Human Resources and Data Protection
|
|
- Benedict Nichols
- 7 years ago
- Views:
Transcription
1 Human Resources and Data Protection Contents 1. Policy Statement Scope What is personal data? Processing data The eight principles of the Data Protection Act Council obligations Employees obligations Individual s rights under the Act Making a request for information What information do we need from the applicant? What is the timescale for gaining access to the information? What if the applicant is not happy with our response? What if the data is incorrect? Policy Monitoring Policy Statement 1.1. The Data Protection Act 1998 ( the Act ) regulates the way in which certain personal data about an employee is held and used The general aim of the Act is to ensure that where personal data is held, the data is adequate, relevant and not excessive. The Act also ensures that employees are able to access and review the contents of any files held on them
2 1.3. Throughout employment and for as long a period as is necessary following the termination of employment, the Council will need to keep information for purposes connected with an employee s employment. The Council will also hold information to ensure that required services are provided in an efficient, effective manner The Council endorses and adheres to the Data Protection principles and requires all employees to comply with the Act in relation to all personal data held by the Council including the personal data about staff Employees should at all times value the right to privacy of the people about whom information is held and manage personal information professionally. It is each employee's responsibility to ensure that personal data remains confidential and secure. The aim of this document is to provide employees with information relating to the Council s obligations in relation to Data Protection and guidance on how employees are expected to handle personal data or make a Subject Access Request under the Act. The Council also has a Corporate Legal Policy on the Data Protection Act to which employees should also refer Failure to comply with this Guidance and the principles set out in the Data Protection Act will be regarded as serious misconduct and will be dealt with in accordance with the Council s disciplinary policy. Misuse and unauthorised disclosure of personal data can lead to personal prosecution. 2. Scope 2.1. This document applies to all employees other than those in educational establishments with delegated powers The principles in this document also apply to: Former employees Job applicants (successful and unsuccessful) Former job applicants (successful and unsuccessful) Agency workers (current and former) Casual workers (current and former) Contract workers (current and former) Volunteers (current and former) Trainees / work placement students (current and former) 3. What is personal data? 3.1. As outlined in section 1, the Act applies to any personal data. The term personal data is information about a living individual who is identified or who is identifiable. Personal data may be: photographs CCTV footage information held on computer disk - 2 -
3 3.2. These records may include: information gathered about an employee and any references obtained during recruitment details of terms of employment payroll, tax and National Insurance information performance information details of grade and job duties health records absence records, including holiday records and self-certification forms details of any disciplinary investigations and proceedings training records contact names and addresses Correspondence with the Council and other information provided to the Council Some personal data is also classed as sensitive and attracts a higher level of protection under the Act. Sensitive personal data is information relating to: Race or ethnic origin Political opinions Religion or belief Trade union membership Disability Sexual orientation Gender identity The commission or alleged commission of an offence or any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings 3.4. Such information, if disclosed by the employee to the Council is classed as sensitive under the Act and will not ordinarily be disclosed to a third party. 4. Processing data 4.1. The definition of processing is very wide and encompasses almost everything from the collection and storage of data to its eventual destruction If the Council intends to process data it must be processed fairly and lawfully and must comply with the conditions for processing set out in first data protection principle in the Act. The Council must ensure: consent is obtained where relevant, and the Information Commissioner (who is responsible for policing compliance with the Act) must be notified and given the reasons for the processing. The Council is required to maintain its registration with the Information Commissioners Office (ICO) and its registration can be found on the ICO web site
4 4.3. If the Council disclose personal data, consent is required unless the Council is required to provide the information by law. 5. The eight principles of the Data Protection Act 5.1. The Act contains statutory guidelines called 'data protection principles' to govern the manner in which personal data is processed. The principles mean that personal data shall: be processed fairly and lawfully and in particular shall not be processed unless specific conditions are met be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes. be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. be accurate and when necessary kept up to date. not be kept for longer than is necessary for that purpose or those purposes be processed in accordance with the rights of the Data subject under the Act Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. not be transferred to a country of territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedom of data subjects in relation to the processing of personal data. 6. Council obligations 6.1. As part of the Council s commitment to maintaining public confidence and the successful operation of this policy, the Council will:- Ensure there is a designated Data Protection Officer with specific responsibility for data protection. Ensure that employees handling personal data understand that they are contractually responsible for compliance with the data protection policy and are appropriately trained and supervised for these purposes. Formulate a data subject access request procedure for corporate use. Conduct a regular review, assessment, evaluation and audit of the way personal data is managed within the Council. Ensure that persons making enquiries about personal data are dealt with promptly and are appropriately advised of their rights and the Council's policy in making requests for personal data under the Data Protection Act, Employees obligations 7.1. Employees must work within the requirements of the Act at all times and: - 4 -
5 ensure that personal data is only disclosed to those who are entitled to receive it ensure that they understand any departmental guidelines on data disclosure e.g. adopted practice in establishing identity of telephone callers take care to ensure that data stored both manually and on computer is accurate and up to date ensure that they are aware of their Section / Service security procedures in place for protecting data and follow those procedures 7.2. Employees MUST NOT: Disclose confidential information unless permission is granted Use any personal data held by the Council for personal uses Hold any personal data for any purpose unless certain that the Council is registered to hold information for that use 7.3. Employees MAY: Handle and use personal data where it is necessary to carry out their work Transfer personal data within the Council between departments provided that one or more of the following apply: permission from supervisor is obtained any Information Sharing Protocol in place is followed transferred data is used only for the purposes for which it was obtained consent of the data subject is obtained 7.4. If an employee is in any doubt about whether to disclose information, legal advice should be sought from the Head of Legal Services. 8. Individual s rights under the Act 8.1. Section 2 sets out a list of individuals to whom this policy applies, the key principle being both current employees and individuals not employed by the Council are entitled to request certain information under the Act. These individuals have the right:- To ask the Council if it holds personal information about them To ask what it is used for To be given a copy of the information (subject to certain fees and exemptions) To be given details about the purposes for which the Council uses the information and of other organisations or persons to whom it is disclosed. To ask for incorrect data to be corrected. to be given a copy of the information with any unintelligible terms explained; to be given an explanation as to how any automated decisions taken about them have been made. To ask the Council not to use personal information:- for direct marketing; - 5 -
6 which is likely to cause unwarranted substantial damage or distress; to make decisions which significantly affect the individual, based solely on the automatic processing of the data There are some limited circumstances in which personal data relating to the applicant may be withheld. Examples of this include repeat access requests, confidential references, and third party information. 9. Making a request for information 9.1. A request for a copy of information held about an individual is known as a "Subject Access Request" All requests must be made in writing A fee of 10 will be payable to the Council to provide this information Different fee structures apply to some 'accessible records' such as health, education or social services files and a maximum fee of 50 for copies of these records can be charged Copies of Education records are free but photocopying charges may be made. Viewing of records is free of charge. 10. What information do we need from the applicant? When a subject access request is received, the Council may ask for information they reasonably need to verify the identity of the person making the request and to locate the data This means the Council must ask for proof of identity and information such as whether they are/were a customer or employee of the Council. 11. What is the timescale for gaining access to the information? The Act requires data controllers i.e. the Council to comply with subject access requests promptly and, in any event, within forty days from receipt of the request or, if later, forty days from the day on which the data controller has both the required fee and the necessary information to confirm the identity of the applicant and to locate their data A deliberate delay on the part of the Council is not acceptable and the Commissioner may impose penalties for doing so, which could lead to bad publicity for the Council There are different periods for requests for copies of school pupil records, which is fifteen school days. However, requests for these records should be made to the Governing Body of the school in question
7 12. What if the applicant is not happy with our response? If an applicant who considers his/her request has not been complied with they should write to the Corporate Complaints Officer setting out why they think that the information should have been provided to them If, following the response from the Corporate Complaints Officer the individual remains dissatisfied with the response, the following options are available:- They may apply to the court alleging a failure to comply with the subject access provisions of the Act. The court may make an order requiring compliance with those provisions and may also award compensation for any damage they have suffered as a result and any associated distress. They may write to the Information Commissioner. The Commissioner may do one of the following:- make an assessment as to whether it is likely or unlikely that we have complied with the Act issue enforcement proceedings if they are satisfied that we have contravened one of the Data Protection Principles recommend that the applicant apply to court alleging a failure to comply with the subject access provisions of the Act All complaints must first be directed to the Corporate Complaints Officer. Neither a Court nor the Office of the Information Commissioner will deal with complaints regarding the handling of a subject access request unless the applicant has first exhausted the Council s internal complaints procedure. 13. What if the data is incorrect? If data is incorrect, the individual should write to the Council stating what data is incorrect and ask for the data to be corrected The Council must tell the individual what has been done within 21 days of receiving the request If the Council does not agree that the information is incorrect the individual can ask that the disagreement is noted within the personal records held on them. The individual can also appeal to the Information Commissioner or the courts if the information is not corrected. 14. Policy Monitoring The Council will monitor the application of this policy and has discretion to review it at any time Responsibility for the implementation, monitoring and development of this policy lies with the Head of Human Resources. Day to day operation of the policy is the responsibility of nominated officers who will ensure that this policy is adhered to
8 Version Details of Change Date Number 1.0 Introduction of Single Status 1 st April
Data Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationData Protection Policy
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationUNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and
More informationDATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;
DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
More informationGlyncoed Primary School. Data Protection Policy
Glyncoed Primary School Data Protection Policy Date agreed: March 2015 Review date: March 2017 1 Data Protection Policy Glyncoed Primary School collects and uses personal information about staff, pupils,
More informationData Protection and Community Councils Briefing Note
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
More informationHampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
More informationData Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy
Data Protection policy approved by the Governing Body of Ifield Community College Ifield Community College Data Protection Policy Introduction The school collects and uses certain types or personal information
More informationJohn Leggott College. Data Protection Policy. Introduction
John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationStaple Hill Primary School. Data Protection Policy
Staple Hill Primary School Data Protection Policy Staple Hill Primary School collects and uses personal information about staff, pupils, parents and other individuals who come into contact with the school.
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationData Protection Policy
Data Protection Policy 1. INTRODUCTION 1.1. The Data Protection Act gives you as an individual the right to know what information is held about you. It provides a framework to ensure that personal information
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationThe Manchester College
The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Document Management: Date Policy Approved: 29 April 2015 Date Amended: Next Review Date: April 2017 Version: 1 Approving Body: Resources Committee 1 1. Introduction The Data Protection
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationData Protection. Policy and Application July 2009
Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More information1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
More informationVersion 1. Chair of Governors Signature.. Review Date: Spring term 2017
Version 1 Chair of Governors Signature.. Date of Adoption/Ratification: 4 th February 2015 Review Date: Spring term 2017 Purpose Cliff Park School s Trust collects and uses personal information about staff,
More informationHuman Resources People and Organisational Development. Disciplinary Procedure for Senior Staff
Human Resources People and Organisational Development Disciplinary Procedure for Senior Staff AUGUST 2015 1. Introduction 1.1 This procedure applies to Senior Staff. Senior Staff includes: 1.1.1 the Vice-Chancellor
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationRick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationData Protection and Data security Policy
Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationData Protection Policy
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
More informationData Protection and Privacy Policy
Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationData protection policy
Data protection policy Introduction The College is required to keep certain information about employees, students and other users to allow it to monitor performance, achievements, health and safety, recruitment
More informationData Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website
Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,
More informationPersonal Data Act (1998:204);
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
More informationDISCIPLINARY PROCEDURE
DISCIPLINARY PROCEDURE May 2012 1 Introduction The Disciplinary Procedure applies to all SESTRAN employees. Its main aims are to promote fairness, equity and order in the treatment of individuals and in
More information2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationData Protection Act 1998 Codes of Practice. The Employment Practices DP Code Part 1: Recruitment and Selection
Data Protection Act 1998 Codes of Practice The Employment Practices Data Protection Code CONTENTS CONTENTS... 1 Who is the Code for?... 3 Why should you use it?... 3 Other parts of the Code... 3 Five sections...
More informationData Protection Procedures
Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council
More informationPERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
More informationSUBJECT ACCESS REQUEST PROCEDURE
SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationST IVES CHAMBERS POLICY ON THE COLLECTION AND USE OF DIVERSITY DATA
ST IVES CHAMBERS POLICY ON THE COLLECTION AND USE OF DIVERSITY DATA 1. This is the Data Diversity Policy for St Ives Chambers which is established in accordance with RC110 (section D1.2 Equality and diversity)
More informationPolicy on Public and School Bus Closed Circuit Television Systems (CCTV)
DEPARTMENT OF TRANSPORT Policy on Public and School Bus Closed Circuit Television Systems (CCTV) Responsibility of: Public Transport Division TRIM File: DDPI2010/3680 Effective Date: July 2010 Version
More informationDATA PROTECTION CORPORATE POLICY
DATA PROTECTION CORPORATE POLICY Information Management V1.1 03 July 2012 Not protectively marked This policy must be complied with fully by all Members, Officers Agents and Contractors of Plymouth City
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationDiscipline. Managing People. VOIP 2000 - HR Direct Fife Council April 2015 1 DI02. P o l i c y a n d P r o c e d u r e. 1 Purpose and Scope
Discipline P o l i c y a n d P r o c e d u r e 1 Purpose and Scope This procedure is designed to help and encourage all employees to achieve and maintain standards of conduct. This procedure applies to
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention
More informationData protection. The employment practices code
Data protection The employment practices code Contents 3 Contents About the code 4 Managing data protection 11 Good practice recommendations 11 Part 1: Recruitment and selection 14 About Part 1 of the
More informationEmployment Manual REHABILITATION OF OFFENDERS AND SELF DISCLOSURE POLICY
Employment Manual REHABILITATION OF OFFENDERS AND SELF DISCLOSURE POLICY CONTENTS INTRODUCTION TO REHABILITATION OF OFFENDERS ACT 1974... 1 EXCEPTIONS TO THE ACT... 1 MODIFICATIONS TO THE ACT... 1 POLICY...
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationInformation Assurance Policies and Guidance. Information Governance Policy. Document Version: v0.5 Review Date: 1 May 2016
Information Assurance Policies and Guidance Information Governance Policy Document Version: v0.5 Review Date: 1 May 2016 Owner: Information Governance Manager 1 P a g e Document History Revision Version
More informationIslington Data Protection Policy. A council-wide information policy Version 1.1 June 2014
A council-wide information policy Version 1.1 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document is distributed under the Creative Commons Attribution 2.5 license.
More informationBUCKINGHAMSHIRE COUNTY COUNCIL SCHOOLS GRIEVANCE POLICY AND PROCEDURE
BUCKINGHAMSHIRE COUNTY COUNCIL SCHOOLS GRIEVANCE POLICY AND PROCEDURE Version 2 Page 1 of 16 Revised June 2012 BUCKINGHAMSHIRE COUNTY COUNCIL GRIEVANCE POLICY AND PROCEDURE FOR SCHOOLS 1. Introduction
More informationHalton Borough Council. Privacy Notice
Halton Borough Council Privacy Notice Halton Borough Council is registered as a data controller under the Data Protection Act as we collect and process personal information about you. The information we
More informationINFORMATION GOVERNANCE AND DATA PROTECTION POLICY
INFORMATION GOVERNANCE AND DATA PROTECTION POLICY WN CCG Information Governance & Data Protection Policy July 2013 1 Document Control Sheet Name of Document: Information Governance & Data Protection Policy
More informationATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
More informationLocal Disciplinary Policy
DOCUMENT INFORMATION Origination/author: Judith Coslett, Head of Human Resources This document replaces: Local Disciplinary and Dismissal Procedure 05 Date/detail of consultation: Staff Forum and Unison
More informationIndex. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
More informationUNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY
UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY 1. Purpose 1.1 The Data Protection Act 1998 ( the Act ) has two principal purposes: i) to regulate the use by those (known as data controllers) who obtain,
More informationComplaints Policy. Complaints Policy. Page 1
Complaints Policy Page 1 Complaints Policy Policy ref no: CCG 006/14 Author (inc job Kat Tucker Complaints & FOI Manager title) Date Approved 25 November 2014 Approved by CCG Governing Body Date of next
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationThe best advice before you decide on what action to take is to seek the advice of one of the specialist Whistleblowing teams.
Whistleblowing Policy (HR Schools) 1.0 Introduction Wainscott school is committed to tackling unlawful acts including fraud, corruption, unethical conduct and malpractice regardless of who commits them,
More informationData Protection Workshop: How the Law Affects You Practice Questions
Data Protection Workshop: How the Law Affects You Practice Questions 1. Which of the following is not personal data covered by the Data Protection Act (pick one or more): A. Comments about an individual
More informationInformation Sharing Policy
Information Sharing Policy REFERENCE NUMBER IG 010 / 0v3 February 2013 VERSION V1.0 APPROVING COMMITTEE & DATE Clinical Executive Committee 5.2.13 REVIEW DUE DATE February 2016 West Lancashire CCG is committed
More informationData Protection Policy
Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...
More informationSUPPORT STAFF DISCIPLINARY AND DISMISSAL PROCEDURE
SUPPORT STAFF DISCIPLINARY AND DISMISSAL PROCEDURE SUPPORT STAFF DISCIPLINARY AND DISMISSAL PROCEDURE 1. INTRODUCTION 1.1 The Procedure has been established to help and encourage members of staff to achieve
More informationLondon School of Economics and Political Science. Disciplinary Procedure for Students
London School of Economics and Political Science Purpose of this Procedure Disciplinary Procedure for Students 1. The School s Memorandum and Articles of Association set out its main objectives of education
More informationDocument Name Disciplinary Policy Accountable Body RADIUS Trust Reference HR.P2 Date Ratified 13 th August 2015 Version 1.5 Last Update August 2015
Category Human Resources Document Name Disciplinary Policy Accountable Body RADIUS Trust Reference HR.P2 Date Ratified 13 th August 2015 Version 1.5 Last Update August 2015 Related Documents Name Support
More informationNEWMAN UNIVERSITY DISCIPLINARY POLICY AND PROCEDURE
1. Scope and Purpose NEWMAN UNIVERSITY DISCIPLINARY POLICY AND PROCEDURE 1.1 Newman University [hereafter referred to as the University] recognises disciplinary rules and procedures are necessary for the
More informationDISCIPLINARY POLICY AND PROCEDURE
DISCIPLINARY POLICY AND PROCEDURE Date of Publication: April 2013 Agreed by: Vice Chancellor s Executive March 2013 Page 1 of 13 Policy 1.0 Introduction The purpose of the disciplinary policy and procedure
More informationInformation Security Policy. Appendix B. Secure Transfer of Information
Information Security Policy Appendix B Secure Transfer of Information Author: Data Protection and Information Security Officer. Version: 0.7 Date: March 2008 Document Control Information Document ID Document
More informationData Protection Policy
1. Introduction 1.1 The College needs to keep certain information about its employees, students and other stakeholders, for example to allow it to monitor performance, achievements and health and safety.
More information