An Introduction to the Data Protection Act
|
|
- Emory Carter
- 7 years ago
- Views:
Transcription
1 An Introduction to the Data Protection Act
2 Introduction In this course, you will learn:- About the key requirements of the Data Protection Act and how these may arise in your day to day role How the Data Protection Act can affects what you can do with it and how you must handle it To recognise key issues and common restrictions so you can anticipate issues before they arise Introduction to the Data Protection Act Transcript of Audio slide Data protection is a serious issue for Barnardo's. As the largest children s charity helping to improve children s lives, we deal with data on a regular basis. Often this data is sensitive and concerns the most vulnerable children in our society, who have gone through difficult and challenging issues which we need to help them with. As well as the information about children, young people, their parents and carers, we must process data about our own staff and volunteers as well as the donors and funders who support our work, in order to meet our objectives. It is therefore essential that we as an organisation are aware of rules and standards for protecting data that belongs to children as well as the others involved in our work. Non compliance with the Data Protection Act has legal as well as other consequences, which could compromise the trust of our service users and the confidence of those who support us, as you will see in this training course. Please take the time to read and understand the important information contained in it. Thank you. Page 1 of 18
3 The Data Protection Act and what it means to you This section of the course introduces you to data - what it is and the risks to Barnardo s when data is stored. What does the Data Protection Act 1998 (DPA) cover? The DPA governs the processing of personal data by organisations and grants rights to individuals. Taking and storing photographs and/or videos. Use of CCTV and making and storing voice recordings Creating/receiving s or other correspondence Storing/archiving a file or document for future use Reading a file or document Reviewing a file (paper or electronic) The recording of information via telephone calls The recording and updating of personal details (data) Page 2 of 18
4 What is data? Data is any information that is processed by automated means or information held in manual records (e.g. paper files and microfiche provided that these are structured in such a way as to make information about particular individuals readily accessible). This means any information that is processed on computers, tablets, mobile devices, CCTV, cameras, voice recorders or paper records is subject to the DPA. It also includes information which is intended to be stored or processed by automated means. For example, if someone applies for a loan online, the website uses automated credit searching to provide an immediate yes/no decision on the application. It does not matter how the data was obtained; information provided via the internet, , social media, post or written comments can all be classed as personal data. What ARE the legal risks to Barnardo s? Financial penalties - fine up to 500,000 Enforcement action e.g. data processing activities may need to be modified or stopped Audit and or investigation Officers and directors may be convicted of a criminal offence What ARE the other risks to Barnardo s? Compromising the safety of individuals if data got into the wrong hands Damage to Barnardo's reputation, which could affect our ability to win contracts Compromising the public s trust in Barnardo's, including current and prospective donors Page 3 of 18
5 What is Personal Data? Personal Data is any data which relates to a living individual who:- can be identified from that data, or can be identified from any other data or information which, when combined, enables recognition (for example a surname and date of birth combined) What is Sensitive Personal Data? Sensitive personal data is a special sub-category of personal data and relates to:- racial or ethnic origin political beliefs religious or other beliefs trade union membership health sex Sensitive personal data requires a higher level of protection, due to its sensitive nature and greater risk of harm to the individual if improperly processed or disclosed. Page 4 of 18
6 So what personal data might Barnardo s process? You may deal with data for at least one of the areas of work below, maybe more. Look at each section below for information on the data you might collect for these groups. Age; CCTV footage; contact details; employee number; expressions of opinion about an individual; health such as a staff member s medical condition or occupational health reports; name; race; religion. Bank account details; contact details; donor number; marketing preferences; medical information (e.g. of those running in the marathon); name; political affiliation; race; religion. Contact details; CCTV footage; ethnicity; information given by service users about themselves; information about physical or mental health; information about sexual activity; information from other people about the service user; name; photographs; professional opinions about service users; record of the work undertaken; religion. Page 5 of 18
7 The eight principles of the Data Protection Act explained This section of the course explains each of the eight principles of the Data Protection Act and how it might affect you. All the principles are important but the first principle personal data must be processed fairly and lawfully has particular relevance to how we work and therefore this section is the most detailed. Data Protection Principles Barnardo s must comply with the 8 Data Protection Principles. Principle 1: process personal data fairly and lawfully (including providing notice to individuals Principle 2: process personal data only for the purpose(s) specified Principle 3: process personal data that is adequate, relevant and not excessive Page 6 of 18
8 Principle 4: process personal data that is accurate and up-to-date Principle 5: process personal data only for as long as is necessary Principle 6: process personal data in accordance with the individuals rights Principle 7: process personal data in a safe and secure way Principle 8: process personal data by only transferring it outside the European Economic Area (EEA) if adequate protection exists Page 7 of 18
9 Principle 1: Fairly and lawfully (Personal Data) Principle 1 details how Barnardo s must process information fairly and lawfully. This means:- we must process personal and sensitive personal data legally we must be aware of how principle one affects the way we can collect data for our area of work we must provide notice to individuals that explains what we will use data for and how we will handle it Page 8 of 18
10 Principle 1: Fairly and lawfully (Personal Data) Barnardo s must satisfy at least one legal condition in order to process personal data. The individual has given their consent. The individual has a contract with Barnardo s. The processing is necessary in pursuance of the legitimate interests of Barnardo s. This condition is a balancing exercise between the interests of Barnardo s and individuals. The processing must be proportionate to Barnardo s legitimate interests and must not prejudice the rights and freedoms of affected individuals. So if there is a serious mismatch between Barnardo s interests and the individual s, the individual s legitimate interests will come first. Principle 1: Fairly and lawfully (Sensitive Personal Data) If Barnardo s process sensitive personal data, it must satisfy an additional legal condition. The most commonly used by Barnardo s are:- The individual has given their explicit consent The processing is necessary to comply with legal obligations in connection with employment Page 9 of 18
11 The processing is necessary for the purpose of obtaining legal advice The processing is necessary in order to protect the vital interests of an individual (and consent cannot be obtained) How does Principle 1 apply to the areas of work you are involved in? There must be legitimate interests in order to process contact details and photographs of staff/volunteers for the purposes of a staff contact directory or the individual has given consent for the data to be shared with a third party, for example a pension provider, HMRC, a Solicitors as part of legal proceedings. You must rely on consent for processing supporters and donor personal data where they have responded to a marketing campaign. You must rely on legitimate interests or consent in order to maintain a record of the service provided, demonstrate to service users what has been achieved, record information required by regulators, commissioners and funders, demonstrate quality of service (e.g. place a service user in a home or include them in an outreach programme). Page 10 of 18
12 Principle 1: Fairly and lawfully (Notice) As part of the requirement to process personal data fairly and lawfully, Barnardo's must provide notice to individuals which tells them:- What Barnardo s is using their data for Barnardo s contact details How Barnardo's will safeguard the data Whether Barnardo's will share the data outside of the European Economic Area ( EEA ) Any recipients to whom data may be disclosed If the individual is being sent marketing communications, an opportunity to opt out Any further information to make the processing fair Principle 1: Fairly and lawfully (Notice) If Barnardo s does not inform individuals of this information, it may not be able to use the data as it wishes. Page 11 of 18
13 Principles 2 & 3: Specific and limited purposes Principle 2: Purpose Specified Personal Data shall be not be processed for another, unrelated purpose Principle 3: Adequate and relevant Personal data shall be adequate, relevant and not excessive. This means, you must: have a valid and specific reason to process the data process the data for that purpose only only use data for the purpose for which you have told individuals (or you will need to get their further consent to process for additional purposes) Principles 2 & 3: Specific and limited purposes Principle 4: Data Quality Personal data must be accurate and up-to-date. This means you must:- record data accurately not collect or record data because it might be useful in the future not record unprofessional or inappropriate personal remarks or opinions about individuals identify any professional opinions as such verify any information received from a third party where you have reason to doubt its accuracy Page 12 of 18
14 ensure that where you are notified that information is inaccurate promptly correct it if appropriate Principle 5: Data Retention Only keep data as long as is necessary for the specified purpose. This means there is no specific period for which you can retain data but you must:- Spring clean data storage systems using organisational guidance on retention periods where this in place. Not keep data for longer than necessary (this varies across departments and types of data) check with your line manager if you are unsure. Remember that when you hold data, you must comply with all the requirements of the DPA. Principle 6: Individual Rights Individuals have a number of rights under the DPA; these are. An individual has the right to compensation if damage or distress is caused. An individual has the right to have inaccurate data corrected or deleted. An individual has the right to prevent processing for the purposes of direct marketing. Where Barnardo s sends , text or postal marketing communications to individuals. An individual has the right to prevent processing likely to cause damage or distress. For example, damage would be if Barnardo s processing of personal data causes financial loss or physical harm; distress would be a level of upset, or emotional or Page 13 of 18
15 mental pain, that goes beyond annoyance or irritation, strong dislike, or a feeling that the processing is morally abhorrent. An individual has the right to see what data is held about them and Barnardo s must give this access in 40 days. This is called a Subject Access Request and the Corporate and Children s Services Data Protection Policies explain what to do if you receive such a request. Ask your manager for a copy of this policy. Principle 6: Individual Rights On the previous page, one of the rights mentioned was Subject Access Request. When a request is made, the individual has the right to be informed of:- the personal data about them an organisation is processing why personal data is being processed whether and to whom the personal data is disclosed the source of the personal data (if available) Page 14 of 18
16 Principle 7: Security Principle 7 of the DPA, covers protection of personal data from unauthorised or accidental access, use, alteration or destruction. Hover over each button to see what you need to do to comply. All electronic data must be stored on Barnardo s central IT systems or the approved systems of commissioners or partner agencies Ensure that data is only sent to those who have a right to see it using the correct address Always use encryption when sending personal data by to any external address Only use Barnardo s devices that are protected by passwords and encryption for temporary storage of data Principle 7: Security (other things required as part of Barnardo s security measures) Ensure personal data is appropriately protected when it is transferred, for example use of couriers, recorded delivery, electronic portals Only send personal information via fax if the recipient is present to receive it Keep paper copies of personal information in a locked cabinet when not being used Ensure confidential information removed from the office base is always kept secure Ensure hard copies of data, including photographs are destroyed securely when no longer needed. Page 15 of 18
17 Principle 8: Transfers Outside the European Economic Area (EEA) Barnardo s must not transfer personal data outside of the EEA, unless an adequate level of data protection exists. It s very easy to transfer personal data outside the EEA, without even knowing you ve done it. For example free services on the Internet for storage or may process personal data on servers outside the EEA. Some third party services that Barnardo s may wish to engage may transfer personal data outside the EEA (this should be considered prior to the third party being contracted by Barnardo s). Where you think that personal data may be transferred outside the EEA, additional safeguards are needed. Contact your Data Protection Manager if you suspect this might be the case (a link to a list is on the elearning page). Introduction to the Data Protection Act That s the end of the course. You should now know:- The key requirements of the Data Protection Act and how they may arise in your day to day role Page 16 of 18
18 How the Data Protection Act can affect how you handle data and what you can do with it How to recognise key issues and common restrictions, and anticipate issues before they arise You now need to complete and pass the DPA Assessment to demonstrate your understanding of the Data Protection Act. Name Date of completion Page 17 of 18
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationData Protection Guidance
53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection
More informationIndex. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationData Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Document Management: Date Policy Approved: 29 April 2015 Date Amended: Next Review Date: April 2017 Version: 1 Approving Body: Resources Committee 1 1. Introduction The Data Protection
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationDATA PROTECTION AUDIT GUIDANCE
DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationData Protection and Community Councils Briefing Note
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
More informationATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
More informationHampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
More informationData Protection Procedures
Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council
More information10 DATABASE PRACTICE
10 DATABASE PRACTICE Background Marketers must comply with all relevant data protection legislation. Guidance on that legislation is available from the Information Commissioner's Office. Although data
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationDATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;
DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules
More informationFalkirk Council Data Protection Guidelines
Falkirk Council Data Protection Guidelines Contents Contents 2 Objectives 3 What does the Data Protection Act 1998 do? 3 Who is who under the Data Protection Act 1998? 4 Definitions 4 The Eight Principles
More informationData Protection Policy
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
More informationPhotography and filming in schools Code of Practice
Photography and filming in schools Code of Practice Data Protection compliance September 2010 Photography and filming in schools September 2010 1 Contents 1. About this code 3 2. Complying with the Data
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationData Protection and Privacy Policy
Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.
More informationData Protection. Policy and Application July 2009
Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:
More informationE-SAFETY POLICY 2014/15 Including:
E-SAFETY POLICY 2014/15 Including: Staff ICT policy (Corporation approved) Data protection policy (Corporation approved) Staff guidelines for Data protection Data Security, awareness raising Acceptable
More informationData Protection and Information Security. Procedure for reporting a breach of data security. April 2013
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationData Protection Policy Information for Clients
Data Protection Policy Information for Clients Foreword This document outlines Numis Securities Limited s ( the Firm or Numis ) legal obligations and policy on data protection. Further information can
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationSTART UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS
START UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS Table of Contents 1. ABOUT THIS POLICY... 3 2. WHO WE ARE AND WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA... 3 3. WHERE WE COLLECT YOUR PERSONAL
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationData Protection Policy
Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...
More informationJohn Leggott College. Data Protection Policy. Introduction
John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and
More informationData Protection Training Module MMU Legal Department 2015
Data Protection Training Module MMU Legal Department 2015 1 The Data Protection Act 1998 This law protects an individual s rights regarding their own personal data and their right to privacy. Personal
More informationA common sense guide to the Data Protection Act 1998 for volunteers
A common sense guide to the Data Protection Act 1998 for volunteers Why is it necessary? The Data Protection Act 1998 is a law introduced to control the way information held about individuals is handled
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationInformation Security Policy. Appendix B. Secure Transfer of Information
Information Security Policy Appendix B Secure Transfer of Information Author: Data Protection and Information Security Officer. Version: 0.7 Date: March 2008 Document Control Information Document ID Document
More informationPRIVACY POLICY Personal information and sensitive information Information we request from you
PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage
More informationSecurity Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)
Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How
More informationUniversity of Liverpool Online Programmes - Privacy Policy for Visitors and Students
University of Liverpool Online Programmes - Privacy Policy for Visitors and Students PLEASE NOTE: The following privacy terms relate to the University of Liverpool s online programmes and not The University
More informationPersonal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number.
Background The Data Protection Act 1998 i came into force in March 2000 and is followed by all NHS employed staff via their policies and procedures. The act applies to all personal, identifiable information
More informationRECORDS MANAGEMENT POLICY
[Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationDATA PROTECTION POLICY
MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to
More informationsingapore american school
Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.
More informationData Protection Workshop: How the Law Affects You Practice Questions
Data Protection Workshop: How the Law Affects You Practice Questions 1. Which of the following is not personal data covered by the Data Protection Act (pick one or more): A. Comments about an individual
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationData Protection Policy
Data Protection Policy This policy applies to the national office of Special Olympics GB; athletes, volunteers, and paid staff its clubs and regions; all Special Olympics GB donors, sponsors, and supporters;
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationSomerset County Council - Data Protection Policy - Final
Organisation Title Author Owner Protective Marking Somerset County Council Data Protection Policy - Final Peter Grogan Information Governance Manager Unclassified POLICY ON A PAGE Somerset County Council
More informationEnterprise Information Security Procedures
GHL Network Services Ltd Enterprise Information Security Procedures Prepared By Nigel Gardner Date 16/11/09 1 Contents 1. Openwork s Information Security Policy...3 2. Enterprise Information Security Procedures...3
More informationPERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
More informationData Protection and Data security Policy
Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationFIDELITY APPLICANT PRIVACY AND PROTECTION NOTICE
FIDELITY APPLICANT PRIVACY AND PROTECTION NOTICE Last Updated: November 2012 FMR LLC and its affiliated entities ( Fidelity ) value your trust and are committed to the responsible management, use and protection
More informationwork Privacy Your Your right to Rights Know
Your right to Privacy Know Your Rights www.worksmart.org.uk at work Everyone has the right to a private life even when they re at work. But new technology is making it easier than ever for employers to
More informationSAFEGUARDING CHILDREN AND CHILD PROTECTION POLICY
SAFEGUARDING CHILDREN AND CHILD PROTECTION POLICY Our setting will work with children, parents and the community to ensure the rights and safety of children and to give them the very best start in life.
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationData Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
More informationInformation Governance
CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this
More informationThis Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE
Applicant Privacy Notice for Positions in Willis Companies Located in the European Union and European Economic Area Excluding the United Kingdom ( Applicant Privacy Notice Continental Europe ) This Applicant
More informationData Protection for Charities
Data Protection for Charities CFG 15 May 2014 Overview Overview and key definitions The data protection principles Fair and lawful processing Data security and outsourcing Rights of data subjects Recent
More informationSubject Access Request, Procedure, Guidance and Information
Subject Access Request, Procedure, Guidance and Information Updated: July 2015 Page 1 of 61 CONTENTS 1. Introduction 5 2. Legal Context 5 3. Subject Access Request to Personal Records Guidance 6 Guidance
More information1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
More informationETHICAL AND LEGAL ISSUES IN DATA SHARING - OVERVIEW
ETHICAL AND LEGAL ISSUES IN DATA SHARING - OVERVIEW.... LIBBY BISHOP UNIVERSITY OF ESSEX.... LOOKING AFTER AND MANAGING YOUR RESEARCH DATA (GOING DIGITAL AND ESRC ATN EVENTS), COLCHESTER, 24-25 APRIL 2013
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationUNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and
More informationQuick guide to the employment practices code
Data protection Quick guide to the employment practices code Ideal for the small business Contents 3 Contents Section 1 About this guidance 4 Section 2 What is the Data Protection Act? 5 Section 3 Recruitment
More informationData Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website
Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,
More information