Vyners Learning Trust Data Protection and Retention Policy
|
|
- Rebecca Grant
- 7 years ago
- Views:
Transcription
1 Vyners Learning Trust Data Protection and Retention Policy 1. Background Vyners Learning Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact with each of the individual schools which make up the Trust. This information is gathered in order to enable it to provide education and other associated functions. In addition, there may be a legal requirement to collect and use information to ensure that individual schools comply with their statutory obligations. This personal information must be handled properly and the Data Protection Act 1998 sets out a number of safeguards to ensure this. As a Data Controller, the Trust is registered with the Information Commissioner s Office (ICO) detailing the information held and its use. The details of our registration are available on the ICO s website. The Board of Directors of the Trust is ultimately responsible for the implementation of this policy. They delegate responsibility for day to day compliance with this policy to individual Headteachers. Further advice and information on the scope of the Data Protection Act is available from the Information Commissioner s Office, 2. Purpose This policy is intended to ensure that personal information is dealt with correctly and securely and in accordance with the Data Protection Act 1998, and other related legislation. It will apply to information regardless of the way it is collected, used, recorded, stored and destroyed, and irrespective of whether it is held in paper files or electronically. All staff involved with the collection, processing and disclosure of personal data will be made aware of their duty to adhere to these guidelines 3. Definition of personal information Personal information is defined as data which relates to a living individual who can be identified from that data, or other information held. The name of the individual need not necessarily be given. In the context of this document, personal data may include; School admission and attendance registers Pupil s curricular and attainment records Progress checks Records in connection with pupils entered for public examinations Staff and Governor records, including payroll Page 1
2 Pupil disciplinary records Personal information held for teaching purposes Records of contractors and suppliers If it is necessary for individual schools, or the Trust, to process certain personal data to fulfil its obligations to students or their parents / carers, then consent is not required. Consent is also not required where processing is necessary to exercise a right or obligation imposed on the individual school or Trust by law, or to protect the vital interests of an individual. Any information which falls under the definition of personal data and is not otherwise exempt will remain confidential. In these circumstances personal data will only be disclosed to third parties with the consent of the individual under the terms of this policy. 4. Definition of sensitive personal data Sensitive personal information includes the following: Ethnic or racial origin Political opinions Religious beliefs Other beliefs of a similar nature Membership of a trade union Physical or mental health condition Sexual life Offence or alleged offence Proceedings or court sentence. Where sensitive personal data is processed by the individual school or Trust, the explicit consent of the individual will be sought in writing unless processing is necessary to exercise a right or obligation imposed on the school by law, or to protect the vital interests of an individual. 5. Disclosure of Information to Third Parties The Trust confirms that it will not generally disclose information to third parties unless the individual has given their consent, or one of the exemptions under the Act applies. For clarity, however, the Trust will make the following third party disclosures: Confidential references to any education institution that a student may wish to attend Transfer of a student s educational record to any education institution that they will be registered at The publication of public examination results or other achievements of individual schools, or the Trust The release of medical information about a student where it is in their interest to do so (eg to the organiser of a school trip or to medical professionals where such information is required to facilitate treatment) Where an individual school receives a request to disclose information to a third party it will always take action to establish the identity of that third party before releasing any information. Page 2
3 6. Data Protection Principles The Trust shall, so far as is reasonably practicable, comply with the either Data Protection principles contained in the Act to ensure all data is: processed fairly and lawfully; only used for the specific and lawful purposes for which it is collected; adequate, relevant and not excessive; accurate and kept up to date; not kept for longer than necessary; processed in accordance with the rights of individuals under the Data Protection Act 1998; kept secure not transferred to a country or territory outside the European Economic Area, without adequate data protection. The Trust is committed to maintaining the above principles at all times. Therefore individual schools, acting on behalf of the Trust, will: Inform individuals why the information is being collected when it is collected Inform individuals when their information is shared, and why and with whom it was shared Check the quality and the accuracy of the information it holds Ensure that information is not retained for longer than is necessary Ensure that when obsolete information is destroyed that it is done so appropriately and securely Ensure that clear and robust safeguards are in place to protect personal information from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded Share information with others only when it is legally appropriate to do so Set out procedures to ensure compliance with the duty to respond to requests for access to personal information, known as Subject Access Requests Ensure our staff are aware of and understand our policies and procedures 7. Right of Access Individuals have a right of access to information held on them by the Trust or by individual schools. The procedures to be followed for a subject access request are detailed at Annex 1. Certain data is exempt from the right of access under the Act. This can include Information which identifies other individuals Information which the individual school or Trust reasonably believes will cause damage or distress Information subject to legal professional privilege The school / Trust will also treat as confidential any reference given for the purpose of the education, training, employment or prospective education of any pupil. Page 3
4 The Trust acknowledges that individuals may have a right of access to any reference relating to them received by an individual school. Such a reference will only be disclosed if doing so does not identify the person supplying the reference or the referee has given their consent or is disclosure is considered reasonable. 8. Rights of Students Under the Data Protection Act, the rights to the data belong to the individual to whom the data relates. However, in most cases, individual schools will rely on parental consent to process data relating to students unless, given the circumstances, and the student s age and understanding, it is unreasonable to rely on the parents consent. Parents should be aware that, in such situations, they may not be consulted. These situations are very rare and it is general policy for individual schools to always seek parents consent before processing a student s personal data. Individual schools are legally required to give a student access to their personal data if, in the School s reasonable belief, the student understands the nature of the request and its implications. The School may, however, withhold access under Section 30 of the Exemptions to the Data Protection Act, if it considers that it is not appropriate for the student to see a particular document. Where a student raises private concerns with a member of staff and makes it clear they do not wish this information passed onto a parent or carer, the school will maintain confidentiality unless it has reasonable grounds to believe that the student does not fully understand the consequences of withholding their consent or where the individual school believes that disclosure is in the very best interests of the student or other students. Individual schools / the Trust cannot guarantee to keep any information confidential where it relates to a safeguarding matter. 9. Consent to use of personal information by the school As part of the entry procedure into schools which form part of Vyners Learning Trust, at any age, parents are asked to sign an agreement giving the school their consent to use their personal data. A copy of this Fair Processing Notice is contained at Annex 2. Parents/carers are reminded of the importance of ensuring that key personal and emergency contact data is kept upto date. Individual schools within the Trust will regularly send home a copy of information held by the school for students and it is important that parents take the time to check this information and advise the school of any inaccuracies. Parents are asked to notify the individual school at any time of changes required to the data held on their child in order that the records may be amended. The right to have inaccurate data corrected extends to factual information only, not opinions 10. CCTV It is common for schools to have CCTV cameras installed around their site. Images are monitored and recorded for the purposes of ensuring student safety and site security. No cameras are installed in classrooms or cover sensitive areas such as student toilets. Page 4
5 The Trust is registered for the installation and use of CCTV with the Office of the Information Commissioner. Where CCTV cameras are installed, appropriate signage is posted around the relevant School site. CCTV images are automatically overwritten after 30 days. maintained and the date stamp checked. The equipment is regularly Schools within the Trust reserve the right to make a copy of footage where an investigation is on-going into an incident. The copy taken will be limited to the specific incident under investigation. Access to the CCTV equipment and images generated is limited to members of the Facilities Team, authorised personnel from the relevant maintenance companies, and such other members of Trust staff as may be involved in the specific investigation of an incident. CCTV images are not routinely monitored and will only be disclosed to third parties in line with the provisions of the Data Protection Act. CCTV images are subject to the same rights of subject access as other personal information. 11. Retention of data Individual schools have a duty to retain certain items of staff and student data for a period of time following their departure from the school. This is mainly for legal reasons, but may also be for other reasons such as providing references. The attention of all parents / carers is particular drawn to the fact that their child s school file will be passed from the primary to secondary sector on transition at the end of Year 6, and will similarly be passed to any other school that a student transfers to during their period of compulsory education. Different categories of data will be kept for different period of times. The Trust follows the guidelines issues by the Information Records and Management Society and a copy of the retention guidelines are contained at Annex Complaints and Feedback Complaints will be dealt with in accordance with the Trust s Complaints Policy, a copy of which is available on each School website. Should you remain dissatisfied, complaints relating to information handling may be referred to the Information Commissioner (the statutory regulator). If you have any enquires in relation to this policy, please contact the Headteacher for the individual school who will also act as the contact point for any subject access requests. 13. Review This policy will be reviewed as it is deemed appropriate, but no less frequently than every 3 years. Page 5
6 Approval / Revision History Post Multi Academy Trust revision history: Revision By date March 2015 Vyners School Facilities Committee March 2015 Ryefield LGB March 2015 VLT Board of Directors March 2018 VLT Board of Directors Summary of Changes Made First issue. First issue This document has been distributed to: Name Title Date of Issue Version Page 6
7 Annex 1 Procedures governing subject access requests Rights of access to information Individuals have rights to information held by schools which operate as part of the Vyners Learning Trust under two specific pieces of legislation: The Data Protection Act 1998 gives any individual the right to make a request to access the personal information held about them. The Freedom of Information Act gives any individual the right to ask for other information held by the individual school or Trust This procedure covers requests for personal information under the Data Protection Act only. A separate Trust policy covers requests for information under the Freedom of Information Act. Actioning a subject access request 1. Requests for information must be made in writing (which includes ) and be addressed to the individual Headteacher. If the initial request does not clearly identify the information required, then the school will ask for the request to be clarified. 2. The identity of the requestor will be established before the disclosure of any information, and checks may also be carried out regarding proof of relationship to the child. Where the individual requesting data is not otherwise known to the individual school, they may be asked to provide documentary evidence to support their right of access. 3. Any individual has the right of access to information held about them. However with children, this is dependent upon their capacity to understand (normally age 12 or above) and the nature of the request. Individual Headteachers reserve the right to discuss a request with a student and to take their views into account when making a decision. A student with competency to understand can refuse to consent to a request by their records. Where the student is not deemed to be competent to consent to a third party data request, an individual with parental responsibility or guardian will make the decision on their behalf. 4. The school may make a charge for the provision of information, dependant upon the following: Should the information requested contain the educational record then the amount charged will be dependent upon the number of pages provided. Should the information requested be personal information that does not include any information contained within educational records, the school reserves the right to charge up to 10 to provide it. If the information requested is only the educational record, viewing will be free, but a charge not exceeding the cost of copying the information can be made by the Headteacher. 5. The response time for subject access requests, once officially received, is 40 calendar days. However the 40 days will not commence until after receipt of fees or clarification of information sought Page 7
8 6. The Data Protection Act 1998 allows exemptions as to the provision of some information; therefore all information will be reviewed prior to disclosure. 7. Third party information is that which has been provided by another body, such as the Police, Local Authority, Health Care professional or another school. Before disclosing third party information consent will normally be obtained. In such cases, the individual school will continue to adhere to the 40 day statutory timescale. 8. Any information which may cause serious harm to the physical or mental health or emotional condition of the student or another will not be disclosed, nor will information that would reveal that the child is at risk of abuse, or information relating to court proceedings. 9. If there are concerns over the disclosure of information, then additional advice will be sought. 10. Where redaction (information blacked out/removed) has taken place then a full copy of the information provided will be retained in order to establish, if a complaint is made, what was redacted and why. 11. Information disclosed will be clear and any codes or technical terms will be clarified and explained. If information contained within the disclosure is difficult to read or illegible, then it may be retyped. 12. Information can be provided at the school with a member of staff on hand to help and explain matters if requested, or provided at face to face handover. The views of the applicant will be taken into account when considering the method of delivery. If postal systems have to be used then registered/recorded mail will be used. Destruction of records The Trust does unfortunately not have the space to retain every record indefinitely. It follows the document retention guidelines recommended by the Information and Records Management Society ( a copy of which is available on request from the school. All records will be disposed of securely at the end of the designated retention period. Page 8
9 Annex 2 Fair Processing Notice PRIVACY NOTICE - Data Protection Act 1998 for Students enrolled at Vyners School Vyners Learning Trust is a data controller for the purposes of the Data Protection Act. The School collects personal information about students and may receive information about students from their previous school and the Learning Records Service. We hold this personal data to: Support student learning; Monitor and report on student progress; Provide appropriate pastoral care; Facilitate student participation in extra-curricular and enrichment activities; and Assess how well the school is doing. Information about students that we hold includes parental contact details, national curriculum assessment results, attendance information and personal characteristics such as ethnic group, any special educational needs students may have and relevant medical information. If students are enrolling for post 14 qualifications the Learning Records Service will give us their unique learner number (ULN) and may also give us details about their learning or qualifications. Once students are aged 13 or over, the School is required by law to pass on certain information to providers of youth support services in the area. This is the local authority support service for young people aged 13 to 19 in England. We must provide the names and addresses of students and their parent(s), and any further information relevant to the support services role. We may also share data with post 16 providers to secure appropriate support on entry to post 16 provision. Parent(s) can ask that no information beyond names, addresses and student date of birth be passed to the support service. This right transfers to the student on their 16th birthday. Please write to the Work Related Learning Coordinator (at the school address) if you wish to opt out of this arrangement. For more information about young people s services, please go to the National Careers Service page at Biometric consent The School collects and holds biometric information in connection with its cashless catering system. Specific parental consent is sought to hold and process this information. Use of Images Page 9
10 The School will periodically take photographs, videos and audio recordings of students engaged in learning and extra curricular activities. These images and data files may be used for marketing purposes (such as the school website, prospectus, and used around the school site) and are also shared with other students within the school. These images and recording are stored securely on the school servers, but may also be posted publically via the school s YouTube, Facebook and Twitter accounts. Explicit consent is sought from all parents on joining the school for the taking and use of such images of their child. Data sharing with third parties We will not give information about students to anyone without consent unless the law and our policies allow us to. Please note that the School is required by law to pass some information about students to the Department for Education (DfE) and, in turn, this will be available for the use of the LA. If you want to receive a copy of the information that we hold or share, please contact Miss K Williams, Business Manager. If you need more information about how the LA and DfE store and use student information, then please go to the following websites: or If you cannot access these websites, please contact the LA or DfE as follows: The Data Protection Officer, Legal Services (3E/04), London Borough of Hillingdon, Civic Centre, High Street, Uxbridge, UB8 1UW. Public Communications Unit Department for Education Sanctuary Buildings Great Smith Street London SW1P 3BT Website: education Telephone: Page 10
Staple Hill Primary School. Data Protection Policy
Staple Hill Primary School Data Protection Policy Staple Hill Primary School collects and uses personal information about staff, pupils, parents and other individuals who come into contact with the school.
More informationVersion 1. Chair of Governors Signature.. Review Date: Spring term 2017
Version 1 Chair of Governors Signature.. Date of Adoption/Ratification: 4 th February 2015 Review Date: Spring term 2017 Purpose Cliff Park School s Trust collects and uses personal information about staff,
More informationGlyncoed Primary School. Data Protection Policy
Glyncoed Primary School Data Protection Policy Date agreed: March 2015 Review date: March 2017 1 Data Protection Policy Glyncoed Primary School collects and uses personal information about staff, pupils,
More informationData Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website
Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,
More informationCrofton School Data Protection Policy
Crofton School Data Protection Policy Crofton School collects and uses personal information (referred to in the Data Protection Act as personal data) about staff, students, parents and other individuals
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Document Management: Date Policy Approved: 29 April 2015 Date Amended: Next Review Date: April 2017 Version: 1 Approving Body: Resources Committee 1 1. Introduction The Data Protection
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationData Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy
Data Protection policy approved by the Governing Body of Ifield Community College Ifield Community College Data Protection Policy Introduction The school collects and uses certain types or personal information
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationHampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationPolicy Name: Data Protection. Nominated Lead Member of Staff: ICT Manager. Status: Review Cycle: 2 Years. Authorisation: Governing Body
Policy Name: Data Protection Nominated Lead Member of Staff: ICT Manager Status: Review Cycle: 2 Years Authorisation: Governing Body Review Date: June 2017 Data Protection Policy The Governing Body of
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationData Protection and Information Security Policy and Procedure
Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationRick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
More information2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationFalkirk Council Data Protection Guidelines
Falkirk Council Data Protection Guidelines Contents Contents 2 Objectives 3 What does the Data Protection Act 1998 do? 3 Who is who under the Data Protection Act 1998? 4 Definitions 4 The Eight Principles
More informationData Protection and Privacy Policy
Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.
More informationSAFEGUARDING CHILDREN AND CHILD PROTECTION POLICY
SAFEGUARDING CHILDREN AND CHILD PROTECTION POLICY Our setting will work with children, parents and the community to ensure the rights and safety of children and to give them the very best start in life.
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationData Protection Procedures
Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council
More informationPOLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL
POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL CCTV cameras are now a familiar sight throughout the country. They are one of the many measures being introduced to help prevent
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More information1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationsingapore american school
Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationInformation Privacy Policy
Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationIndex. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
More informationSUBJECT ACCESS REQUEST PROCEDURE
SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under
More informationData Protection Policy
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
More informationSubject Access Request, Procedure, Guidance and Information
Subject Access Request, Procedure, Guidance and Information Updated: July 2015 Page 1 of 61 CONTENTS 1. Introduction 5 2. Legal Context 5 3. Subject Access Request to Personal Records Guidance 6 Guidance
More informationHow To Share Your Health Records With The National Health Service
HOW WE USE YOUR PERSONAL INFORMATION Information Leaflet Your Health. Our Priority. Page 2 of 9 Introduction This Leaflet explains why the NHS collects information about you and how it is used, your right
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationDean Bank Primary and Nursery School. Data Protection Policy
Dean Bank Primary and Nursery School Data Protection Policy January 2015 Data Protection Policy Dean Bank Primary and Nursery School handles increasing amounts of personal information and have a statutory
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationData Protection Policy
Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationThe Manchester College
The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored
More informationPRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;
PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal
More informationData Protection Policy
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
More informationSubject Access Request (SAR) Procedure
Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave
More informationPolicy for delegating authority to foster carers. September 2013
Policy for delegating authority to foster carers September 2013 Purpose and scope of policy 1.1 Introduction Decision-making around the care of looked after children can be an area of conflict between
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationJohn Leggott College. Data Protection Policy. Introduction
John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationSubject Access Request Policy Number ID ID # 2011 075 Author: Nicola Bateman Author Job Title: Information Governance Manager Division: Corporate Department: Clinical Informatics Version Number: 2.1 Ratifying
More informationPRIVACY POLICY. Privacy Statement
PRIVACY POLICY Privacy Statement Blue Care is one of Australia's leading providers of retirement living, community health, help at home services and aged care homes, caring for more than 12,500 people
More informationDATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;
DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules
More informationComplaints Policy. Complaints Policy. Page 1
Complaints Policy Page 1 Complaints Policy Policy ref no: CCG 006/14 Author (inc job Kat Tucker Complaints & FOI Manager title) Date Approved 25 November 2014 Approved by CCG Governing Body Date of next
More informationData Protection Policy Information for Clients
Data Protection Policy Information for Clients Foreword This document outlines Numis Securities Limited s ( the Firm or Numis ) legal obligations and policy on data protection. Further information can
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
More informationData Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationSomerset County Council - Data Protection Policy - Final
Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council
More informationDATA PROTECTION AUDIT GUIDANCE
DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data
More information10 DATABASE PRACTICE
10 DATABASE PRACTICE Background Marketers must comply with all relevant data protection legislation. Guidance on that legislation is available from the Information Commissioner's Office. Although data
More informationBoothville Primary School. Dealing with Allegations against School Personnel, Volunteers, Headteacher or Pupils. Allegations
Dealing with against School Personnel, Volunteers, Headteacher or Pupils Dealing with against School Personnel, Volunteers, Headteacher or Pupils Date Sept 15 Review Date Sept 16 Designated Child Protection
More informationData Protection Guidance
53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection
More informationCCG: IG06: Records Management Policy and Strategy
Corporate CCG: IG06: Records Management Policy and Strategy Version Number Date Issued Review Date V3 08/01/2016 01/01/2018 Prepared By: Consultation Process: Senior Governance Manager, NECS CCG Head of
More informationData Protection Policy
Data Protection Policy 1. INTRODUCTION 1.1. The Data Protection Act gives you as an individual the right to know what information is held about you. It provides a framework to ensure that personal information
More informationRECORDS MANAGEMENT POLICY
[Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body
More informationA Mobile Phone and Camera Toolkit for Early Years Settings. Early Years Services April 2013 Version 1.0
A Mobile Phone and Camera Toolkit for Early Years Settings Early Years Services April 2013 Version 1.0 Contents 1.0 Introduction Who is the Toolkit for? 2.0 Mobile Phone Policy and Procedure 2.1 Aim 2.2
More informationPERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
More informationDATA PROTECTION POLICY
MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to
More informationHalton Borough Council. Privacy Notice
Halton Borough Council Privacy Notice Halton Borough Council is registered as a data controller under the Data Protection Act as we collect and process personal information about you. The information we
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
More informationPrivacy Policy PEGS our Privacy Act APPs
Privacy Policy Penleigh and Essendon Grammar School ACN 006 038 071 (which, for the purpose of this Privacy Policy includes any of its Related Bodies Corporate, as that term is defined in the Corporations
More informationBarnet Partnership Information Sharing Protocol
Barnet Partnership Information Sharing Protocol Information Sharing Protocol V1_0C - FINAL Page 1 of 52 Version 1.0 (FINAL) Contents 1 Background... 4 1.1 The need to share information... 4 2 Scope...
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationChild and Adult Services Subject Access Requests Guidance
Child and Adult Services Subject Access Requests Guidance This Guidance is not applicable to Access to Information requests about Adoption. For requests about Adoption please consult the Adoption and Children
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention
More informationSearching, screening and confiscation. Advice for headteachers, school staff and governing bodies
Searching, screening and confiscation Advice for headteachers, school staff and governing bodies February 2014 Contents Summary 3 About this departmental advice 3 Expiry or review date 3 Who is this advice
More informationDATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE
DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE 1. INTRODUCTION Annex C 1.1 Surrey Heath Borough Council (SHBC) processes personal data and must respond appropriately against unauthorised or unlawful
More informationContents. Section/Paragraph Description Page Number
- NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICA CLINICAL NON CLINICAL - CLINICAL CLINICAL Complaints Policy Incorporating Compliments, Comments,
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationSTAFF & GOVERNOR USE OF SOCIAL MEDIA AND INTERNET SITES POLICY
Page 1 of 7 Alveston CofE Primary School has adopted this policy from the Local Authority. INTRODUCTION Social media includes online social forums such as Facebook, Twitter and LinkedIn, and websites such
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationPRIVACY AND CREDIT REPORTING POLICY
PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal
More information