Data Protection Policy
|
|
- Milton McCoy
- 7 years ago
- Views:
Transcription
1 Data Protection Policy Effective Nov 2014
2 Contents 1. Aim & Scope page 3 2. Purpose page 3 3. Key Definitions page 3 4. Data Protection Principles page 3 5. General Statement page 4 6. Data Security page 5 7. Responsibilities of Staff page 5 8. Data Subjects Rights page 5 9. Publication of Schools Exam Results page Disclosing Personal Data page Subject Access Requests page Complaints page Contacts page 8 APPENDIX A - Privacy Notice page 9 APPENDIX B - Procedure for responding to a Subject Access Request page 11 Policy Review Form page 13 Page 2
3 Aim In adopting this policy the aim is to: ensure that personal information is dealt with correctly and securely and in accordance with the Data Protection Act 1998 (the Act ), and other related legislation; inform staff and others involved in the collection, processing and disclosure of personal data so that they are aware of their duties and responsibilities. Scope This policy applies to all governors and staff of Summerlea Community Primary School, any person who is required to control or process data on behalf of the school and to parents, pupils and others providing person their data. This policy should be read in conjunction with West Sussex County Council s Data Protection Policy. Purpose Summerlea CP School collects and uses personal information about staff, pupils, parents and other individuals who come into contact with the school. This information is gathered in order to enable it to provide education and other associated functions. In addition, there may be a legal requirement to collect and use information to ensure that the school complies with its statutory obligations. Schools have a duty to be registered, as Data Controllers, with the Information Commissioner s Office (ICO) detailing the information held and its use. These details are then available on the ICO s website. Schools also have a duty to issue a Fair Processing Notice to all pupils/parents, this summarises the information held on pupils, why it is held and the other parties to whom it may be passed on. This policy is intended to provide a summary of the relevant legislation and to highlight the requirements when collecting, processing and disclosing personal data. It will apply to information regardless of the way it is collected, used, recorded, stored and destroyed, and irrespective of whether it is held in paper files or electronically. Key Definitions The following are key definitions used in the Act: Data Controller: means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. In this case, the School is the Data Controller. Data Processor: in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller. Data Subject: means an individual who is the subject of personal data. Personal Data: is defined as data which relates to a living individual who can be identified from that data or other information held. Processing: in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data. Sensitive Personal Data: includes information such as: (a) the racial or ethnic origin of the data subject, Page 3
4 (b) his political opinions, (c) his religious beliefs or other beliefs of a similar nature, (d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992), (e) his physical or mental health or condition, (f) his sexual life, (g) the commission or alleged commission by him of any offence, or (h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings. Data Protection Principles The Data Protection Act 1998 establishes eight enforceable principles that must be adhered to at all times: 1. Personal data shall be processed fairly and lawfully. 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and where necessary, kept up to date. 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary. 6. Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act Personal data shall be kept secure: appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction or damage to personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. General Statement on Data Protection in School The school is committed to maintaining the above principles at all times. Therefore the school will: Inform individuals why the information is being collected when it is collected. Inform individuals when their information is shared, and why and with whom it was shared. Check the quality and the accuracy of the information it holds. Ensure that information is not retained for longer than is necessary. Ensure that when obsolete information is destroyed that it is done so appropriately and securely. Ensure that clear and robust safeguards are in place to protect personal information from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded. Share information with others only when it is legally appropriate to do so. Set out procedures to ensure compliance with the duty to respond to requests for access to personal Page 4
5 information, known as Subject Access Requests. Ensure our staff are aware of and understand our policies and procedures. Data Security All staff are responsible for ensuring that: Any personal data that they hold is kept securely. Personal information is not disclosed either orally or in writing or via Web pages or by any other means, accidentally or otherwise, to any unauthorised third party. Staff should note that unauthorised disclosure will usually be a disciplinary matter, and may be considered gross misconduct in some cases. Personal information should: Be kept in a locked filing cabinet, drawer, or safe; or If it is computerised, be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up; and If a copy is kept on a USB, disc or other removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe. Responsibilities of Staff All staff are responsible for: Checking that any information that they provide to the School in connection with their employment is accurate and up to date. Informing the School of any changes to information that they have provided, e.g. change of address, either at the time of appointment or subsequently. The school cannot be held responsible for any errors unless the staff member has informed the school of such changes. If and when, as part of their responsibilities, staff collect information about other people (e.g. about a student s course work, opinions about ability, references to other academic institutions, or details of personal circumstances), they must comply with the guidelines for staff set out in this policy and the Schools Data Protection Code of Practice. Data Subject s Rights Right to know Data subjects have the right to know what data is held about them, who is collecting it, for what purpose it is collected and who will see it. Summerlea CP School shall provide this information when collecting personal data. Right of access to personal data See relevant section below. Right to prevent processing causing damage or distress Subject to certain exemptions, data subjects have the right to serve a notice on data controllers requiring them to stop processing personal data in a way which is likely to cause substantial unwarranted damage or distress to that data subject or another. Page 5
6 Right to correct inaccurate data Data subjects may also apply for a court order to require the data controller to rectify, block, erase or destroy inaccurate data about the data subject. Publication of Exam Results Publishing examination results is a common and accepted practice. However, schools do have to act fairly when publishing results. Summerlea CP School will let all pupils and parents know that results are intended to be published and how they will be published. Pupils have a right to assert their Human Right to Privacy and to object. Any objections must be taken seriously. Schools do not have to gain the written consent of pupils and parents before publishing exam results. Disclosing Personal Data General Principles Summerlea CP School will always check each page of a file before a disclosure of personal data to ensure that there is no information about another person in it. If there is information about another person in it, we will edit that information to ensure that person s anonymity. If this is not possible because the information is inextricably linked then the Act, in section 7(4) and 7(6), directs us to seek consents or disclose if it is reasonable in all the circumstances to do so. We will not share personal data with anyone other than the data subject without consent of the data subject unless one of the conditions in Schedule 2 of the Data Protection Act is satisfied. We will not share sensitive personal data with anyone other than the data subject without consent of the data subject unless one condition in Schedule 2 and one condition in Schedule 3 of the Data Protection Act are present. We will take greater care when processing sensitive personal data. We will keep a record of disclosures. Requests from police/fraud office Section 29(3) of the Act allows disclosure of personal data to the police where it is necessary for the prevention or detection of crime, the apprehension or prosecution of offenders or the assessment or collection of any tax or duty or similar. The police should be able to show that if the school does not disclose the information, the above purposes would be prejudiced. The police should make the request in writing on headed paper and the school should check that the individual making the request is indeed from the police/ fraud office. The sort of information the police usually require is the current address of a child s parents. Court orders for disclosure The school will refer such requests, which may come from the police, the Crown Prosecution Service or the defence to a court case, to the Legal Services Unit at West Sussex County Council. Education agencies Please refer to the Privacy Notice Appendix A. Page 6
7 Other third parties The general rule is that personal data should not be disclosed to these third parties unless the school has the consent of the data subject or their parent. Subject Access Requests Requests for personal data by Pupil/Parent What rights exist for access to a pupil s personal information? There are two distinct rights to information held by schools about pupils. 1. The subject access right under the Act a pupil has the right to a copy of their own information. In certain circumstances requests may be made by a parent on behalf of their child. 2. Rights to the educational record under the Education (Pupil Information) (England) Regulations 2005, (the Regulations), a parent has the right to access their child s educational record. Under the subject access right parents will only be able to see all the information about their child when the child is unable to act on their own behalf or gives their written consent. At what age can a child make their own subject access request? The Act does not specify an age at which a child can make their own request for access to their information. When a request is received from a child for access to their own information, those responsible for responding should take into account whether: the child wants their parent (or someone with parental responsibility for them) to be involved in the request; and the child properly understands what is involved in making the request and the type of information they will receive. As a general guide, a child of 12 or older is expected to be mature enough to understand the request they are making. Can any other information be withheld? Information about another person (including a parent) should not be disclosed without consent of that person. Information about the data subject where: information might cause serious harm to the physical or mental health of the pupil or another individual; the disclosure would reveal a child is at risk of abuse; information contained in adoption and parental order records information given to a court in proceedings under the Magistrates Courts (Children and Young persons) Rules 1992; copies of examination scripts providing examination marks before they are officially announced legal advice which is protected by legal professional privilege. What are the timescales for dealing with requests? Requests for information from pupils, or parents, for information that contains, wholly or partly, an educational record must receive a response within 15 school days. Unless a parent simply asks to see the official educational record under the Regulations, schools and authorities are entitled to receive any fee first. The school is entitled to ask for a fee of 10 on each occasion that access is requested, although the school does have the discretion to waive this. Page 7
8 Most requests for information are likely to ask for at least some information in the educational record. However, should a subject access request be made just for personal information outside the educational record, a response must be made promptly and at most within 40 calendar days. However, the 40 days does not begin until after the fee and any further information required is received. Further information regarding the process of making a Subject Access Request is in Appendix B. Complaints Complaints will be dealt with in accordance with the school s complaints policy. Complaints relating to information handling may be referred to the Information Commissioner (the statutory regulator). Contact Information If you have any enquires in relation to this policy, please contact the Head Teacher who will also act as the contact point for any subject access requests. Further advice and information is available from the Information Commissioner s Office, or telephone: Page 8
9 APPENDIX A Privacy Notice The Local Authority (LA) uses information about children for whom it provides services. This enables it to carry out specific functions for which it is responsible, such as the assessment of any special educational needs the child may have. It also uses the information to derive statistics to inform decisions on, for example, the funding of schools, and to assess the performance of schools and set targets for them. The statistics are used in such a way that individual children cannot be identified from them. The LA will use information about its school workforce for research and statistical purposes, and to evaluate and develop education policy and strategies. The statistics are used in such a way that individual staff cannot be identified from them. The LA may also use it to support and monitor schools regarding sickness and recruitment of staff. Primary Care Trusts (PCTs) use information about pupils for research and statistical purposes, to monitor the performance of local health services and to evaluate and develop them. The statistics are used in such a way that individual pupils cannot be identified from them. Information on the height and weight of individual pupils may, however, be provided to the child and its parents. This will require the PCTs to maintain details of pupils names for this purpose for a period designated by the Department of Health, following the weighing and measuring process. PCTs may also provide individual schools and LAs with aggregate information on pupils height and weight. Summerlea CP School is a data controller for the purposes of the Data Protection Act. We collect information from pupils and may receive information about them from their previous school and the Learning Records Service. We hold this personal data and use it to: Support teaching and learning; Monitor and report pupils progress; Provide appropriate pastoral care, and Assess how well the school is doing. This information includes contact details, national curriculum assessment results, attendance information and personal characteristics such as ethnic group, any special educational needs and relevant medical information. We will not give information about pupils to anyone outside the school without consent unless the law and our rules allow us to. We are required by law to pass some information about pupils to the Local Authority and the Department for Education (DfE). Personal data is held by the school/local Authority about those employed or otherwise engaged to work at the school. This is to assist in the smooth running of the school and/or enable individuals to be paid. The collection of this information will benefit both national and local users by: Improving the management of school workforce data across the sector; Enabling a comprehensive picture of the workforce and how it is deployed to be built up; Informing the development of recruitment and retention policies; Allowing better financial modeling and planning; Enabling ethnicity and disability monitoring; and Page 9
10 Supporting the work of the School Teacher Review Body and the School Support Staff Negotiating Body. This personal data includes some or all of the following - identifiers such as name and National Insurance Number and characteristics such as ethnic group; employment contract and remuneration details, qualifications and absence information. We will not give information about those employed or otherwise engaged to work at the school to anyone outside the school or Local Authority (LA) without their consent unless the law and our rules allow us to. We are required by law to pass on some of this data to the Local Authority and the Department for Education (DfE). Page 10
11 APPENDIX B Procedure for responding to Subject Access Requests made under the Data Protection Act 1998 Rights of access to information There are two distinct rights of access to information held by schools about pupils. 1. Under the Data Protection Act 1998 any individual has the right to make a request to access the personal information held about them. 2. The right of those entitled to have access to curricular and educational records as defined within the Education Pupil Information (Wales) Regulations These procedures relate to subject access requests made under the Data Protection Act Actioning a subject access request 1. Requests for information must be made in writing; which includes , and be addressed to the Headteacher. If the initial request does not clearly identify the information required, then further enquiries will be made. 2. The identity of the requestor must be established before the disclosure of any information, and checks should also be carried out regarding proof of relationship to the child if considered necessary because there is any doubt over the requestor's identity. Evidence of identity can be established by requesting production of: passport driving licence utility bills with the current address Birth / Marriage certificate P45/P60 Credit Card or Mortgage statement (This list is not exhaustive.) 3. Any individual has the right of access to information held about them. However with children, this is dependent upon their capacity to understand (normally age 12 or above) and the nature of the request. The Headteacher should discuss the request with the child and take their views into account when making a decision. A child with competency to understand can refuse to consent to the request for their records. Where the child is not deemed to be competent an individual with parental responsibility or guardian shall make the decision on behalf of the child. 4. The school may make a charge for the provision of information, dependent upon the following: Should the information requested contain the educational record then the amount charged will be dependent upon the number of pages provided. Should the information requested be personal information that does not include any information contained within educational records schools can charge up to 10 to provide it. If the information requested is only the educational record viewing will be free, but a charge not exceeding the cost of copying the information can be made by the Headteacher. Page 11
12 5. The response time for subject access requests, once officially received, is 40 days (not working or school days but calendar days, irrespective of school holiday periods). However the 40 days will not commence until after receipt of fees or clarification of information sought 6. The Data Protection Act 1998 allows exemptions as to the provision of some information; therefore all information will be reviewed prior to disclosure. 7. Third party information is that which has been provided by another, such as the Police, Local Authority, Health Care professional or another school. Before disclosing third party information consent should normally be obtained. There is still a need to adhere to the 40 day statutory timescale. 8. Any information which may cause serious harm to the physical or mental health or emotional condition of the pupil or another should not be disclosed, nor should information that would reveal that the child is at risk of abuse, or information relating to court proceedings. 9. If there are concerns over the disclosure of information then additional advice should be sought. 10. Where redaction (information blacked out/removed) has taken place then a full copy of the information provided should be retained in order to establish, if a complaint is made, what was redacted and why. 11. Information disclosed should be clear, thus any codes, acronyms or technical terms will need to be clarified and explained. If information contained within the disclosure is difficult to read or illegible, then it should be retyped. 12. Information can be provided at the school with a member of staff on hand to help and explain matters if requested, or provided at face to face handover. The views of the applicant should be taken into account when considering the method of delivery. If postal systems have to be used then registered/recorded mail must be used. Page 12
13 Policy Review Form Please complete this section when reviewing and updating this document. Author Name Date Simon Trahern October 2012 Reviews Name Review Period (to be carried out every 2 years) Kerry Dolan Emma Green October 2012 November 2014 Information Source Name Date Information Commissioner s Office ( November 2014 Change Control Sections Amended Author Date All sections re-formatted into new policy template Emma Green November 2014 Privacy Notice moved to Appendix Aim & Scope added Key Definitions added Data Security added Responsibilities of Staff added Page 13
Staple Hill Primary School. Data Protection Policy
Staple Hill Primary School Data Protection Policy Staple Hill Primary School collects and uses personal information about staff, pupils, parents and other individuals who come into contact with the school.
More informationGlyncoed Primary School. Data Protection Policy
Glyncoed Primary School Data Protection Policy Date agreed: March 2015 Review date: March 2017 1 Data Protection Policy Glyncoed Primary School collects and uses personal information about staff, pupils,
More informationVersion 1. Chair of Governors Signature.. Review Date: Spring term 2017
Version 1 Chair of Governors Signature.. Date of Adoption/Ratification: 4 th February 2015 Review Date: Spring term 2017 Purpose Cliff Park School s Trust collects and uses personal information about staff,
More informationData Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website
Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationData Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy
Data Protection policy approved by the Governing Body of Ifield Community College Ifield Community College Data Protection Policy Introduction The school collects and uses certain types or personal information
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationHampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
More informationCrofton School Data Protection Policy
Crofton School Data Protection Policy Crofton School collects and uses personal information (referred to in the Data Protection Act as personal data) about staff, students, parents and other individuals
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Document Management: Date Policy Approved: 29 April 2015 Date Amended: Next Review Date: April 2017 Version: 1 Approving Body: Resources Committee 1 1. Introduction The Data Protection
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationSubject Access Request, Procedure, Guidance and Information
Subject Access Request, Procedure, Guidance and Information Updated: July 2015 Page 1 of 61 CONTENTS 1. Introduction 5 2. Legal Context 5 3. Subject Access Request to Personal Records Guidance 6 Guidance
More information2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationRick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
More information1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
More informationJohn Leggott College. Data Protection Policy. Introduction
John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and
More informationData Protection Procedures
Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationDATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;
DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationData Protection Policy
Data Protection Policy 1. INTRODUCTION 1.1. The Data Protection Act gives you as an individual the right to know what information is held about you. It provides a framework to ensure that personal information
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationFalkirk Council Data Protection Guidelines
Falkirk Council Data Protection Guidelines Contents Contents 2 Objectives 3 What does the Data Protection Act 1998 do? 3 Who is who under the Data Protection Act 1998? 4 Definitions 4 The Eight Principles
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationData Protection Policy
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationData Protection and Community Councils Briefing Note
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationSUBJECT ACCESS REQUEST PROCEDURE
SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under
More informationData Protection Policy
Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...
More informationPolicy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationThe Code. for Crown Prosecutors
The Code for Crown Prosecutors January 2013 Table of Contents Introduction... 2 General Principles... 3 The Decision Whether to Prosecute... 4 The Full Code Test... 6 The Evidential Stage... 6 The Public
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationData Protection Policy
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
More informationData Protection Policy
Data Protection Policy Introduction The Data Protection Act 1998 gives individuals the right to know what personal information is held about them. It provides a framework to ensure that the Office of the
More informationThe Manchester College
The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored
More informationIndex. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationSubject Access Request Policy Number ID ID # 2011 075 Author: Nicola Bateman Author Job Title: Information Governance Manager Division: Corporate Department: Clinical Informatics Version Number: 2.1 Ratifying
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationDATA PROTECTION AUDIT GUIDANCE
DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data
More informationData Protection Policy Information for Clients
Data Protection Policy Information for Clients Foreword This document outlines Numis Securities Limited s ( the Firm or Numis ) legal obligations and policy on data protection. Further information can
More informationChild and Adult Services Subject Access Requests Guidance
Child and Adult Services Subject Access Requests Guidance This Guidance is not applicable to Access to Information requests about Adoption. For requests about Adoption please consult the Adoption and Children
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationData protection policy
Data protection policy Introduction The College is required to keep certain information about employees, students and other users to allow it to monitor performance, achievements, health and safety, recruitment
More informationInformation Security Policy. Appendix B. Secure Transfer of Information
Information Security Policy Appendix B Secure Transfer of Information Author: Data Protection and Information Security Officer. Version: 0.7 Date: March 2008 Document Control Information Document ID Document
More informationPRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;
PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationPERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
More informationDisciplinary Policy. If these actions do not provide a resolution, then the Formal Disciplinary Procedure set out in this document should be followed.
Disciplinary Policy 1. Policy Statement The University expects all employees to conduct themselves in an appropriate manner in their day to day work, including in their dealings with colleagues, students
More informationEMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998. Contents
EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998 Contents 1. Introduction Page 2 2. The Data Protection Act 1998 Page 2 3. Review of data used in College departments Page 3 4. Security
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationCode of Practice on the Identity Card Number and other Personal Identifiers Compliance Guide for Data Users
Code of Practice on the Identity Card Number and other Personal Identifiers Compliance Guide for Data Users INTRODUCTION What does the code of practice cover? The code of practice gives practical guidance
More informationData Protection Policy
1. Introduction 1.1 The College needs to keep certain information about its employees, students and other stakeholders, for example to allow it to monitor performance, achievements and health and safety.
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationDean Bank Primary and Nursery School. Data Protection Policy
Dean Bank Primary and Nursery School Data Protection Policy January 2015 Data Protection Policy Dean Bank Primary and Nursery School handles increasing amounts of personal information and have a statutory
More informationSubject Access Request (SAR) Procedure
Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationE-SAFETY POLICY 2014/15 Including:
E-SAFETY POLICY 2014/15 Including: Staff ICT policy (Corporation approved) Data protection policy (Corporation approved) Staff guidelines for Data protection Data Security, awareness raising Acceptable
More informationSubject Access Request Policy
Subject Access Request Policy Version Version 4.0 Ratified By Date Ratified 24th February 2015 Author(s) Responsible Committee / Officers Date Issue February 2015 Quality, Performance and Finance Committee
More informationData Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
More informationData Protection and Data security Policy
Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us
More informationData Protection. Policy and Application July 2009
Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:
More informationAccess to Health Records
Access to Health Records Crown Heights Medical Centre Procedure Access to Health Records ACCESS TO MEDICAL RECORDS (DATA PROTECTION) POLICY INTRODUCTION The Access to Health Records Act 1990 gave individuals
More informationData Protection and Privacy Policy
Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.
More informationBAILIWICK OF GUERNSEY DATA PROTECTION
BAILIWICK OF GUERNSEY DATA PROTECTION CODE OF PRACTICE: CRIMINAL RECORDS CHECK PREFACE Section 56 of the Data Protection (Bailiwick of Guernsey) Law, 2001 ( the DP Law ), as amended by Ordinance in 2010
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationInformation Privacy Policy
Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION
More informationHuman Resources Policy No. HR46
Human Resources Policy No. HR46 Maintaining Personal Files and ESR Records Additionally refer to HR04 Verification of Professional Registration HR33 Recruitment and Selection HR34 Policy for Carrying Out
More informationPRIVACY AND CREDIT REPORTING POLICY
PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal
More informationAttendance and Registration Policy
Attendance and Registration Policy Last Updated: January 2013 Adopted by Governors: June 2013 Review: January 2014 Attendance and Registration Policy Background: Under Section 36 of the Education Act 1944,
More informationComplaints Policy. Complaints Policy. Page 1
Complaints Policy Page 1 Complaints Policy Policy ref no: CCG 006/14 Author (inc job Kat Tucker Complaints & FOI Manager title) Date Approved 25 November 2014 Approved by CCG Governing Body Date of next
More information