Data Protection Workshop: How the Law Affects You Practice Questions
|
|
- Annabelle Stewart
- 8 years ago
- Views:
Transcription
1 Data Protection Workshop: How the Law Affects You Practice Questions 1. Which of the following is not personal data covered by the Data Protection Act (pick one or more): A. Comments about an individual in an . B. A paper file on a named student. C. Data in the Library s database about a student s book borrowing. D. Information about a person in the minutes of a meeting. E. One of the School s HR policies. F. Data about a company which supplies us with goods and services. 2. Which of the following are sensitive personal data (pick one or more)? A. Ethnic origins. B. Nationality. C. Political views. D. Trade union membership. E. Salary/personal finances. 3. Which of the following are not rights which individuals have under the Data Protection Act? A. To prevent us from using their data for direct marketing. B. To receive a copy of data about them in permanent form. C. To inspect files about them at SOAS. D. To require us to correct, block or erase inaccurate data. E. To prevent us from processing any data about them. 4. You cannot request information about yourself under the Freedom of Information Act. True or false? 5. We can only process data with the consent of the data subject. True or false? 6. Which of the following should ideally be included in a data collection notice (pick one or more)? A. An explanation of why the data is needed, and how it will be used. B. The parts of SOAS which will use the data. C. Any third parties to whom the data will be transferred. D. How long the data will be kept. E. Who they can contact to exercise their rights. F. All of the above. 7. It s illegal to process data unless the processing is covered by our notification with the Information Commissioner. True or false? 8. Assuming that all the other Data Protection Principles have all been met, which of the following is not a valid transfer of data outside the EEA under the eighth Data Protection Principle (pick one or more)? A. The transfer is to a country approved by the EC. B. The transfer is for valid commercial reasons. C. The data subject has consented to the transfer. D. The transfer is in the legitimate interests of SOAS, and does not prejudice the rights or legitimate interests of the data subject. E. The transfer is necessary for a performing a contract with the data subject. 9. The Data Protection Act prevents us from holding duplicate copies of data. True or false? 10. You receive a telephone call from the parent of a student. They haven t heard from her for some weeks, and they think that she may have changed address without telling them. They re really concerned about her, as she usually rings every week. They ask if the School could give them her up to date address and phone number. What do you do? 18 Oct
2 11. Data subjects do not have a right of access to (pick one or more): A. Copies of job references written by SOAS and held by SOAS. B. Their examination marks. C. CCTV footage which shows them entering the School. D. Copies of job references received by SOAS. E. The grades of their co-workers in the same department. 12. If data is no longer needed for the purposes for which it was gathered, it must be destroyed. True or false? 13. If the police ask us for personal data, we are legally obliged to release it to them. True or false? 14. The School is considering commissioning a survey of its students. The survey data will be gathered and analysed by an external contractor. Certain data will need to be transferred to the survey contractor to carry out the survey (assume that it is a web based survey which will be publicised by the contractor will get students names, addresses and certain demographic information to allow the data to be analysed, e.g. by sex and nationality). Assume that two companies are in contention, one in France and the other in the US. What are the Data Protection issues that we would need to consider in order to do this legally? 15. Good records management is vital for Data Protection because (pick one or more): A. We need to be able to find data to answer requests. B. We need to make sure that personal data is not kept for longer than necessary. C. Personal data needs to be protected against unauthorised access. D. Personal data needs to be protected against accidental loss or destruction. E. We can be named and shamed by the Information Commissioner if our record keeping is poor. Peter Garrod Data Management Officer (pg7@soas.ac.uk) 18 Oct
3 Data Protection Workshop: How the Law Affects You Answers to Practice Questions Question 1 A: This is personal data. Expressions of opinion about an individual are personal data, and in addition, the data is held in electronic form. B: This is personal data (either because it is a relevant filing system, or as a result of the amendments brought in by the FoI Act). The student would have a right of access to it if they submitted a request. C: This is personal data (it relates to an individual and is in electronic form). D: This is personal data, regardless of whether the minutes are in paper or electronic form. If in paper form only, the individual would need to tell us where to look if they submitted a requests, as the minutes are unlikely to be structured by reference to individuals or criteria relating to individuals. E: This is not personal data, but there would be a right of access under the FoI Act. F: This is not personal data. Data on corporate bodies is not protected by the Data Protection Act. The Data Protection Act will apply if the supplier is an unincorporated individual (e.g. a sole trader). DPA will also cover any data which we hold about the individual employees of a supplier or contractor. Question 2 The correct answers are A, C and D. B: Nationality is not sensitive personal data, although data on an individual s ethnic or racial origins is. E: Curiously, an individual s finances are not treated as sensitive personal data! Question 3 The correct answers are: C: The Data Protection Act does not give data subjects any right to demand on-site access to their data (although we can agree to make the data available in this way if we wish to). E: Individuals can serve us with a section 10 notice, but we do not have to accept it if we think that the notice is unjustified (e.g. the processing is unlikely to cause them substantial damage or substantial distress ), or if an exemption from the section 10 right applies (e.g. the processing is necessary for performing a contract with the data subject). Question 4 True. Information about the person making a request is exempt under section 40(1) of the Freedom of Information Act. People who submit FoI requests for data about themselves will be asked to re-submit their requests as Data Protection requests. Question 5 False. While consent is usually desirable, it s not absolutely essential there are many situations where processing without consent is fair and lawful, although we do have a general obligation to inform individuals (as far as is practicable) how their data will be processed, when we gather the data. Question 6 The correct answer is F. In practical terms, A, C and E are really essential; the others are desirable. The collection notice should also state that by completing the form, the data subject consents to the purposes described in the notice. Question 7 True, as far as processing which we are required to notify is concerned. We are not required to notify the processing of paper format data. Certain types of processing which virtually all organisations carry out (such as staff administration or keeping accounts) are also exempt from the requirement to notify, although you can notify voluntarily. Question 8 The correct answers are B and D. 18 Oct
4 B: Valid commercial reasons is not sufficient grounds for transferring personal data outside the EEA, and is also not sufficient for the transfer (as a form of processing) to be fair and lawful under the First Data Protection Principle. D: This is valid grounds for processing non-sensitive personal data under the First Data Protection Principle, but it does not satisfy the requirements of the Eighth Data Protection Principle. Question 9 False. However, unnecessary duplication will make it more difficult to meet the requirements of the DPA, as each copy has to be managed in accordance with the DPA. Central management of data is more efficient and is to be preferred. Question 10 You should definitely not release the data over the telephone you have no way of knowing that the caller is genuine, and students can choose not to have any contact with parents or other relatives (even if they re being supported by them financially). The best way to handle this would be to offer to act as an intermediary: i. State that you cannot confirm or deny whether X is a student (the fact that someone is a student at SOAS is itself personal data); ii. Offer to pass on any message from the enquirer and the enquirer s contact details to X, if they are indeed a student. iii. Then contact the student and determine what the situation is. Question 11 A: Correct. B: Incorrect. Data subjects do have a right of access to examination marks, but we do not have to provide the data until 40 days after the announcement of the results or 5 months after receipt of the request (whichever is earlier). C: Incorrect. D: Incorrect. E: There is no right of access under the Data Protection Act, but the Information Commissioner has indicated that grades of staff members could be legitimately released under Freedom of Information. This part of the data subject s request would have to be treated as an FoI request. Question 12 True, in most cases. However, personal data can be retained indefinitely if it s being used for research purposes (including preservation as historical archives). Use of personal data for research/historical purposes does not conflict with the requirement that data should not be used for purposes other than those for which it was gathered. Question 13 False. The exemption in section 29 of the Data Protection Act which allows personal data to be disclosed for law enforcement purposes is permissive. We do not have to disclose the data if we are not satisfied that the investigation is a legitimate one, or that failure to disclose would prejudice the investigation. In practice, data will normally be disclosed to law enforcement agencies if it is requested in the proper way: i.e. using a written section 29 form which explains why the data is needed. Question 14 The contractor will be acting as a data processor (processing data on our behalf), so we need to make sure that we meet the requirements of the DPA in terms of data processing arrangements. This includes ensuring that the contractor has adequate security in place and that we have a written contract with the contractor which reflects this obligation. As the contractor is processing data on our behalf, the processing should normally be fair and lawful (in the sense of the first Data Protection Principle) if it would be fair and lawful to process the data ourselves. 18 Oct
5 Other issues to consider: We should make sure that students are informed via a data collection notice how the information they supply will be held and used, including the fact that it will be transferred to a data processor. If we select the contractor in the US, we will need to make sure that we meet one of the conditions for transferring data outside the EEA (this is not an issue for the supplier in France). Question 15 All true except for E. Strictly speaking, the Commissioner does not have this power under the Data Protection Act. However, the Commissioner can investigate our record keeping practices under provisions in the Freedom of Information Act, and can issue a non-binding practice recommendation specifying what steps we should take to conform to the Records Management Code issued under the FoI Act (no practice recommendations have been issued yet). The RM Code sets out general principles which organisations subject to FoI should aim to achieve in their records management systems. 18 Oct
DATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More information2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationData Protection Policy
Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationDATA PROTECTION CORPORATE POLICY
DATA PROTECTION CORPORATE POLICY Information Management V1.1 03 July 2012 Not protectively marked This policy must be complied with fully by all Members, Officers Agents and Contractors of Plymouth City
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationData Protection. Policy and Application July 2009
Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationHampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationData Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationRick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
More informationData Protection and Data security Policy
Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us
More informationData Protection Acts 1988 and 2003: Informal Consolidation
Page 1 of 55 Data Protection Acts 1988 and 2003: Informal Consolidation IMPORTANT NOTICE This document is an informal consolidation of the Data Protection Acts 1988 and 2003, prepared by the Office of
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationComments and proposals on the Chapter II of the General Data Protection Regulation
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationGSK Public policy positions
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationData Protection and Community Councils Briefing Note
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
More informationAppendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
More informationWest Midlands Police and Crime Commissioner Records Management Policy 1 Contents
West Midlands Police and Crime Commissioner Records Management Policy 1 Contents 1 CONTENTS...2 2 INTRODUCTION...3 2.1 SCOPE...3 2.2 OVERVIEW & PURPOSE...3 2.3 ROLES AND RESPONSIBILITIES...5 COMMISSIONED
More informationThe Impact on Marketing-Related Activities of the Data Protection Act and Related Legislation
The Impact on Marketing-Related Activities of the Data Protection Audience 1. This guidance is intended for all University staff who maintain or use database of contacts for marketing purposes, including
More informationUNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY
UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY 1. Purpose 1.1 The Data Protection Act 1998 ( the Act ) has two principal purposes: i) to regulate the use by those (known as data controllers) who obtain,
More informationDATA PROTECTION AUDIT GUIDANCE
DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data
More informationPhotography and filming in schools Code of Practice
Photography and filming in schools Code of Practice Data Protection compliance September 2010 Photography and filming in schools September 2010 1 Contents 1. About this code 3 2. Complying with the Data
More informationPRIVACY POLICY. Any form of reproduction in whole or in part of the content of this document is prohibited.
Deck S.r.l. Via Cesareo Console 3 80132 Napoli (NA) P. iva: 04846431213 Cf: 04846431213 Rea 717835 Reg. Imp. di Napoli Cap. Soc. 15.000 PRIVACY POLICY Protecting and defending your privacy is important
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationASPEN AUSTRALIA BRANCH PRIVACY POLICY
ASPEN AUSTRALIA BRANCH PRIVACY POLICY INTRODUCTION This policy applies to the operations of Aspen s Australia branch. Aspen is committed to complying with the principles of the Privacy Act 1988 and accordingly
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationPERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationOFFICIAL. NCC Records Management and Disposal Policy
NCC Records Management and Disposal Policy Issue No: V1.0 Reference: NCC/IG4 Date of Origin: 12/11/2013 Date of this Issue: 14/01/2014 1 P a g e DOCUMENT TITLE NCC Records Management and Disposal Policy
More informationDATA PROTECTION POLICY
MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to
More informationAn overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationYour Family s Special Education Rights
VIRGINIA DEPARTMENT OF EDUCATION DIVISION OF SPECIAL EDUCATION AND STUDENT SERVICES Your Family s Special Education Rights VIRGINIA PROCEDURAL SAFEGUARDS NOTICE SPECIAL EDUCATION PROCEDURAL SAFEGUARDS
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationINDIVIDUALS WITH DISABILITIES EDUCATION ACT NOTICE OF PROCEDURAL SAFEGUARDS
INDIVIDUALS WITH DISABILITIES EDUCATION ACT NOTICE OF PROCEDURAL SAFEGUARDS Tennessee Department of Education Division of Special Education Department of Education February 11, 2008; Publication Authorization
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationPart B PROCEDURAL SAFEGUARDS NOTICE
Part B PROCEDURAL SAFEGUARDS NOTICE New York State Education Department PROCEDURAL SAFEGUARDS NOTICE Rights for Parents of Children with Disabilities, Ages 3-21 As a parent, you are a vital member of the
More informationData Protection Guidance
53 September 2010 Management Circular No. 53 Glasgow City Council Education Services Wheatley House 25 Cochrane Street Merchant City GLASGOW G1 1HL To Heads of all Educational Establishments Data Protection
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationThe Guide to Data Protection. The Guide to Data Protection
The Guide to Data Protection Contents Introduction 1 Key definitions of the Data Protection Act 4 The Data Protection Principles 19 1. Processing personal data fairly and lawfully (Principle 1) 20 2. Processing
More informationCode of practice for archivists and records managers under Section 51(4) of the Data Protection Act 1998
Code of practice for archivists and records managers under Section 51(4) of the Data Protection Act 1998 2007, The National Archives (on behalf of the Crown), the Society of Archivists, the Records Management
More informationData Protection A Guide for Users
Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection
More informationPart B PROCEDURAL SAFEGUARDS NOTICE
Part B PROCEDURAL SAFEGUARDS NOTICE New York State Education Department PROCEDURAL SAFEGUARDS NOTICE Rights for Parents of Children with Disabilities, Ages 3-21 As a parent, you are a vital member of the
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More information12th January 2011. Dear Mr. Graham, Complaint: Internet Eyes
12th January 2011 Mr Christopher Graham Information Commissioner The Office of the Information Commissioner, Water Lane, Wycliffe House, Wilmslow, Cheshire SK9 5AF UNITED KINGDOM Dear Mr. Graham, Complaint:
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More informationData controllers and data processors: what the difference is and what the governance implications are
ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a
More informationNotification. Form. 1. Details of Data Controller. Page 1 of 6. Office of the Data Protection Commissioner. Name (s) 1.1 Name of Organisation:
tification Name (s) Form Office of the Data Protection Commissioner 2, Airways House High Street, Sliema SLM 1549 Malta. Tel: (+356) 2328 7100 Fax: (+356) 2328 7198 E-Mail: commissioner.dataprotection@gov.mt
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationPolicy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationPrivacy Policy for Data Collected by Blue State Digital s Clients
Privacy Policy for Data Collected by Blue State Digital s Clients Blue State Digital LLC. ("Blue State Digital", BSD or "we") provides various services to nonprofits and business entities ("Clients"),
More informationSTART UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS
START UP LOANS PRIVACY AND DATA PROTECTION TERMS AND CONDITIONS Table of Contents 1. ABOUT THIS POLICY... 3 2. WHO WE ARE AND WHO IS RESPONSIBLE FOR YOUR PERSONAL DATA... 3 3. WHERE WE COLLECT YOUR PERSONAL
More informationPersonal Data Act (523/1999)
1 NB: Unofficial translation Personal Data Act (523/1999) Chapter 1 General provisions Section 1 Objectives The objectives of this Act are to implement, in the processing of personal data, the protection
More informationInformation Governance in Dental Practices. Summary of findings from ICO reviews. September 2015
Information Governance in Dental Practices Summary of findings from ICO reviews September 2015 Executive summary The Information Commissioner s Office (ICO) is the regulator responsible for ensuring that
More informationData Protection and Privacy Policy
Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.
More informationROYAL AUSTRALASIAN COLLEGE OF SURGEONS
1. SCOPE This policy details the College s privacy policy and related information handling practices and gives guidelines for access to any personal information retained by the College. This includes personal
More informationData Protection Policy
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationThis Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE
Applicant Privacy Notice for Positions in Willis Companies Located in the European Union and European Economic Area Excluding the United Kingdom ( Applicant Privacy Notice Continental Europe ) This Applicant
More informationCorporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
More informationData Protection Consent Clause and Policy Background
Data Protection Consent Clause and Policy Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use,
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationThe kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include:
ABN 47 001 768 190 AFSL 244526 Our Privacy Policy At Capital Insurance Brokers, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationPolicy and Procedure for approving, monitoring and reviewing personal data processing agreements
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure
More informationThe eighth data protection principle and international data transfers
Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue
More informationService Instruction 0759: Destruction of Information Assets (Including Protectively Marked Information)
APPENDIX E Service Instruction 0759 Destruction of Information Assets (Including Protectively Marked Information) Document Control Description and Purpose This instruction is intended to provide guidance
More information