Cambridgeshire Constabulary. Data protection audit report
|
|
- Merryl Gardner
- 8 years ago
- Views:
Transcription
1 Cambridgeshire Constabulary Data protection audit report Executive summary November 2014
2 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998 (the DPA). Section 51 (7) of the DPA contains a provision giving the Information Commissioner power to assess any organisation s processing of personal data for the following of good practice, with the agreement of the data controller. This is done through a consensual audit. The Information Commissioner s Office (ICO) sees auditing as a constructive process with real benefits for data controllers and so aims to establish a participative approach. Cambridgeshire Constabulary (the Constabulary) has agreed to a consensual audit by the ICO of its processing of personal data. An introductory meeting was held on 18 June 2014 with representatives of the Constabulary to identify and discuss the scope of the audit. ICO data protection audit report executive summary 2 of 7
3 2. Scope of the audit Following pre-audit discussions with the Constabulary, it was agreed that the audit would focus on the following areas: Records management The processes in place for managing both manual and electronic records containing personal data. This will include controls in place to monitor the creation, maintenance, storage, movement, retention and destruction of personal data records. Subject access requests - The procedures in operation for recognising and responding to individuals requests for access to their personal data. Data sharing - The design and operation of controls to ensure the sharing of personal data complies with the principles of the Data Protection Act 1998 and the good practice recommendations set out in the Information Commissioner s Data Sharing Code of Practice. ICO data protection audit report executive summary 3 of 7
4 3. Audit opinion The purpose of the audit is to provide the Information Commissioner and the Constabulary with an independent assurance of the extent to which the Constabulary, within the scope of this agreed audit, is complying with the DPA. The recommendations made are primarily around enhancing existing processes to facilitate compliance with the DPA. Overall Conclusion Limited assurance There is a limited level of assurance that processes and procedures are in place and delivering data protection compliance. The audit has identified considerable scope for improvement in existing arrangements to reduce the risk of non-compliance with the DPA. We have made two limited and one reasonable assurance assessments where controls could be enhanced to address the issues which are summarised below. ICO data protection audit report executive summary 4 of 7
5 4. Summary of audit findings Areas of good practice The Constabulary has appointed a single point of contact for the development of Information Sharing Agreements (ISAs) who is responsible for conducting an adequacy check prior to final sign off of each agreement, ensuring that ISAs are regularly reviewed, and for maintaining an up to date record of all ISAs. Further to this an electronic system is used to aid the ISA review process which sends automated reminders to the owner of each ISA one month prior to the schedule due date. The Constabulary s website contains a comprehensive privacy notice with a dedicated subject access request (SAR) section which provides further information for individuals and a link to the SAR Application Form. It also includes the process document for national PNC requests via the ACPO Criminal Records Office. The Constabulary maintains a robust information risk management framework which includes a process to ensure that all information risks are reviewed regularly and that appropriate risk owners have been identified for all information management risks. The Constabulary has procedures in place to control access to IT systems for starters, movers and leavers which combine manual and automated processes such as Active Directory and completion of a Security Operating Procedures User Agreement and System User Training. Areas for improvement The Constabulary does not currently have a performance framework or key performance indicators in place for measuring its data protection compliance. There is limited reporting of performance information in relation to SAR processing and data sharing and the effectiveness of, and performance against, records management processes and policies. Neither are they being formally monitored by the Information Management Strategy Group or other appropriate forum. In addition, the Constabulary does not currently feature records management audits as part of its regular audit cycle. Despite having some effective controls in place the Constabulary is aware that information sharing is taking place that is not supported by formal ISAs that have been approved by the relevant individual(s). Further to this the Information Security Officer, who serves three forces, Cambridgeshire, Bedfordshire and Hertfordshire has no involvement in ensuring the security section of ISAs is compliant with the force s information security requirements. A process for dip sampling responses to requests for information has been established, however these checks are only conducted post disclosure, which significantly reduces their effectiveness. Of the records sampled in ICO data protection audit report executive summary 5 of 7
6 the quarter before the audit several were found to contain errors after this information had been disclosed. The Constabulary has outlined its position in relation to the management of information in both paper and electronic form in a Joint Information Management Strategy with Bedfordshire and Hertfordshire Constabularies. However, compliance with this Strategy is not being mandated across the organisation and operational staff are largely unaware of this document or any guidance outlining the Constabulary s position in relation to records management. The Constabulary does not have a training strategy in place that incorporates information management training. Further to this there has been no analysis or assessment of the training requirements of roles with specific duties in relation to records management, and job descriptions for some of these roles are out of date. In some instances training requirements have been outlined within policy or procedure documents but these requirements have not been met. Staff are not required to complete any refresher training in any information assurance topics such as data protection, information security or records management. ICO data protection audit report executive summary 6 of 7
7 The matters arising in this report are only those that came to our attention during the course of the audit and are not necessarily a comprehensive statement of all the areas requiring improvement. The responsibility for ensuring that there are adequate risk management, governance and internal control arrangements in place rest with the management of Cambridgeshire Constabulary. We take all reasonable care to ensure that our audit report is fair and accurate but cannot accept any liability to any person or organisation, including any third party, for any loss or damage suffered or costs incurred by it arising out of, or in connection with, the use of this report, however such loss or damage is caused. We cannot accept liability for loss occasioned to any person or organisation, including any third party, acting or refraining from acting as a result of any information contained in this report. ICO data protection audit report executive summary 7 of 7
Renfrewshire Council. Data protection audit report. Executive summary January 2013
Renfrewshire Council Data protection audit report Executive summary January 2013 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection
More informationCleveland Police. Data protection audit report. Executive summary November 2014
Cleveland Police Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationData Protection Audit Report - Southampton City Council
Southampton City Council Data protection audit report Executive summary March 2016 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection
More informationBirmingham Women s NHS Foundation Trust
Birmingham Women s NHS Foundation Trust Data protection audit report Executive summary January 2015 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with
More informationCriminal Injuries Compensation Authority. Data protection audit report
Criminal Injuries Compensation Authority Data protection audit report Executive summary January 2016 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with
More informationCentral London Community Healthcare NHS Trust. Data protection audit report
Central London Community Healthcare NHS Trust Data protection audit report Executive Summary July 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with
More informationCardiff Council. Data protection audit report. Executive summary June 2014
Cardiff Council Data protection audit report Executive summary June 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998
More informationNottinghamshire County Council. Data protection audit report
Nottinghamshire County Council Data protection audit report Executive summary October 2015 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data
More informationAuditing data protection a guide to ICO data protection audits
Auditing data protection a guide to ICO data protection audits Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering evidence Audit
More informationInformation Commissioner's Office
Information Commissioner's Office Internal Audit 2013-14: Follow up Last updated 4 July 2014 Distribution For action Senior Corporate Governance Manager Timetable Fieldwork completed 21 May 2014 Draft
More informationInformation Commissioner's Office
Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationWest Dunbartonshire Council. Follow-up data protection audit report
West Dunbartonshire Council Follow-up data protection audit report Auditors: Lee Taylor (Audit Team Manager) Jonathan Kay (Engagement Lead Auditor) Data controller contacts: Michael Butler (Data Protection/Information
More informationNHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT
NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationWe then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.
Good Practice Audit outcomes analysis Police Forces April 2013 to April 2014 This report is based on the final audit reports the ICO completed in the Criminal Justice sector, specifically of Police forces,
More informationData Protection Policy
Data Protection Policy Version: V1 Ratified by: Operational Management Executive Committee Date ratified: 26 September 2013 Name and Title of originator/author(s): Chris Brady, FOI, Data Protection and
More informationUNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and
More informationEU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014
EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationData controllers and data processors: what the difference is and what the governance implications are
ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a
More informationTemplate for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment
Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment This template is provided to support the police service and other law enforcement agencies (LEA)
More informationA Best Practice Guide
A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationStatutory Instruments 2007: No. 2199
Statutory Instruments 2007: No. 2199 Data Retention (EC Directive) Regulations SI 2007/2199 ELECTRONIC COMMUNICATIONS Made: 26th July 2007 Coming into force: 1st October 2007 The Secretary of State, being
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationCODE OF PRACTICE ON THE MANAGEMENT OF POLICE INFORMATION
CODE OF PRACTICE ON THE MANAGEMENT OF POLICE INFORMATION Made by the Secretary of State for the Home Department under sections 39 and 39A of the Police Act 1996 and sections 28, 28A, 73 and 73A of the
More informationFocus on Subject Access Requests for insurance purposes. August 2015 (updated further to July 2015 guidance)
Focus on Subject Access Requests for insurance purposes August 2015 (updated further to July 2015 guidance) Focus on Subject Access Requests for insurance purposes August 2015 Introduction The BMA has
More informationINFORMATION GOVERNANCE HANDBOOK
INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015
More informationData Protection Policy
Data Protection Policy Version: 1.0 Date: October 2013 Table of Contents 1 Introduction The need for a Data Protection Policy... 3 2 Scope... 3 3 Principles... 3 4 Staff Roles & Responsibilities... 4 5
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationData Protection Policy
Data Protection Policy 1. INTRODUCTION 1.1. The Data Protection Act gives you as an individual the right to know what information is held about you. It provides a framework to ensure that personal information
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationTERMS AND CONDITIONS for MANAGED ACCOUNTS IN SHEFFIELD (V: 040912)
Smart Support (Sheffield) Ltd. & Managed Accounts A wealth of experience in health & social care TERMS AND CONDITIONS for MANAGED ACCOUNTS IN SHEFFIELD (V: 040912) This is for information and only Smart
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationThe Data Protection Landscape. Before and after GDPR: General Data Protection Regulation
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationCloud Software Services for Schools
Request for information on the document re: cloud and secure storage posted on the DfE website, response provided by DfE and Schools Commercial team: The focus of the project is on data security/safety
More informationEthical Investment Advisory Group
Ethical Investment Advisory Group CONSTITUTION & TERMS OF REFERENCE Glossary CBF Church of England Funds: Any funds approved by CBF Funds Trustee Limited CBFFT: CBF Funds Trustee Limited Chair: Non-Executive
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationSecurity breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison
Security breaches: A regulatory overview Jonathan Bamford Head of Strategic Liaison Security breaches and the DPA Data controllers security obligation - principle 7 of the DPA o Appropriate technical and
More informationData Protection HEADLINE PART Developments: Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance
Data Protection HEADLINE PART Developments: 1 Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance Sub-headline Arial 18pt dark gray Optional Name Arial 13pt italic white Venue
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationPutting Consumers First. Code of Practice. 2014 The Professional Financial Claims Association. All rights reserved.
Putting Consumers First Code of Practice 2014 The Professional Financial Claims Association. All rights reserved. Introduction The members of the Professional Financial Claims Association (PFCA) wish to
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationData Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
More informationData Protection Policy
Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order
More informationDate: 30 th May 2013. Agenda Item: 5.5. Ian Mackenzie Director of Information and Estates REPORT AUTHOR:
TRUST BOARD IN PUBLIC Date: 30 th May 2013 Agenda Item: 5.5 REPORT TITLE: Information Governance Annual Report EXECUTIVE SPONSOR: Ian Mackenzie Director of Information and Estates REPORT AUTHOR: Sarah
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3
COUNCIL OF THE EUROPEAN UNION Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COVER NOTE from: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of
More informationUK Data Risks Incident RoadMap
Data breach summary steps Hiscox s data breach Experts Knowing what to do in the event of a data breach ( security incident ) can make the situation much less daunting when it may seem like your house
More information2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Finance Platforms) Regulations 2015
Draft Regulations to illustrate the Treasury s current intention as to the exercise of powers under clause 5 of the Small Business, Enterprise and Employment Bill. D R A F T S T A T U T O R Y I N S T R
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Contact telephone Parent Teacher Online
More informationThe Regulatory framework and VoIP. Merijn Schik, DG INFOSOC
The Regulatory framework and VoIP Merijn Schik, DG INFOSOC Disclaimer This presentation is personal to its author and does not necessarily reflect the official position of the Commission No inferences
More informationAUDIT COMMITTEE 10 DECEMBER 2014
AUDIT COMMITTEE 10 DECEMBER 2014 AGENDA ITEM 8 Subject Report by MANAGEMENT OF INFORMATION RISKS DIRECTOR OF CORPORATE SERVICES Enquiries contact: Tony Preston, Ext 6541, email tony.preston@chelmsford.gov.uk
More informationStandard. Information Security - Information Classification. Jethro Perkins. Information Security Manager. Page 1 of 12
Standard Information Security - Information Classification Jethro Perkins Information Security Manager Page 1 of 12 Document control Distribution list Name Title Department Nick Deyes Director of Information
More informationCayman Islands Compliance Officer and the Role of the Money Laundering Reporting Officer
Cayman Islands Compliance Officer and the Role of the Money Laundering Reporting Officer Introduction Money laundering is the process by which the direct or indirect benefit of crime is channelled through
More informationData Protection Act. Conducting privacy impact assessments code of practice
Data Protection Act Conducting privacy impact assessments code of practice 1 Conducting privacy impact assessments code of practice Data Protection Act Contents Information Commissioner s foreword... 3
More informationPolicy. VBA Enterprise Risk Management. Governance Unit
Policy VBA Enterprise Risk Management Governance Unit Keywords: Policy; risk; governance. ID: Version no: Status: VBAPOL-0074 2.0 Final Issue date: Date of effect: Next review date: 14/07/2015 14/07/2015
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationCloud (educational apps) software services and the Data Protection Act
Cloud (educational apps) software services and the Data Protection Act Departmental advice for local authorities, school leaders, school staff and governing bodies October 2014 Contents 1. Summary 3 About
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Page 1 of 46 Policy Title: Executive Summary: Information Governance Policy This policy seeks to identify the actions required to ensure that information is appropriately
More informationDerbyshire Constabulary UNMANAGEABLE DEBT PROCEDURE POLICY REFERENCE 10/300. This procedure is suitable for Public Disclosure
Derbyshire Constabulary UNMANAGEABLE DEBT PROCEDURE POLICY REFERENCE 10/300 This procedure is suitable for Public Disclosure Owner of Doc: Head of Department, Professional Standards Date Approved: September
More informationInformation Governance Policy
Information Governance Policy Document Number 01 Version Number 2.0 Approved by / Date approved Effective Authority Customer Services & ICT Authorised by Assistant Director Customer Services & ICT Contact
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Isuz Ltd. trading as Schoolcomms
More informationInformation governance strategy 2014-16
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More informationData Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
More informationHow To Write A Pca Dss Compliance Solution For Gameplan Group Ltd
PCI Compliance reporting solution This document describes GamePlan s PCI DSS compliance solution and its ability to assist organisations to be compliant with the regulatory requirements of the Payment
More informationInternal audit report Information Security / Data Protection review
Audit Committee 29 September 2011 Internal audit report Information Security / Data Protection review Executive summary and recommendations Introduction Mazars have undertaken a review of Information Security
More informationInformation Commissioner s Office. ICO response to the discussion paper on the Rehabilitation of Offenders Act 1974
Information Commissioner s Office ICO response to the discussion paper on the Rehabilitation of Offenders Act 1974 14 November 2013 1 Contents Introduction Response Further issues About the ICO The ICO
More informationHow To Choose A Cloud Service From One Team Logic
Cloud Software Services for Schools Supplier Self Certification Statements with Services and Support Commitments Supplier Name One Team Logic Limited Address Unit 2 Talbot Green Business Park Heol-y-Twyn
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationOn the edge Lexis PSL Restructuring & Insolvency
On the edge Lexis PSL Restructuring & Insolvency Data protection law for insolvency practitioners November 2014 Welcome to your third edition of On the edge, a series of guides highlighting a selection
More informationGuidance on the Use of Social Networking
Guidance on the Use of Social Networking Version 1 - January 2012 Reviewed: September 2013 Version 2 Approved by SM: November 2013 Version 2 modified and approved by the PCC Board: April 2014 Overview
More informationIT asset disposal for organisations
ICO lo Data Protection Act Contents Introduction... 1 Overview... 2 What the DPA says... 3 Create an asset disposal strategy... 3 How will devices be disposed of when no longer needed?... 3 Conduct a risk
More informationInformation Governance and Data Protection Policy
Information Governance and Data Protection Policy Page 1 of 21 Document Control Sheet Name of document: Version: Owner: File location / Filename: Information Governance and Data Protection Policy Final
More informationA practical guide to IT security
Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or
More informationCorporate Data Protection Policy
Corporate Data Protection Policy September 2010 Records Management Policy RMP-09 GOLDEN RULE When you think about Data Protection remember that we are all data subjects. Think about how appropriately and
More informationCumbria Constabulary. Business Continuity Planning
Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market
More informationFORUM ON TAX ADMINISTRATION
ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT FORUM ON TAX ADMINISTRATION Information Note: Tax Compliance and Tax Accounting Systems April 2010 CENTRE FOR TAX POLICY AND ADMINISTRATION TABLE
More informationAppendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
More informationNotification of data security breaches to the Information Commissioner s
ICO lo Notification of data security breaches to the Information Commissioner s Data Protection Act Contents Overview... 2 What the DPA says... 2 Reporting a breach... 2 Potential detriment to data subjects...
More informationBuckinghamshire County Council Transport for Buckinghamshire ANPR Code of Practice
Buckinghamshire County Council Transport for Buckinghamshire ANPR Code of Practice 1 Introduction 1.1 Buckinghamshire County Council (BCC) Transportation Service has Automatic Number Plate Recognition
More informationPROCEDURE Transaction Monitoring and Audit. Number: G 0811 Date Published: 6 June 2013
1.0 Summary of Changes This procedure has been amended to include the Police National Database (PND). 2.0 About this Procedure The Chief Constable will assume the responsibilities of the data controller
More informationThe CPS incorporates RCPO. CPS Data Protection Policy
The CPS incorporates RCPO CPS Data Protection Policy Contents Introduction 3 Scope 4 Roles and Responsibilities 4 Processing Criminal Cases 4 Information Asset Owners 5 Information Asset Register 5 Information
More informationCloud Software Services for Schools
Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Please insert supplier details below Supplier name Address Contact name Contact email Contact
More informationFORUM ON TAX ADMINISTRATION
ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT FORUM ON TAX ADMINISTRATION Guidance Note: Guidance for the Standard Audit File Tax Version 2.0 April 2010 CENTRE FOR TAX POLICY AND ADMINISTRATION
More informationReport 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010
Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 This report has been prepared on the basis of the limitations set
More informationLEAD INTRODUCERS AND COMPLIANCE
LEAD INTRODUCERS AND COMPLIANCE Implications Of New OFT Debt Management Guidance CONTACT US Phone: 0161 905 8372 Post: DRF, Nelson House, Park Road, Timperley, WA14 5BZ www.debtresolutionforum.org.uk 0
More informationSECURITY ENCRYPTION DATA PROTECTION. The Complete Guide to Body Worn Camera Data Protection BODY WORN CAMERA STORAGE
SECURITY DATA PROTECTION ENCRYPTION BODY WORN CAMERA STORAGE The Complete Guide to Body Worn Camera Data Protection Overview Edesix has been providing technology solutions to organisations for over ten
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationData protection. The employment practices code
Data protection The employment practices code Contents 3 Contents About the code 4 Managing data protection 11 Good practice recommendations 11 Part 1: Recruitment and selection 14 About Part 1 of the
More informationInformation Security and Governance Policy
Information Security and Governance Policy Version: 1.0 Ratified by: Information Governance Group Date ratified: 19 th October 2012 Name of organisation / author: Derek Wilkinson Name of responsible Information
More informationPILLAR 3 DISCLOSURES 2009
PILLAR 3 DISCLOSURES 2009 Company Registration Number: C 16343 Contents Page Introduction............................................................... 3 Risk Management Objectives and Policies.................................
More informationData Protection and Community Councils Briefing Note
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
More information