Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner

Size: px
Start display at page:

Download "Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner"

Transcription

1 Submission of the Office of the Data Protection Commissioner (DPC) on the data-sharing and Governance Bill: - Policy Proposals (dated the 1 st of August 2014) Public Consultation regarding Data Sharing and Governance Bill Contribution of Office of the Data Protection Commissioner The Office of the Data Protection Commissioner welcomes the public consultation exercise in relation to the preparation of the Data Sharing and Governance Bill. It recognises that there is a need for wide-ranging public debate on these proposals which would create considerable change in relation to how personal data of individual citizens is shared between public bodies. This Office fully supports the aim of developing more efficient and customer-centric public services and acknowledges the many existing legally robust and well-managed data-sharing arrangements in place between public bodies, in particular between the Revenue Commissioners and the Department of Social Protection. It is clear that not all data-sharing between public sector bodies will require explicit legislative underpinning (structural data-sharing will continue to require such underpinning) and it appears that the proposed Bill seeks to underpin this concept so as to give some form of confidence to public sector bodies in terms of their consideration of legitimate data-sharing opportunities. In this regard, it is probably worth noting in terms of the barriers to data-sharing identified in the consultation paper that confusion on the part of public officials as to the circumstances under which they may lawfully share data is an undoubted barrier and the approach proposed in the Data-Sharing and Governance Bill may bring limited greater clarity in this regard. This Office can, in principle, support the dual approach of the Bill in terms of providing for specific structural data-sharing provisions particularly built around the Public Service Identity data set and then in terms of providing for data-sharing based on a data protection principles-based approach relying on tests of fairness, necessity, proportionality and transparency and that adhere to the principles of purpose limitation under the data protection legislation. However, the draft Heads of Bill would have to be scrutinised by this Office to ensure that data protection rights as provided for in the Acts currently are maintained. From the outset, the DPC would suggest that the purposes to be prescribed in the Bill set out on page 9 of the Consultation Paper are too broad and it is in fact unclear what the meaning of certain stated purposes is. Further, this section of the paper provides no confirmation that what is proposed would be bilateral level or one hop exchanges only and that the proposals do not amount to providing a legal basis for the building of a government big data database. Finally, it must be 1 P a g e

2 clearly underlined that for every case of data-sharing (that is not prescribed with its own specific legislative basis), there must be detailed examination of the proposal to share data to establish if it is legally permissible, whether it is the only way to achieve the desired aim and what proportionality, security, transfer, retention, access and disclosure arrangements will be put in place. In other words, regardless of the enactment of the proposed Bill, it will be necessary to examine each proposal for data-sharing on a strict case-by-case basis. It is also important to reiterate, and the consultation paper acknowledges this, that for data-sharing to be achieved lawfully and in practical terms, notwithstanding eventual enactment of this Bill, would require: capabilities and judgement on the part of public officials to ascertain the legal basis under which they are sharing (whether explicit in legislation in respect of large-scale structural sharing or on a valid principles-based approach in other cases). It is important that senior public service managers understand the scope of legitimate interests, which may only be applied in narrow circumstances. an ability to clearly communicate their privacy policies in an accessible and transparent way to members of the public adequate IT and other security measures in respect of shared data and clear understanding of who the controllers of shared databases are, what levels of access by whom are permitted and what accountability and governance systems are in place periodic review of data-sharing arrangements to ensure they are still adequate and that all of the data is still required to be shared and that appropriate retention and deletion polices are in place overcoming the organisational, semantic and technical challenges of sharing data between organisations. None of the above requirements are trivial in any respect and indeed the Data Protection Commissioner has highlighted many examples of serious failures on the part of public sector bodies and government departments under all of the headings above. In summary, therefore, this Office supports the aims and approaches set out in the Data-sharing and Governance Bill. However, it would expect to see significantly more detail emanating from the Department of Public Expenditure and Reform and the Office of the Government Chief Information Officer in terms of how the governance (control, access, identification of data controller) and security arrangements (IT-led, encryption, firewalls, data transfer protocols) are to be dealt with and how the guidance to managers of when data may lawfully be shared using a principles-based approach is to be managed. Key elements of a programme of reform to bring about a sustained improvement in practice in data protection and governance in the public sector would include: Guidelines on data protection and governance to issue to all Departments and State Agencies, drawing on the Office of the Data Protection Commissioner 2 P a g e

3 website and audits of public sector agencies (Social Protection including INFOSYS, Revenue, Garda Síochána), supplemented as necessary by direct input from the DPC Clear accountability at all levels of a public service organisation for active oversight of use of personal data Data protection audit programme in each major holder of personal data, overseen by a dedicated Data Protection Officer Compulsory Privacy Impact Assessments for all new public sector programmes with data protection implications especially new data-sharing initiatives. This appears to be provided for in the consultation paper. Annual certification by Accounting Officers of the adequacy of data protection measures within their Departments/Agencies These elements can lead to meaningful change of mindset where the data protection right of the individual is the bedrock principle. Therefore, it is critical that the data sharing proposals in the proposed Bill are not just seen in terms of business need and efficiency, but that their perceived benefits are properly weighed up against the interference with the personal fundamental rights of the individual. Core data protection principles and proper data protection governance The Office takes this further opportunity to draw attention to core principles which must directly and transparently apply to data sharing in the public sector and which are set out in its Guidance Note on Data Sharing in the Public Sector. It notes that this Guidance Note has been referenced in the Policy Paper. These principles are: Demonstrable Justification; Explicit Legal Basis; Authorisation; Transparency; Data Minimisation; Data Access and Security and Data Retention. What do we mean by data-sharing? 1. Do you agree with this definition of data-sharing? This Office is satisfied with the definition provided in the consultation paper for datasharing in so far as it goes but would request that it be clarified that data-sharing or data-matching constitute processing of data for the purposes of the Data Protection Acts and must therefore be subject to the restrictions on processing set out under the Acts. 2. If you do not agree, how do you believe the definition could be improved? See above. Benefits for Service Users 3. What do you believe are the priority areas for data-sharing to contribute to improved public services? 3 P a g e

4 The role of the DPC is not to identify priority areas for data-sharing but to provide oversight with regard to any data-sharing arrangements ensuring there is a legal basis in place for each and every instance entailing the sharing of an individual s personal data between public bodies. In addition, in terms of each piece of legislation proposed, the Office will subject all proposals and Bills to close scrutiny, feeding into the legislative process to ensure proper safeguards and restrictions are in place. Benefits for Public Bodies 4. Do you agree that more effective data-sharing can help drive public service reform? Data sharing can bring benefits in terms of efficient delivery of public services. However, it must be done in a way that respects the rights of individuals to have their personal data treated with care and not accessed or used without good reason. Proportionality is the key. Such data sharing in the public sector should have a basis in law; be clear to individuals that their data may be shared and for what purpose; have a clear justification for individual data sharing arrangements, with minimum data shared to achieve the stated public service objective; strict access and security controls; and secure disposal of shared data. 5. What are the main areas where you believe that this can be achieved? The role of the DPC is not to identify areas where more effective data-sharing can be achieved but to enforce the Data Protection Acts. What is the issue we are trying to solve? 6. Do you share the assessment that a new legislative framework for data-sharing is required? Please give reasons for your answer. The DPC accepts that the law needs to keep pace with technology developments. However, any legislation should have the fundamental right of the individual to data protection / privacy / fair procedure as its bedrock. The legislation should not be more favourable or advantageous to public sector data controllers over this individual right. The DPC welcomes the public debate that should be generated from all responses to this policy proposal. The responses of this office to this policy proposal are supportive of the proposed approach but cautionary that much work needs to be done by the public sector to ensure that, notwithstanding whatever enablement the Bill will provide, bodies have the capability on the ground to implement data-sharing arrangements lawfully. As set out in the introduction to our comments, the DPC is of the view that the purposes set out on page 9 of the consultation paper are so broad, non-specific and unclear in certain cases that they deliver no additional legal basis for sharing over and above what the Data Protection Acts already permit. In addition, the proposal that MOAs signed between bodies would be submitted to the DPC upon signature is undesirable and not accepted. It creates an unnecessary administrative burden for no clear gain. There is a danger it may provide a sense of 4 P a g e

5 validation of the data-sharing undertaken by reason of the deposit of the MOA with the DPC which clearly will not be the case. In addition, it is necessary if the proposals in this Bill are to work that public sector managers are clear that it is their responsibility to share data only where it is lawful to do so and they cannot rely on a notion that they deposited a copy of an MOA with the DPC after it was signed to substitute for the work and analysis involved in establishing where data sharing is permitted or not. The DPC is willing to be involved in consultations on data-sharing proposals. Finally, the registration requirements in the Data Protection Acts should already require departments and offices to have detailed their collection and uses of personal data which should cover any arrangements for disclosure and sharing with other departments. 7. In terms of the interoperability framework set out above, what do you see as the main obstacles to data-sharing, and how should they be addressed? The circumstances under which data may be lawfully shared require further clarification. Also, the purposes as set out in the consultation paper are too broad and lack definition. How will Data Protection Law and Principles apply to Data-Sharing? 8. Do you have suggestions for how best to embed these data protection principles in the Data-Sharing and Governance Bill? The DPC is encouraged to see consideration being given to data protection legislation as a central pillar to the overall policy approach, especially in areas such as data minimisation and proportionality; specified lawful purpose, transparency; record keeping; mandatory Privacy Impact Assessments and prior notification of adverse action. The eight rules of Data Protection have to be complied with by individual data controllers. There should be no shared responsibility for compliance with these rules unless there are exceptional justified circumstances. The DPC looks forward to further consultation on all of the above issues and other issues as they occur. Next steps 9. Do you have any ideas or proposals to ensure that consideration of these proposals benefit from wide public consideration, analysis and debate? It might be an idea to publish an exposure draft of the Bill before it is initiated and debated in the Oireachtas. Principles-based sharing provisions 10. How far can the Bill go in providing the necessary powers to share data while at the same time ensuring clarity around what exactly is permitted? The DPC notes that a proportionality and minimal disclosure test is envisaged; that a formal MOA will be required; and that data can only be processed for the lawful 5 P a g e

6 purpose as set out in MOA and these are all useful and practical clarifications. As set out under Question 6, notification to the DPC serves no useful purpose and may in fact undermine correct implementation of the Act. 11. Should both personal and sensitive personal data (within the means of the Data Protection Acts) be covered by these provisions? If so, what extra protections are required around sensitive personal data? Sec 2B of the Data Protection Acts covers the Processing of Sensitive Personal Data. It is essential that the provisions of the legislation are fully protected. 12. Should the Oireachtas have a role in overseeing or approving some types of datasharing arrangements? If so, how extensive should this role be? The Oireachtas already debates specific data-sharing provisions set out in legislation and will debate this Bill if initiated. Further detail in relation to this proposal would be necessary in order to definitively evaluate it. Specific data-sharing provisions 13. What other specific data-sharing arrangements should be considered? The role of the DPC is not to identify other potential data-sharing arrangements but to enforce the Data Protection Acts. 14. Should a general provision be added to enable widespread access to information on Births, Marriages and Civil Partnerships? The DPC would strongly advise that this should not be done. The publication and dissemination of such information on a public forum such as the internet would be fundamental incursion into the privacy of individuals. Allowing such information to be made easily available in an electronic open environment carries the risk of abuse particularly in relation to identity fraud as such information can reveal private answers to security questions that many data controllers require i.e. date of birth, mother s maiden name, area of registration /birth. The current system of permitting access based on one-off requests appears to this Office to be functioning adequately and striking an appropriate balance between providing access to the public to such information and not infringing the privacy rights of individuals. 15. Some jurisdictions are examining the concept of an honest broker or trusted third party this would have the power to accept any data and process it on behalf of public bodies, while preventing the public body from accessing the raw data. Is this a concept that could usefully be included in the Bill? The DPC considers that this is an interesting concept and certainly one worth exploring if the legislation is to be implemented Should specific provisions relating to the sharing of anonymised data be included? 6 P a g e

7 The DPC considers that this would be very valuable to many data controllers especially in the health and research sector. Governance of the sharing of personal data 17. Do you agree that The problem [of data governance] is therefore primarily one of better implementation, rather than an absence of legislation.? Yes this Office would agree that it is primarily a problem of implementation. The Data Protection Acts already provide a legal framework setting out what is required in terms of data governance. Finally, it may be worth reiterating that investigations carried out by the DPC in recent years, have revealed that personal data in the hands of the State can be prone to unlawful disclosure to third parties. In short, personal data is leaking from parts of the State sector on a daily basis. In other instances, state employees may be deemed to have been reckless and negligent in their duties in responding to unverified agents who have misrepresented themselves in telephone calls and have been successfully able to solicit personal data held on state databases on a continuous and daily basis. Data sharing among state sector organisations could play into the hands of such unscrupulous agents, if there are insufficient data governance measures in place to counter them. Staff working in the civil and public service must be conscious of previous examples of prosecution and dismissal of staff who have provided unauthorised and inappropriate access to personal data held by the State and should be provided with training to better understand their important role in protecting this data. 18. Should the Data Protection Commissioner have a role in monitoring and reporting on compliance with these governance provisions? The DPC regards driving compliance as being part of the independent statutory functions of her office under the Data Protection Acts and does not recommend any reiteration of this role in a separate piece of legislation. A specified role in this proposed legislation for the DPC in monitoring and reporting on compliance is not recommended. The DPC cannot and does not have the resources to monitor every data activity for all State and private entities in Ireland and to report on same. Rather, the office operates an audit function on a transparent risk-based approach and in this way targets resources where they are likely to be needed. Further, the office has statutory obligations to deal with and investigate all valid, specific complaints of data breaches it receives and again this provides the most efficient and effective way to target data protection resources. Providing for a role in specific monitoring and reporting for the DPC again undermines the notion that it is public sector managers who must take responsibility for making lawful arrangements for data-sharing and for protecting the data. Designation of a monitoring role to the DPC or providing for a 7 P a g e

8 role for the DPC to receive already signed MOAs may create difficulties for the DPC when it investigates complaints of breaches in any specific area. In any case, as set out above, the statutory audit and complaints investigation functions of the DPC already deliver on the aim of this proposal. It is noted that on page 11 of the consultation paper it is proposed that D/PER would have a role in specifying formats and timeframes in relation to specific datasets so perhaps a public sector monitoring and reporting role could also be assumed by D/PER if it considers it would be desirable. 19. In what circumstances should a Department be able to opt out of the transparency requirement for a particular data-sharing arrangement? Section 2 of the Data Protection Acts does not provide for an opt out of transparency requirements and if it is the intention of any legislation to rely on processing provisions set out in section 2A and 2B of the Acts, then the transparency requirements of section 2 must be complied with. 20. Is it practicable for these arrangements to apply to all existing data-sharing arrangements, not just new ones? This requires further consideration based on all previous comments. It is not clear what is being proposed here. Moving from paper to digital 21. Is the base register concept a useful one? At this stage the opinion of the DPC is that such a Base register concept should be for commercial / business / sole trader, customers only. The benefit for these business customers should be clearly identified i.e. one stop shop for obtaining all business related regulatory certificates of compliance. In relation to People, it is not clear how this would operate, how the principle of proportionality would apply, how the data would be kept accurate and up to date and retained only for as long as necessary. In addition, access rules would need to be clear. In the view of the DPC, a proposal for a People base register requires much greater elaboration on what is proposed. 22. What other base registers could usefully be defined? The DPC would not recommend any non business data base registers, on individual customers at this time. The DPC will review this recommendation on further consultation. 8 P a g e

9 Submitted on behalf of the Data Protection Commissioner 9 P a g e

Formal response to the Consultation Paper: Monitoring and Regulation of Migration

Formal response to the Consultation Paper: Monitoring and Regulation of Migration WITHOUT PREJUDICE Formal response to the Consultation Paper: Monitoring and Regulation of Migration 1 October 2004 1. Introduction 1.1. The role of the Office of the Data Protection Registrar ( the Registrar

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary

More information

CODE OF PRACTICE APPOINTMENT TO POSITIONS IN THE CIVIL SERVICE AND PUBLIC SERVICE MERIT PROBITY ACCOUNTABILITY

CODE OF PRACTICE APPOINTMENT TO POSITIONS IN THE CIVIL SERVICE AND PUBLIC SERVICE MERIT PROBITY ACCOUNTABILITY CODE OF PRACTICE APPOINTMENT TO POSITIONS IN THE CIVIL SERVICE AND PUBLIC SERVICE MERIT PROBITY BEST PRACTICE ACCOUNTABILITY CONSISTENCY Published in 2007 by the Commission for Public Service Appointments

More information

Data Protection Policy

Data Protection Policy London Borough of Enfield Data Protection Policy Author Mohi Nowaz Classification UNCLASSIFIED Date of First Issue 10/08/2012 Owner IGB Issue Status DRAFT Date of Latest Re-Issue 12/09/2012 Version 0.6

More information

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency

More information

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the

More information

Code of Practice on Data Protection for the Insurance Sector

Code of Practice on Data Protection for the Insurance Sector Code of Practice on Data Protection for the Insurance Sector (Approved by the Data Protection Commissioner under Section 13 (2) of the Data Protection Acts, 1988 and 2003) Forward I am very happy to be

More information

I. Personal data and its use in the business to business environment.

I. Personal data and its use in the business to business environment. RESPONSE FROM THE DIRECT MARKETING ASSOCIATION (UK) LTD. TO THE EUROPEAN COMMISSION'S CONSULTATION ON THE IMPLEMENTATION OF DIRECTIVE 95/46 EC ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

23/1/15 Version 1.0 (final)

23/1/15 Version 1.0 (final) Information Commissioner s Office response to the Cabinet Office s consultation on the proposal to amend the Privacy and Electronic Communications (EC Directive) Regulations 2003 ( PECR ), to enable the

More information

CP 10 IFSRA CONSUMER PROTECTION CODE. SUBMISSION of FREE LEGAL ADVICE CENTRES LTD MAY 2005. 1. Introduction

CP 10 IFSRA CONSUMER PROTECTION CODE. SUBMISSION of FREE LEGAL ADVICE CENTRES LTD MAY 2005. 1. Introduction CP 10 IFSRA CONSUMER PROTECTION CODE SUBMISSION of FREE LEGAL ADVICE CENTRES LTD MAY 2005 1. Introduction One of the core priorities of FLAC s current strategic plan is to strengthen consumer protection

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007. 2007 No. 2199

EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007. 2007 No. 2199 EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007 2007 No. 2199 1. This explanatory memorandum has been prepared by the Home Office and is laid before Parliament by Command of

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19 Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility

More information

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1 Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:

More information

The Community Security Trust (CST) 1st March Last Review April Next Review due April PSNI Headquarters

The Community Security Trust (CST) 1st March Last Review April Next Review due April PSNI Headquarters PURPOSE PARTNERS HPCC National Police Chiefs' Council The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

INFORMATION GOVERNANCE STRATEGY

INFORMATION GOVERNANCE STRATEGY INFORMATION GOVERNANCE STRATEGY Page 1 of 10 Strategy Owner Valerie Penn, Head of Governance Strategy Author Caroline Law, Information Governance Project Manager Directorate Corporate Governance Ratifying

More information

IDENTITY ASSURANCE PRINCIPLES

IDENTITY ASSURANCE PRINCIPLES IDENTITY ASSURANCE PRINCIPLES PRIVACY AND CONSUMER ADVISORY GROUP (PCAG) V3.1 (for publication) CONTENTS 1. Introduction 3 2. The Context of the Principles 4 3. Definitions 6 4. The Nine Identity Assurance

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Code of Audit Practice

Code of Audit Practice Code of Audit Practice APRIL 2015 Code of Audit Practice Published pursuant to Schedule 6 Para 2 of the Local Audit and Accountability This document is available on our website at: www.nao.org.uk/ consultation-code-audit-practice

More information

Information Governance in Dental Practices. Summary of findings from ICO reviews. September 2015

Information Governance in Dental Practices. Summary of findings from ICO reviews. September 2015 Information Governance in Dental Practices Summary of findings from ICO reviews September 2015 Executive summary The Information Commissioner s Office (ICO) is the regulator responsible for ensuring that

More information

Fire Safety Policy Directive ENFORCEMENT POLICY STATEMENT. Index. 1. Introduction. 2. Advice and Guidance. 3. The Purpose and Method of Enforcement

Fire Safety Policy Directive ENFORCEMENT POLICY STATEMENT. Index. 1. Introduction. 2. Advice and Guidance. 3. The Purpose and Method of Enforcement Fire Safety Policy Directive ENFORCEMENT POLICY STATEMENT Index 1. Introduction 2. Advice and Guidance 3. The Purpose and Method of Enforcement 4. The Principles of Enforcement 5. Audit and Inspection

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Issued by: Senior Information Risk Owner Policy Classification: Policy No: POLIG001 Information Governance Issue No: 1 Date Issued: 18/11/2013 Page No: 1 of 16 Review Date:

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

Information Governance Policy

Information Governance Policy Information Governance Policy UNIQUE REF NUMBER: AC/IG/013/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT HISTORY

More information

Submission in Response to the Personally Controlled Electronic Health Record System: Legislation Issues Paper

Submission in Response to the Personally Controlled Electronic Health Record System: Legislation Issues Paper Submission in Response to the Personally Controlled Electronic Health Record System: Legislation Issues Paper August 2011 About National Seniors Australia With a quarter of a million individual members

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

Response to Department for Business, Enterprise and Regulatory Reform consultation: Legislative options to address illicit P2P file-sharing

Response to Department for Business, Enterprise and Regulatory Reform consultation: Legislative options to address illicit P2P file-sharing Response to Department for Business, Enterprise and Regulatory Reform consultation: Legislative options to address illicit P2P file-sharing 30 October 2008 UK Film Council Legislative options to address

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Scotland s Commissioner for Children and Young People Records Management Policy

Scotland s Commissioner for Children and Young People Records Management Policy Scotland s Commissioner for Children and Young People Records Management Policy 1 RECORDS MANAGEMENT POLICY OVERVIEW 2 Policy Statement 2 Scope 2 Relevant Legislation and Regulations 2 Policy Objectives

More information

Data Protection A Guide for Users

Data Protection A Guide for Users Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection

More information

Request for feedback on the revised Code of Governance for NHS Foundation Trusts

Request for feedback on the revised Code of Governance for NHS Foundation Trusts Request for feedback on the revised Code of Governance for NHS Foundation Trusts Introduction 8 November 2013 One of Monitor s key objectives is to make sure that public providers are well led. To this

More information

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010 About Healthcare Identifiers QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010 Q1. What is the Healthcare Identifiers Service? The Healthcare Identifiers (HI) Service will implement and maintain a

More information

Data controllers and data processors: what the difference is and what the governance implications are

Data controllers and data processors: what the difference is and what the governance implications are ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

DRAFT DATA RETENTION AND INVESTIGATORY POWERS BILL

DRAFT DATA RETENTION AND INVESTIGATORY POWERS BILL DRAFT DATA RETENTION AND INVESTIGATORY POWERS BILL INTRODUCTION EXPLANATORY NOTES 1. These explanatory notes relate to the Draft Data Retention and Investigatory Powers Bill. They have been prepared by

More information

Data Protection Policy. Information Security Review Group. Version Date Author Notes on Revisions

Data Protection Policy. Information Security Review Group. Version Date Author Notes on Revisions Document Control Table Document Title: Author(s) (name, job title and Division): Version Number: Document Status: Date Approved: Approved By: Effective Date: Date of Next Review: Superseded Version: Data

More information

Information Governance Strategy

Information Governance Strategy Information Governance Strategy To whom this document applies: All Trust staff, including agency and contractors Procedural Documents Approval Committee Issue Date: January 2010 Version 1 Document reference:

More information

St Margaret s CE Primary school, Withern Data Protection Policy

St Margaret s CE Primary school, Withern Data Protection Policy St Margaret s CE Primary school, Withern Data Protection Policy Reference Points Data Protection Act 1998 See https://www.gov.uk/data-protection/the-data-protection-act Information Commissioners' Office

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

Draft Australian Privacy Principles (APP) Guidelines first tranche

Draft Australian Privacy Principles (APP) Guidelines first tranche The Association of Superannuation Funds of Australia Limited ABN 29 002 786 290 ASFA Secretariat PO Box 1485, Sydney NSW 2001 p: 02 9264 9300 (1800 812 798 outside Sydney) f: 1300 926 484 w: www.superannuation.asn.au

More information

LEGAL ADVICE AND ASSISTANCE POLICY AND GUIDANCE

LEGAL ADVICE AND ASSISTANCE POLICY AND GUIDANCE LEGAL ADVICE AND ASSISTANCE POLICY AND GUIDANCE Northern Ireland Commissioner for Children and Young People Equality House 7 9 Shaftesbury Square BELFAST BT2 7DP Telephone: 028 9031 1616 Website: www.niccy.org

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the Standards Internal auditing is conducted in diverse legal and cultural environments; for organizations

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

REGULATION OF LOBBYING LEGISLATION - POLICY PROPOSALS. Information Note

REGULATION OF LOBBYING LEGISLATION - POLICY PROPOSALS. Information Note REGULATION OF LOBBYING LEGISLATION - POLICY PROPOSALS Information Note Government Reform Unit Department of Public Expenditure and Reform April 2013 1. Introduction:... 2 2. Development of Proposals...

More information

BHCC Policy Summary. This policy outlines BHCC s obligations and responsibilities in relation to the Data Protection Act 1998.

BHCC Policy Summary. This policy outlines BHCC s obligations and responsibilities in relation to the Data Protection Act 1998. BHCC Policy Summary 1 Policy Name Data Protection Policy. 2 Purpose of Policy To define the standards expected of all Brighton & Hove City Council employees, and any third parties, when processing information

More information

Data Protection Breach Management Policy

Data Protection Breach Management Policy Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/

More information

INFORMATION PRIVACY STATEMENT

INFORMATION PRIVACY STATEMENT INFORMATION PRIVACY STATEMENT Victoria Police is bound by the Privacy and Data Protection Act 2014 in how it manages personal information. Victoria Police is committed to protecting the personal information

More information

Regulation of Investigatory Powers Act 2000

Regulation of Investigatory Powers Act 2000 Regulation of Investigatory Powers Act 2000 Consultation: Equipment Interference and Interception of Communications Codes of Practice 6 February 2015 Ministerial Foreword The abilities to read or listen

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Date approved by Heads of Service 3 June 2014 Staff member responsible Director of Finance and Corporate Services Due for review June 2016 Data Protection Policy Content Page 1 Purpose

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

Supplementary Policy on Data Breach Notification Legislation

Supplementary Policy on Data Breach Notification Legislation http://www.privacy.org.au Secretary@privacy.org.au http://www.privacy.org.au/about/contacts.html 4 May 2013 Supplementary Policy on Data Breach Notification Legislation Introduction It has been reported

More information

Lancashire County Council Information Governance Framework

Lancashire County Council Information Governance Framework Appendix 'A' Lancashire County Council Information Governance Framework Introduction Information Governance provides a framework for bringing together all of the requirements, standards and best practice

More information

Audit, Risk and Compliance Committee Charter

Audit, Risk and Compliance Committee Charter 1. Background Audit, Risk and Compliance Committee Charter The Audit, Risk and Compliance Committee is a Committee of the Board of Directors ( Board ) of Syrah Resources Limited (ACN 125 242 284) ( Syrah

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Submission to Standing Senate Committee on the Environment, Communications and the Arts on the adequacy of protections for the privacy of Australians

Submission to Standing Senate Committee on the Environment, Communications and the Arts on the adequacy of protections for the privacy of Australians Submission to Standing Senate Committee on the Environment, Communications and the Arts on the adequacy of protections for the privacy of Australians online August 2010 1 1. Introduction The Australian

More information

University of Limerick Data Protection Compliance Regulations June 2015

University of Limerick Data Protection Compliance Regulations June 2015 University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick

More information

LCAT-Data Protection Policy-U LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY. Introduction

LCAT-Data Protection Policy-U LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY. Introduction LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY Introduction 1. Looe Community Academy Trust (the Academy) is required to maintain certain personal data about living individuals for the purposes of

More information

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - . Board Charter - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1. Interpretation 1.1 In this Charter: Act means the Companies

More information

Data Breach Management Policy and Procedures for Education and Training Boards

Data Breach Management Policy and Procedures for Education and Training Boards Data Breach Management Policy and Procedures for Education and Training Boards POLICY on DATA BREACHES in SCHOOLS/COLLEGES and OTHER EDUCATION and ADMINISTRATIVE CENTRES UNDER the REMIT of TIPPERARY EDUCATION

More information

Non-absolute exemptions (subject to Substantial Prejudice Test and/or Public

Non-absolute exemptions (subject to Substantial Prejudice Test and/or Public EXEMPTIONS to the release or provision of information under Freedom of Information (Scotland) Act 2002 Contents Information Does not have to be Provided Definition of Information Held by the Council Absolute

More information

Privacy Policy. January 2014

Privacy Policy. January 2014 Privacy Policy January 2014 Privacy Policy Introduction This policy explains your rights as an individual when using services provided by Her Majesty s Passport Office. Our commitment to you Her Majesty

More information

Code of Ethics for Pharmacists and Pharmacy Technicians

Code of Ethics for Pharmacists and Pharmacy Technicians Code of Ethics for Pharmacists and Pharmacy Technicians About this document Registration as a pharmacist or pharmacy technician carries obligations as well as privileges. It requires you to: develop and

More information

West Sussex County Council. Guidance on Information Law for Schools

West Sussex County Council. Guidance on Information Law for Schools This guidance recognises that schools already deal with a great variety and number of requests for information and provides a straightforward approach to compliance with the following legislation: Education

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Version: 3.2 Authorisation Committee: Date of Authorisation: May 2014 Ratification Committee Level 1 documents): Date of Ratification Level 1 documents): Signature of ratifying

More information

ISO/IEC 38500 INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise

ISO/IEC 38500 INTERNATIONAL STANDARD. Corporate governance of information technology. Gouvernance des technologies de l'information par l'entreprise INTERNATIONAL STANDARD ISO/IEC 38500 First edition 2008-06-01 Corporate governance of information technology Gouvernance des technologies de l'information par l'entreprise Reference number ISO/IEC 38500:2008(E)

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

CODE OF PRACTICE ATYPICAL APPOINTMENTS TO POSITIONS IN THE CIVIL SERVICE AND CERTAIN PUBLIC BODIES MERIT PROBITY ACCOUNTABILITY

CODE OF PRACTICE ATYPICAL APPOINTMENTS TO POSITIONS IN THE CIVIL SERVICE AND CERTAIN PUBLIC BODIES MERIT PROBITY ACCOUNTABILITY CODE OF PRACTICE ATYPICAL APPOINTMENTS TO POSITIONS IN THE CIVIL SERVICE AND CERTAIN PUBLIC BODIES MERIT PROBITY BEST PRACTICE CE ACCOUNTABILITY CONSISTENCY Published in 2007 by the Commission for Public

More information

Big Data for Mutuals. Marc Dautlich 25 November 2013

Big Data for Mutuals. Marc Dautlich 25 November 2013 Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?

More information

School Policy. Data Protection Policy and Procedures

School Policy. Data Protection Policy and Procedures School Policy Data Protection Policy and Procedures Introduction Our school gathers and uses personal information about staff, pupils, parents and other individuals who come into contact with the school

More information

Personally controlled electronic health record (ehealth record) system

Personally controlled electronic health record (ehealth record) system Personally controlled electronic health record (ehealth record) system ehealth record System Operator Audit report Information Privacy Principles audit Section 27(1)(h) Privacy Act 1988 Audit undertaken:

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

REFORM OF STATUTORY AUDIT

REFORM OF STATUTORY AUDIT EU BRIEFING 14 MARCH 2012 REFORM OF STATUTORY AUDIT Assessing the legislative proposals This briefing sets out our initial assessment of the legislative proposals to reform statutory audit published by

More information

Minimum Requirements for Appraisal Management Companies. Docket No. R-1486 RIN 7100-AE15

Minimum Requirements for Appraisal Management Companies. Docket No. R-1486 RIN 7100-AE15 Docket No. R-1486 On behalf of the Kentucky Real Estate Appraisers Board, members and staff, it is my pleasure to submit the following comments in response to the Agencies request contained within the

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version: 1.0 Date: October 2013 Table of Contents 1 Introduction The need for a Data Protection Policy... 3 2 Scope... 3 3 Principles... 3 4 Staff Roles & Responsibilities... 4 5

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

Response to APB Consultation on the Auditor s Report

Response to APB Consultation on the Auditor s Report Response to APB Consultation on the Auditor s Report Introduction Hermes is one of the largest pension fund managers in the City of London and is wholly owned by the BT Pension Scheme. We also respond

More information

Information Security Policy

Information Security Policy Information Security Policy Version 2 Date Approved by Board 8 March 2016 Date of previous approval 4 February 2014 Date of next Review February 2018 You may also be interested in the following policies:

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

RESPONSE TO LRC PERSONAL DEBT MANAGEMENT AND DEBT ENFORCEMENT REPORT. Chapter 1: Personal Insolvency Law: Debt Settlement Arrangements

RESPONSE TO LRC PERSONAL DEBT MANAGEMENT AND DEBT ENFORCEMENT REPORT. Chapter 1: Personal Insolvency Law: Debt Settlement Arrangements Chapter 1: Personal Insolvency Law: Debt Settlement Arrangements Reform of the Bankruptcy Act The Report recommends that a thorough review of the Bankruptcy Act 1988 should be undertaken. Comment: It is

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed

More information

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting

More information

CARDIFF METROPOLITAN UNIVERSITY RESEARCH GOVERNANCE FRAMEWORK

CARDIFF METROPOLITAN UNIVERSITY RESEARCH GOVERNANCE FRAMEWORK The Cardiff Metropolitan University Research Governance Framework applies to all members of staff and students involved in research regardless of whether they are conducting research inside or outside

More information

JOB DESCRIPTION. Information Governance Manager

JOB DESCRIPTION. Information Governance Manager JOB DESCRIPTION POST TITLE: Information Governance Manager DIRECTORATE: ACCOUNTABLE TO: BAND: LOCATION: CSS Head of Information Governance 8a CSS Job Purpose The Information Governance Manager will ensure

More information

Third party use of customer lists

Third party use of customer lists May 2006 slaughter and may marketing: part 4 Third party use of customer lists Rob Sumroy, Partner In the fi rst article in this series we considered the legislative and regulatory framework that direct

More information

Glyncoed Primary School. Data Protection Policy

Glyncoed Primary School. Data Protection Policy Glyncoed Primary School Data Protection Policy Date agreed: March 2015 Review date: March 2017 1 Data Protection Policy Glyncoed Primary School collects and uses personal information about staff, pupils,

More information