in most cases, individual schools will rely on parental consent to process data relating to students unless, given the circumstances, and the student s age and understanding, it is unreasonable to rely on the parents consent. Parents should be aware that, in such situations, they may not be consulted. These situations are very rare and it is general policy for individual schools to always seek parents consent before processing a student s personal data. Individual schools are legally required to give a student access to their personal data if, in the School s reasonable belief, the student understands the nature of the request and its implications. The School may, however, withhold access under Section 30 of the Exemptions to the Data Protection Act, if it considers that it is not appropriate for the student to see a particular document. Where a student raises private concerns with a member of staff and makes it clear they do not wish this information passed onto a parent or carer, the school will maintain confidentiality unless it has reasonable grounds to believe that the student does not fully understand the consequences of withholding their consent or where the individual school believes that disclosure is in the very best interests of the student or other students. Individual schools / the Trust cannot guarantee to keep any information confidential where it relates to a safeguarding matter. 9. Consent to use of personal information by the school As part of the entry procedure into schools which form part of Vyners Learning Trust, at any age, parents are asked to sign an agreement giving the school their consent to use their personal data. A copy of this Fair Processing Notice is contained at Annex 2. Parents/carers are reminded of the importance of ensuring that key personal and emergency contact data is kept upto date. Individual schools within the Trust will regularly send home a copy of information held by the school for students and it is important that parents take the time to check this information and advise the school of any inaccuracies. Parents are asked to notify the individual school at any time of changes required to the data held on their child in order that the records may be amended. The right to have inaccurate data corrected extends to factual information only, not opinions 10. CCTV It is common for schools to have CCTV cameras installed around their site. Images are monitored and recorded for the purposes of ensuring student safety and site security. No cameras are installed in classrooms or cover sensitive areas such as student toilets. Page 4

5 The Trust is registered for the installation and use of CCTV with the Office of the Information Commissioner. Where CCTV cameras are installed, appropriate signage is posted around the relevant School site. CCTV images are automatically overwritten after 30 days. maintained and the date stamp checked. The equipment is regularly Schools within the Trust reserve the right to make a copy of footage where an investigation is on-going into an incident. The copy taken will be limited to the specific incident under investigation. Access to the CCTV equipment and images generated is limited to members of the Facilities Team, authorised personnel from the relevant maintenance companies, and such other members of Trust staff as may be involved in the specific investigation of an incident. CCTV images are not routinely monitored and will only be disclosed to third parties in line with the provisions of the Data Protection Act. CCTV images are subject to the same rights of subject access as other personal information. 11. Retention of data Individual schools have a duty to retain certain items of staff and student data for a period of time following their departure from the school. This is mainly for legal reasons, but may also be for other reasons such as providing references. The attention of all parents / carers is particular drawn to the fact that their child s school file will be passed from the primary to secondary sector on transition at the end of Year 6, and will similarly be passed to any other school that a student transfers to during their period of compulsory education. Different categories of data will be kept for different period of times. The Trust follows the guidelines issues by the Information Records and Management Society and a copy of the retention guidelines are contained at Annex Complaints and Feedback Complaints will be dealt with in accordance with the Trust s Complaints Policy, a copy of which is available on each School website. Should you remain dissatisfied, complaints relating to information handling may be referred to the Information Commissioner (the statutory regulator). If you have any enquires in relation to this policy, please contact the Headteacher for the individual school who will also act as the contact point for any subject access requests. 13. Review This policy will be reviewed as it is deemed appropriate, but no less frequently than every 3 years. Page 5

6 Approval / Revision History Post Multi Academy Trust revision history: Revision By date March 2015 Vyners School Facilities Committee March 2015 Ryefield LGB March 2015 VLT Board of Directors March 2018 VLT Board of Directors Summary of Changes Made First issue. First issue This document has been distributed to: Name Title Date of Issue Version Page 6

7 Annex 1 Procedures governing subject access requests Rights of access to information Individuals have rights to information held by schools which operate as part of the Vyners Learning Trust under two specific pieces of legislation: The Data Protection Act 1998 gives any individual the right to make a request to access the personal information held about them. The Freedom of Information Act gives any individual the right to ask for other information held by the individual school or Trust This procedure covers requests for personal information under the Data Protection Act only. A separate Trust policy covers requests for information under the Freedom of Information Act. Actioning a subject access request 1. Requests for information must be made in writing (which includes ) and be addressed to the individual Headteacher. If the initial request does not clearly identify the information required, then the school will ask for the request to be clarified. 2. The identity of the requestor will be established before the disclosure of any information, and checks may also be carried out regarding proof of relationship to the child. Where the individual requesting data is not otherwise known to the individual school, they may be asked to provide documentary evidence to support their right of access. 3. Any individual has the right of access to information held about them. However with children, this is dependent upon their capacity to understand (normally age 12 or above) and the nature of the request. Individual Headteachers reserve the right to discuss a request with a student and to take their views into account when making a decision. A student with competency to understand can refuse to consent to a request by their records. Where the student is not deemed to be competent to consent to a third party data request, an individual with parental responsibility or guardian will make the decision on their behalf. 4. The school may make a charge for the provision of information, dependant upon the following: Should the information requested contain the educational record then the amount charged will be dependent upon the number of pages provided. Should the information requested be personal information that does not include any information contained within educational records, the school reserves the right to charge up to 10 to provide it. If the information requested is only the educational record, viewing will be free, but a charge not exceeding the cost of copying the information can be made by the Headteacher. 5. The response time for subject access requests, once officially received, is 40 calendar days. However the 40 days will not commence until after receipt of fees or clarification of information sought Page 7

8 6. The Data Protection Act 1998 allows exemptions as to the provision of some information; therefore all information will be reviewed prior to disclosure. 7. Third party information is that which has been provided by another body, such as the Police, Local Authority, Health Care professional or another school. Before disclosing third party information consent will normally be obtained. In such cases, the individual school will continue to adhere to the 40 day statutory timescale. 8. Any information which may cause serious harm to the physical or mental health or emotional condition of the student or another will not be disclosed, nor will information that would reveal that the child is at risk of abuse, or information relating to court proceedings. 9. If there are concerns over the disclosure of information, then additional advice will be sought. 10. Where redaction (information blacked out/removed) has taken place then a full copy of the information provided will be retained in order to establish, if a complaint is made, what was redacted and why. 11. Information disclosed will be clear and any codes or technical terms will be clarified and explained. If information contained within the disclosure is difficult to read or illegible, then it may be retyped. 12. Information can be provided at the school with a member of staff on hand to help and explain matters if requested, or provided at face to face handover. The views of the applicant will be taken into account when considering the method of delivery. If postal systems have to be used then registered/recorded mail will be used. Destruction of records The Trust does unfortunately not have the space to retain every record indefinitely. It follows the document retention guidelines recommended by the Information and Records Management Society ( a copy of which is available on request from the school. All records will be disposed of securely at the end of the designated retention period. Page 8

9 Annex 2 Fair Processing Notice PRIVACY NOTICE - Data Protection Act 1998 for Students enrolled at Vyners School Vyners Learning Trust is a data controller for the purposes of the Data Protection Act. The School collects personal information about students and may receive information about students from their previous school and the Learning Records Service. We hold this personal data to: Support student learning; Monitor and report on student progress; Provide appropriate pastoral care; Facilitate student participation in extra-curricular and enrichment activities; and Assess how well the school is doing. Information about students that we hold includes parental contact details, national curriculum assessment results, attendance information and personal characteristics such as ethnic group, any special educational needs students may have and relevant medical information. If students are enrolling for post 14 qualifications the Learning Records Service will give us their unique learner number (ULN) and may also give us details about their learning or qualifications. Once students are aged 13 or over, the School is required by law to pass on certain information to providers of youth support services in the area. This is the local authority support service for young people aged 13 to 19 in England. We must provide the names and addresses of students and their parent(s), and any further information relevant to the support services role. We may also share data with post 16 providers to secure appropriate support on entry to post 16 provision. Parent(s) can ask that no information beyond names, addresses and student date of birth be passed to the support service. This right transfers to the student on their 16th birthday. Please write to the Work Related Learning Coordinator (at the school address) if you wish to opt out of this arrangement. For more information about young people s services, please go to the National Careers Service page at Biometric consent The School collects and holds biometric information in connection with its cashless catering system. Specific parental consent is sought to hold and process this information. Use of Images Page 9

10 The School will periodically take photographs, videos and audio recordings of students engaged in learning and extra curricular activities. These images and data files may be used for marketing purposes (such as the school website, prospectus, and used around the school site) and are also shared with other students within the school. These images and recording are stored securely on the school servers, but may also be posted publically via the school s YouTube, Facebook and Twitter accounts. Explicit consent is sought from all parents on joining the school for the taking and use of such images of their child. Data sharing with third parties We will not give information about students to anyone without consent unless the law and our policies allow us to. Please note that the School is required by law to pass some information about students to the Department for Education (DfE) and, in turn, this will be available for the use of the LA. If you want to receive a copy of the information that we hold or share, please contact Miss K Williams, Business Manager. If you need more information about how the LA and DfE store and use student information, then please go to the following websites: or If you cannot access these websites, please contact the LA or DfE as follows: The Data Protection Officer, Legal Services (3E/04), London Borough of Hillingdon, Civic Centre, High Street, Uxbridge, UB8 1UW. Public Communications Unit Department for Education Sanctuary Buildings Great Smith Street London SW1P 3BT Website: education Telephone: Page 10

Staple Hill Primary School. Data Protection Policy

Staple Hill Primary School. Data Protection Policy Staple Hill Primary School Data Protection Policy Staple Hill Primary School collects and uses personal information about staff, pupils, parents and other individuals who come into contact with the school.

More information

Version 1. Chair of Governors Signature.. Review Date: Spring term 2017

Version 1. Chair of Governors Signature.. Review Date: Spring term 2017 Version 1 Chair of Governors Signature.. Date of Adoption/Ratification: 4 th February 2015 Review Date: Spring term 2017 Purpose Cliff Park School s Trust collects and uses personal information about staff,

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Approved by Governors Date: 15 March 2016 Signed Chair of Governors Date of Review: Introduction Blessed Trinity RC College collects and uses personal information about staff, pupils,

More information

Glyncoed Primary School. Data Protection Policy

Glyncoed Primary School. Data Protection Policy Glyncoed Primary School Data Protection Policy Date agreed: March 2015 Review date: March 2017 1 Data Protection Policy Glyncoed Primary School collects and uses personal information about staff, pupils,

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

Crofton School Data Protection Policy

Crofton School Data Protection Policy Crofton School Data Protection Policy Crofton School collects and uses personal information (referred to in the Data Protection Act as personal data) about staff, students, parents and other individuals

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Document Management: Date Policy Approved: 29 April 2015 Date Amended: Next Review Date: April 2017 Version: 1 Approving Body: Resources Committee 1 1. Introduction The Data Protection

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal

More information

DATA PROTECTION POLICY. DATA PROTECTION POLICY Reviewed and Adopted April Signed...COG...HEAD

DATA PROTECTION POLICY. DATA PROTECTION POLICY Reviewed and Adopted April Signed...COG...HEAD DATA PROTECTION POLICY DATA PROTECTION POLICY Reviewed and Adopted April 2016 Signed...COG...HEAD Next review April 2018 Data Protection Policy AIMS This policy sets out the Council s commitment to the

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

Data Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy

Data Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy Data Protection policy approved by the Governing Body of Ifield Community College Ifield Community College Data Protection Policy Introduction The school collects and uses certain types or personal information

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

The Chafford School. Data Protection and Freedom of Information Policy

The Chafford School. Data Protection and Freedom of Information Policy The Chafford School Data Protection and Freedom of Information Policy INDEX Aims & Objectives... 3 Data Protection The law... 3 Processing, storing, archiving and deleting personal data: Guidance... 3

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data

More information

Policy Name: Data Protection. Nominated Lead Member of Staff: ICT Manager. Status: Review Cycle: 2 Years. Authorisation: Governing Body

Policy Name: Data Protection. Nominated Lead Member of Staff: ICT Manager. Status: Review Cycle: 2 Years. Authorisation: Governing Body Policy Name: Data Protection Nominated Lead Member of Staff: ICT Manager Status: Review Cycle: 2 Years Authorisation: Governing Body Review Date: June 2017 Data Protection Policy The Governing Body of

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

Data Protection Policy

Data Protection Policy Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

Data Protection Policy

Data Protection Policy Data Protection Policy BMBC Data Protection Policy V1 Page 1 of 7 Table of Contents 1 INTRODUCTION... 3 2 POLICY STATEMENT... 3 3. SCOPE... 3 4 DATA PROTECTION PRINCIPLES... 4 5 PREREQUISITE CONDITIONS

More information

Data Protection and Information Security Policy and Procedure

Data Protection and Information Security Policy and Procedure Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

Paperless World Limited

Paperless World Limited Paperless World Limited Security Policy Statement Contents Section 1: Paperless World Limited Security Policy Statement... 2 Section 2: The Data Protection Act 1998... 2 Section 3: Definitions... 2 Personal

More information

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format. University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information

More information

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy

More information

Data Protection and Privacy Policy

Data Protection and Privacy Policy Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

Falkirk Council Data Protection Guidelines

Falkirk Council Data Protection Guidelines Falkirk Council Data Protection Guidelines Contents Contents 2 Objectives 3 What does the Data Protection Act 1998 do? 3 Who is who under the Data Protection Act 1998? 4 Definitions 4 The Eight Principles

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information. MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?

More information

SAFEGUARDING CHILDREN AND CHILD PROTECTION POLICY

SAFEGUARDING CHILDREN AND CHILD PROTECTION POLICY SAFEGUARDING CHILDREN AND CHILD PROTECTION POLICY Our setting will work with children, parents and the community to ensure the rights and safety of children and to give them the very best start in life.

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction and purpose 1.1 Children s Hearings Scotland (CHS) is required to maintain certain personal data about individuals for the purposes of satisfying our statutory, operational

More information

Data Protection Procedures

Data Protection Procedures Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council

More information

Information Privacy Policy

Information Privacy Policy Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION

More information

HOW WE USE YOUR PERSONAL INFORMATION

HOW WE USE YOUR PERSONAL INFORMATION HOW WE USE YOUR PERSONAL INFORMATION Information Leaflet Your Health. Our Priority. Page 2 of 9 Introduction This Leaflet explains why the NHS collects information about you and how it is used, your right

More information

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

The Manchester College

The Manchester College The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation

More information

POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL

POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL CCTV cameras are now a familiar sight throughout the country. They are one of the many measures being introduced to help prevent

More information

Data Protection Policy

Data Protection Policy Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

SUBJECT ACCESS REQUEST PROCEDURE

SUBJECT ACCESS REQUEST PROCEDURE SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under

More information

Dean Bank Primary and Nursery School. Data Protection Policy

Dean Bank Primary and Nursery School. Data Protection Policy Dean Bank Primary and Nursery School Data Protection Policy January 2015 Data Protection Policy Dean Bank Primary and Nursery School handles increasing amounts of personal information and have a statutory

More information

Data Protection Policy

Data Protection Policy Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order

More information

singapore american school

singapore american school Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

John Leggott College. Data Protection Policy. Introduction

John Leggott College. Data Protection Policy. Introduction John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and

More information

Access to Information: Data Protection and Freedom of Information

Access to Information: Data Protection and Freedom of Information Access to Information: Data Protection and Freedom of Information Records Management Section Data protection: key concepts Personal data Sensitive personal data Data subjects Data protection principles

More information

University of Limerick Data Protection Compliance Regulations June 2015

University of Limerick Data Protection Compliance Regulations June 2015 University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick

More information

Records Management Policy

Records Management Policy Records Management Policy If you need this information in another language or format, please contact us to discuss how we can best meet your needs. Phone 0303 123 1015 or email equalities@southlanarkshire.gov.uk

More information

Data Protection Act a more detailed guide

Data Protection Act a more detailed guide Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data

More information

Data Protection for the Guidance Counsellor. Issues To Plan For

Data Protection for the Guidance Counsellor. Issues To Plan For Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)

More information

ATMD Bird & Bird. Singapore Personal Data Protection Policy

ATMD Bird & Bird. Singapore Personal Data Protection Policy ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents

More information

Subject Access Request, Procedure, Guidance and Information

Subject Access Request, Procedure, Guidance and Information Subject Access Request, Procedure, Guidance and Information Updated: July 2015 Page 1 of 61 CONTENTS 1. Introduction 5 2. Legal Context 5 3. Subject Access Request to Personal Records Guidance 6 Guidance

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations

More information

Child and Adult Services Subject Access Requests Guidance

Child and Adult Services Subject Access Requests Guidance Child and Adult Services Subject Access Requests Guidance This Guidance is not applicable to Access to Information requests about Adoption. For requests about Adoption please consult the Adoption and Children

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT

More information

INFORMATION PRIVACY STATEMENT

INFORMATION PRIVACY STATEMENT INFORMATION PRIVACY STATEMENT Victoria Police is bound by the Privacy and Data Protection Act 2014 in how it manages personal information. Victoria Police is committed to protecting the personal information

More information

PRIVACY POLICY. Privacy Statement

PRIVACY POLICY. Privacy Statement PRIVACY POLICY Privacy Statement Blue Care is one of Australia's leading providers of retirement living, community health, help at home services and aged care homes, caring for more than 12,500 people

More information

DATA PROTECTION ACT 2002 The Basics

DATA PROTECTION ACT 2002 The Basics DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary

More information

DATA PROTECTION AUDIT GUIDANCE

DATA PROTECTION AUDIT GUIDANCE DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data

More information

Subject Access Request (SAR) Procedure

Subject Access Request (SAR) Procedure Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave

More information

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0 PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner

More information

Privacy Policy PEGS our Privacy Act APPs

Privacy Policy PEGS our Privacy Act APPs Privacy Policy Penleigh and Essendon Grammar School ACN 006 038 071 (which, for the purpose of this Privacy Policy includes any of its Related Bodies Corporate, as that term is defined in the Corporations

More information

E-Safety Policy for Early Years Settings

E-Safety Policy for Early Years Settings E-Safety Policy for Early Years Settings Appletree Nursery School June 2015 1 Policy Statement The internet is an accessible tool to children in early years settings- gaming, mobile learning apps etc All

More information

Somerset County Council - Data Protection Policy - Final

Somerset County Council - Data Protection Policy - Final Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

Data protection policy

Data protection policy Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data

More information

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

PRIVACY POLICY. comply with the Australian Privacy Principles (APPs); ensure that we manage your personal information openly and transparently; PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE 1. INTRODUCTION Annex C 1.1 Surrey Heath Borough Council (SHBC) processes personal data and must respond appropriately against unauthorised or unlawful

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

Data Protection Policy Information for Clients

Data Protection Policy Information for Clients Data Protection Policy Information for Clients Foreword This document outlines Numis Securities Limited s ( the Firm or Numis ) legal obligations and policy on data protection. Further information can

More information

COMPLAINTS POLICY / GOOD PRACTICE GUIDANCE

COMPLAINTS POLICY / GOOD PRACTICE GUIDANCE COMPLAINTS POLICY / GOOD PRACTICE GUIDANCE Governing body approved: Date last reviewed: 24/11/2015 Review Date: Autumn Term 2018 Responsible Committee: School Development Responsible Person: Business Manager

More information