BHCC Policy Summary. This policy outlines BHCC s obligations and responsibilities in relation to the Data Protection Act 1998.
|
|
- May Stone
- 7 years ago
- Views:
Transcription
1 BHCC Policy Summary 1 Policy Name Data Protection Policy. 2 Purpose of Policy To define the standards expected of all Brighton & Hove City Council employees, and any third parties, when processing information on behalf of the Council. 3 Policy Summary This policy outlines BHCC s obligations and responsibilities in relation to the Data Protection Act Critical Points A serious breach of this policy could lead to disciplinary and\or legal action. 5 Who does this policy apply to? This policy is applicable to anyone processing data on behalf of BHCC. 6 Is acceptance of this policy mandatory? Yes, this policy is mandatory for all users described in section 5 above.
2 BHCC Policy Contents 1 Policy Name Purpose of Policy Policy Summary Critical Points Who does this policy apply to? Is acceptance of this policy mandatory? Introduction Scope Policy Principles Risk Monitoring Responsibilities Related Policies, Standards & Guidance Terms & Definitions Enforcement Review Appendix I Document Attributes Document Information Document History Document Approval... 8 BHCC Data Protection Policy Page 2 of 8
3 7 Introduction The purpose of this policy is to define the standards and procedures expected of all Brighton & Hove City Council employees, and any third parties when processing information on behalf of the Council. This may include, but is not limited to; members, contractors and other agents. The Data Protection Act 1998 ( DPA ) establishes a framework of rights and duties which safeguard personal information. Personal information is information about a living individual who can be identified from that information. This framework balances the legitimate needs of organisations to collect and use personal data for business and other purposes, against the right of the individual to have their personal information kept private. Brighton & Hove City Council is committed to protecting the privacy of individuals and handles all personal information in a manner that complies with the DPA. The Council has established this policy to support that commitment. 8 Scope Brighton and Hove City Council will comply with the requirements of the Data Protection Act. It is the personal responsibility of all employees and any third party processing information on behalf of the Council to familiarise themselves, and comply with this policy and associated guidance (where relevant to their role). This policy applies to all personal and/or sensitive personal information 9 Policy 9.1 Principles All organisations must comply with the DPA, the purpose of which is to protect the rights of the individual (referred to as data subjects under the Act) when dealing with their personal or sensitive personal information. Personal data means information about a living, identifiable individual. This could be a person s name together with any other information about them such as their address, age or telephone number. It could also be information about their hobbies or financial status, an opinion about them or some intention of action against them. BHCC Data Protection Policy Page 3 of 8
4 Sensitive personal data is specifically defined as information relating to a person s racial or ethnic origin, political opinions, religion or beliefs, membership of a trade union, physical or mental health, sexual life, alleged offence, or any proceedings for any offence. Data Protection is not a barrier to sharing information, it provides a framework to ensure that personal information is shared appropriately. There are occasions when it is appropriate, and a requirement, to share information without consent, this is when there is an overriding public interest. This would include circumstances where there is an actual or potential risk of significant harm to an adult or child or when professional judgement is required to determine whether or not an adult or child is at risk of significant harm. The DPA consists of 8 principles which must be understood by anyone processing information on behalf of the Council, and adhered to at all times. Personal data shall be processed fairly and lawfully and in particular shall not be processed unless specific conditions are met. Personal data shall only be obtained for a specific and lawful purpose or purposes. It will not be processed in any manner incompatible with that purpose/s. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. Personal data shall be accurate and where necessary kept up to date. Personal data shall not be kept for longer than is necessary. Personal data shall be processed in accordance with the rights of the data subject under the act. Appropriate technical and organisational measures shall be taken to prevent unauthorised or unlawful processing and accidental loss or destruction. Personal data will not be transferred to a country outside of the European Economic Area unless that Country has similar controls to the UK deemed adequate by the Information Governance team. 9.2 Risk Brighton & Hove City Council recognises the risks associated with users handling information in order to conduct official Council business. In the event of a breach action may be taken against the Council (as the Data Controller) and/or the employee responsible for the breach. Non-compliance with this policy may result in damage or distress to an individual/individuals, financial loss, an inability to provide services to our customers, and adversely impact the Council s reputation. The Information Commissioners Office ( ICO ) has the power to issue fines of up to 500,000 per breach of the act. Alternative options include issuing a decision BHCC Data Protection Policy Page 4 of 8
5 notice requiring the Council to take a course of action, or an enforcement notice forcing the Council to take a course of action. The Council could also face personal or group litigation 9.3 Monitoring All users should be aware that in order to protect BHCC systems and to ensure that BHCC operates in accordance with its legal and regulatory obligations, system use may be logged and monitored in accordance with The Regulation of Investigatory Powers Act 2000 and The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations Communications sent or received by means of the Public Services Network ( PSN ) may also be intercepted or monitored and users should understand the consequences of non-compliance with this policy and the Acceptable Use of ICT policy, which may include disciplinary and\or legal action. 9.4 Responsibilities All users have a responsibility to read, understand and implement this policy. The Corporate Management Team ( CMT ) is responsible for ensuring that staff operate in accordance with contents of this policy. The Chief Technology Officer has overall accountability and authority for the policy and for authorising any monitoring activity. 10 Related Policies, Standards & Guidance This policy should be read in conjunction with the following BHCC Policies: Information Security Policy Information Handling Policy Data Protection Guidance in the Event of a Breach Handling Personal Information Guidance Subject Access Request Guidance Preparing Files for Disclosure Guidance This policy has been drafted in line with the recommendations and advice contained in the following documents: ISO 27002: Code of Practice for Information Security Management Information Commissioners Office best practice guidance The following is a non-exhaustive list of the statutes and statutory instruments deemed relevant to this policy: BHCC Data Protection Policy Page 5 of 8
6 The Data Protection Act 1998 The Freedom of Information Act 2000 The Human Rights Act 1998 The Regulation of Investigatory Powers Act 2000 The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations Terms & Definitions All words or phrases shown in italics are policy terms. Definitions for policy terms not specifically given in this section can be found in section 6 of the Information Security Policy. The terms data and information are used interchangeably in this policy. All terms have the same definition as those included in the Data Protection Act Enforcement Any user found deliberately contravening this policy or caught jeopardising the security of information that is the property of BHCC may be subject to disciplinary action and, where appropriate, legal action. 13 Review This document will be reviewed annually as a minimum or wherever there may be a change of influencing circumstances. BHCC Data Protection Policy Page 6 of 8
7 14 Appendix I 15 Document Attributes 15.1 Document Information Policy Name Data Protection Policy Identifier Classification Document Type Operational Policy Version 1.06 Date Created 16 July 2011 Last Review Date 15 December 2015 Next Review Date 30 November 2016 Document Author Data Protection Manager Document Owner Head of ICT Business & Governance 15.2 Document History Date Summary of changes First Draft by ICT Security & Standards Manager Revision of responsibilities. Addition of IMB Version Template change Job title change & legislation change Job title change & legislation change Minor reviews 1.06 BHCC Data Protection Policy Page 7 of 8
8 and change of IMB to IGB 15.3 Document Approval Date Name & Job Title Version Information Governance Board 1.06 End of Document BHCC Data Protection Policy Page 8 of 8
Merthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More information2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationRick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
More informationData Protection and Information Security. Procedure for reporting a breach of data security. April 2013
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationInformation Security Policy. Appendix B. Secure Transfer of Information
Information Security Policy Appendix B Secure Transfer of Information Author: Data Protection and Information Security Officer. Version: 0.7 Date: March 2008 Document Control Information Document ID Document
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationData Protection and Community Councils Briefing Note
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationPolicy and Procedure for approving, monitoring and reviewing personal data processing agreements
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationData Protection Policy
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationDATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;
DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationData Protection Policy
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationCorporate Information Security Policy
Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives
More informationINFORMATION SECURITY MANAGEMENT POLICY
INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June
More information10 DATABASE PRACTICE
10 DATABASE PRACTICE Background Marketers must comply with all relevant data protection legislation. Guidance on that legislation is available from the Information Commissioner's Office. Although data
More informationCorporate Information Security Management Policy
Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention
More informationDATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE
DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE 1. INTRODUCTION Annex C 1.1 Surrey Heath Borough Council (SHBC) processes personal data and must respond appropriately against unauthorised or unlawful
More informationHampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
More informationabout our equity release services
about our equity release services Pembroke Financial Services Limited 5 The Drive Hove East Sussex BN3 3JE 1. The Financial Services Authority (FSA) The FSA is the independent watchdog that regulates financial
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationInformation Governance Strategy & Policy
Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationRECORDS MANAGEMENT POLICY
[Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationINFORMATION SECURITY POLICY
Information Security Policy INFORMATION SECURITY POLICY Introduction Norwood UK recognises that information and information systems are valuable assets which play a major role in supporting the companies
More information1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
More informationVEHICLE LOCATION SYSTEM POLICY. Version 0.2. Paul Robinson, Strategic Director, Richard Kniveton, Fleet and Depot Manager
VEHICLE LOCATION SYSTEM POLICY Version 0.2 Document owner Paul Robinson, Strategic Director, Neighbourhoods Document author Richard Kniveton, Fleet and Depot Manager Document manager Richard Kniveton,
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationData Protection Audit Report - Southampton City Council
Southampton City Council Data protection audit report Executive summary March 2016 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection
More informationInformation Governance
CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this
More informationData Protection Breach Management Policy
Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationUNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY
UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY 1. Purpose 1.1 The Data Protection Act 1998 ( the Act ) has two principal purposes: i) to regulate the use by those (known as data controllers) who obtain,
More informationUNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationCorporate Data Protection Policy
Corporate Data Protection Policy September 2010 Records Management Policy RMP-09 GOLDEN RULE When you think about Data Protection remember that we are all data subjects. Think about how appropriately and
More information1. Introduction... 3. 2. Statement of Policy. 3. 3. The Eight Principles of Data Protection... 4. 4. Scope... 5. 5. Roles and Responsibilities.
Data Protection Policy 2011 Contents Page 1. Introduction... 3 2. Statement of Policy. 3 3. The Eight Principles of Data Protection...... 4 4. Scope.... 5 5. Roles and Responsibilities. 5 6. Development
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationGSK Public policy positions
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
More informationOur Client Agreement for Mortgages & Insurance
1. This agreement is issued on behalf of Duchy Independent Financial Advisers Ltd of Chy Jenner, Newham Quay, Truro, Cornwall TR1 2DP whom can be contacted at 01872 240368. Authorisation Statement Duchy
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationInformation Classification and. Handling Policy
Information Security Document Information Classification and 1 Version History Version Date Detail Author 1.0 27/06/2013 Approved by Information Governance Jo White Group 2.0 31/07/2013 Approved by Information
More informationUSE OF PERSONAL MOBILE DEVICES POLICY
Policies and Procedures USE OF PERSONAL MOBILE DEVICES POLICY Date Approved by Information Strategy Group Version Issue Date Review Date Executive Lead Information Asset Owner Author 15.04.2014 1.0 01/08/2014
More informationData Protection Procedures
Data Protection Procedures PROCEDURE OVERVIEW: This Procedure outlines Down District Council s ( the Council ) commitment to the Data Protection Act 1998 ( the Act ) and provides a framework for the Council
More informationHead of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2
Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications
More informationHow to Monitor Employee Web Browsing and Email Legally
WHITEPAPER: HOW TO MONITOR EMPLOYEE WEB BROWSING AND EMAIL LEGALLY How to Monitor Employee Web Browsing and Email Legally ABSTRACT The Internet and email are indispensable resources in today s business
More informationInformation Governance Policy
Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationInformation security incident reporting procedure
Information security incident reporting procedure Responsible Officer Author Date effective from 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended
More informationAn overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
More informationInformation Governance Strategy and Policy. OFFICIAL Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.
Information Governance Strategy and Policy Ownership: Information Governance Group Date Issued: 15/01/2015 Version: 2.0 Status: Final Revision and Signoff Sheet Change Record Date Author Version Comments
More informationData Protection and Privacy Policy
Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.
More informationData Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
More informationMonitoring Employee Communications: Data Protection and Privacy Issues
Monitoring Employee Communications: Data Protection and Privacy Issues By Anthony Sakrouge, Kate Minett, Daniel Preiskel and Jose Saras Reprinted from Computer and Telecommunications Law Review Issue 8,
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationSubject Access Request (SAR) Procedure
Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave
More informationAll CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.
Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,
More informationThe CPS incorporates RCPO. CPS Data Protection Policy
The CPS incorporates RCPO CPS Data Protection Policy Contents Introduction 3 Scope 4 Roles and Responsibilities 4 Processing Criminal Cases 4 Information Asset Owners 5 Information Asset Register 5 Information
More informationInformation Governance Policy
Information Governance Policy Reference: Information Governance Policy Date Approved: April 2013 Approving Body: Board of Trustees Implementation Date: April 2013 Version: 6 Supersedes: 5 Stakeholder groups
More informationHarper Adams University College. Information Security Policy
Harper Adams University College Information Security Policy Introduction The University College recognises that information and information systems are valuable assets which play a major role in supporting
More informationKEELE UNIVERSITY IT INFORMATION SECURITY POLICY
Contents 1. Introduction 2. Objectives 3. Scope 4. Policy Statement 5. Legal and Contractual Requirements 6. Responsibilities 7. Policy Awareness and Disciplinary Procedures 8. Maintenance 9. Physical
More informationDate of review: January 2016 Policy Category: Corporate Sponsor (Director): Chief Executive CONTENT SECTION DESCRIPTION PAGE.
Title: Information Governance Policy Date Approved: Approved by: Date of review: Policy Ref: Issue: January 2015 Information Governance Group Division/Department: January 2016 Policy Category: ISP-04 5
More informationEssex County Council Policy for Information Management and Security
Essex County Council Policy for Information Management and Security Title Author/Owner Status Essex County Council Policy for Information Management and Security Information Management IS Final Version
More information