How To Understand The Data Protection Act
|
|
- Gwen Cook
- 3 years ago
- Views:
Transcription
1 Data Protection in Schools Ian Gover Education Technology Adviser Somerset LA All materials are copyright or licensed and cannot be used without permission
2 Day supported by Slides: Links: WEict - Conference on 2nd July at UWE Twitter Feed #weict15 Angie Mason - Learning Exchange Val Hurley - e-safety consultant
3 Objectives Delegates will: learn about the Data Protection Act and how it affects their school explore the challenges that face schools now and in the future especially in regard to cloud services and mobile devices learn how they can deal with Freedom of Information requests and Subject Access Requests explore the schools statutory obligations regarding the protection of data begin to develop policies and procedures to support Data Protection and Information Security throughout a school explore the training requirements needed for all staff
4 Timing of the day 9.10 Arrival and registration 9.30 Introduction 9.40 What is the Data Protection Act and how does it affect Schools? Group Discussion What do I understand? Where is my school? Coffee Freedom of Information and Subject Access requests policy to practice The trouble with tablets, cloud services and s 1.00 Lunch 1.45 Scenarios - looking at some solutions 2.30 Training for all - what resources are there for schools 3.00 Policies and Procedures a practical session 4.00 Plenary 4.20 Finish
5 Activity Introducing myself...
6 Activity Answers 1. What does ICO stand for? Information Commissioner s Office 2. How many data principles are there? Eight 3. What is encryption? Encryption means to scramble data in such a way that only someone with the secret code or key can read it. 4. How often should you change your password? Advice differs but every days is a general rule, more often for administrators of systems. More importantly is having a strong password of at least 8 digits long with a mixture of upper/lower case, numbers and characters.
7 Activity Answers 5. What is FoI? Freedom of Information 6. What is a Privacy Notice? A Privacy Notice is a statement required by law that is issued to parents and staff about the way the school their your information. 7. What is personal data? Personal data means data which relate to a living individual that can be identified that if lost or mislaid could cause harm or distress. 8. What is sensitive personal data? Sensitive Personal Data consists of personal data that includes information of racial or ethnic origin political opinions, religious beliefs or similar, membership of Trade Unions, physical or mental health condition, sexual life, commission or alleged commission of any offence, any proceedings or sentencing of an offence or alleged offence.
8 Dippy vs Elmer Dippy the DP duck - representing effective and manageable security practice in schools Elmer Fud Duck - representing Fear, Uncertainty and Doubt
9 The Data Protection Act The Data Protection Act 1998 (DPA) is an Act of Parliament of the United Kingdom of Great Britain and Northern Ireland which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Although the Act itself does not mention privacy, it was enacted to bring British law into line with the EU data protection directive of 1995 which required Member States to protect people's fundamental rights and freedoms and in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. Most of the Act does not apply to domestic use, for example keeping a personal address book. Anyone holding personal data for other purposes is legally obliged to comply with this Act, subject to some exemptions. The Act defines eight data protection principles. It also requires companies and individuals to keep personal information to themselves.
10 The Data Protection Act
11 The Data Protection Act
12 The Data Protection Act
13 The Data Protection Act
14 The Data Protection Act
15 The Data Protection Act
16 The Data Protection Act
17 DP Point for schools The act relates to data held about a living identifiable individual (Data Subject) no matter what age! Schools act as Data Controllers
18 The DPA 8 Principles 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
19 Principle 1 Fairly and Lawfully 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
20 Schedule 2 - any Personal data may be processed: with the consent of the data subject to establish or perform a contract with the data subject to comply with a legal obligation to protect the vital interests of the data subject for the exercise of certain functions of a public interest nature for the legitimate interests of the data controller unless outweighed by the interests of the data subject.
21 Schedule 3 - sensitive Sensitive personal data may be processed: with the explicit consent of the data subject to perform any right or obligation under employment law to protect the vital interests of the data subject or another person for the legitimate activities of certain not-for-profit bodies when the data have been made public by the data subject in connection with legal proceedings for the exercise of certain functions of a public interest nature for medical purposes for equal opportunity ethnic monitoring.
22 Principle 1 Fairly and Lawfully This is the first data protection principle. In practice, it means that you must: have legitimate grounds for collecting and using the personal data; not use the data in ways that have unjustified adverse effects on the individuals concerned; be transparent about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data; handle people s personal data only in ways they would reasonably expect; and make sure you do not do anything unlawful with the data.
23 DP Point for schools There are two types of personal data. Can we think of unjustified adverse effects? Privacy Notices for all including workforce
24 Principle 2 - Purposes 2 Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
25 Principle 2 - Purpose In practice, the second data protection principle means that you must: be clear from the outset about why you are collecting personal data and what you intend to do with it; comply with the Act s fair processing requirements including the duty to give privacy notices to individuals when collecting their personal data; comply with what the Act says about notifying the Information Commissioner; and ensure that if you wish to use or disclose the personal data for any purpose that is additional to or different from the originally specified purpose, the new use or disclosure is fair.
26 DP Point for schools You must state why you are collecting the data and what you intend to do with it You must issue Privacy Notices to learners and staff You must inform ICO of Data breaches Are new uses of data fair?
27 Principle 3 - adequacy 3 Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
28 Principle 3 - adequacy This is the third data protection principle. In practice, it means you should ensure that: you hold personal data about an individual that is sufficient for the purpose you are holding it for in relation to that individual; and you do not hold more information than you need for that purpose.
29 DP Point for schools You are allowed to hold personal data that is sufficient to be a school. You must think of why you are asking for the data? What is the minimum data you require? Do you delete old and excessive data?
30 Principle 4 - accuracy 4 Personal data shall be accurate and, where necessary, kept up to date.
31 Principle 4 - accuracy To comply with these provisions you should: take reasonable steps to ensure the accuracy of any personal data you obtain; ensure that the source of any personal data is clear; carefully consider any challenges to the accuracy of information; and consider whether it is necessary to update the information.
32 DP Point for schools How do you chase those people that are late with returning forms? Do you check staff details?
33 Principle 5 - retention 5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
34 Principle 5 - retention This is the fifth data protection principle. In practice, it means that you will need to: review the length of time you keep personal data; consider the purpose or purposes you hold the information for in deciding whether (and for how long) to retain it; securely delete information that is no longer needed for this purpose or these purposes; and update, archive or securely delete information if it goes out of date.
35 DP Point for schools The Act does not set minimum or maximum times for retention IRMS guidance What does securely delete mean in practice? How does this apply to hard drives?
36 Principle 6 - rights 6 Personal data shall be processed in accordance with the rights of data subjects under this Act.
37 Principle 6 - rights This is the sixth data protection principle, and the rights of individuals that it refers to are: a right of access to a copy of the information comprised in their personal data; a right to object to processing that is likely to cause or is causing damage or distress; a right to prevent processing for direct marketing; a right to object to decisions being taken by automated means; a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and a right to claim compensation for damages caused by a breach of the Act.
38 DP Point for schools Who has the right to see the data? What is an individual entitled to? told whether any personal data is being processed; given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people; given a copy of the information comprising the data; and given details of the source of the data (where this is available).
39 DP Point for schools Who owns the data? What exemptions are there? School records will not be disclosed if: the record would give information about another pupil the record holder believes that disclosure would cause serious harm to the pupil in question or to someone else the record holder believes the record is relevant to whether the pupil is at risk of child abuse or has been a victim of child abuse.
40 Principle 7 - security 7 Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
41 Principle 7 - security This is the seventh data protection principle. In practice, it means you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised. In particular, you will need to: design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach; be clear about who in your organisation is responsible for ensuring information security; make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and be ready to respond to any breach of security swiftly and effectively.
42 DP Point for schools Security refers to procedures as well as physical guards. Who is responsible for Information Security at your school? As Data Controllers you have the final say in the security of your data not your tech support. Have your tech support practised getting the system working again after a systems failure.
43 DP Point for schools The ICO recommends that portable and mobile devices including magnetic media, used to store and transmit personal information, the loss of which could cause damage or distress to individuals, should be protected using approved encryption software which is designed to guard against the compromise of information. Are you laptops and memory sticks encrypted?
44 Principle 8 - international 8 Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
45 DP Point for schools Where could the school personal data be stored outside of the EU? What is Cloud storage?
46 Why worry
47 Why worry - ICO Number of breaches in Education in 2014 Q1 Q2 Q3 Q4 Overall
48 Why worry
49 EU General Data New regulations end of this year 2 years to change More control Easier to access No matter where it is sent EU seal of approval five year certification
50 ICO Video (YouTube)
51 Group Discussion What do I understand? Where is my school?
52 Freedom of Information "Openness is fundamental to the political health of a modern state. This White Paper marks a watershed in the relationship between the government and people of the United Kingdom. At last there is a government ready to trust the people with a legal right to information. Published by 1997 to 2001 Labour Government
53 Freedom of Information Tony Blair s Views
54 Freedom of Information "Freedom of Information Act. Three harmless words. I look at those words as I write them, and feel like shaking my head 'til it drops off. You idiot. You naive, foolish, irresponsible nincompoop. There is really no description of stupidity, no matter how vivid, that is adequate. I quake at the imbecility of it. Tony Blair
55 Freedom of Information Covers all policies, procedures, decision making process - any recorded information Environmental Information Regulations cover recycling, fuel use, car parking etc
56 Freedom of Information Theory: Better decisions Strengthening democracy Better public services Openness and accountability Reality: Requests- not looking for the good we do Parents with a grievance Press looking for a story
57 ICO Tick Tock
58 FoI Your Responsibilities To deal with requests - legal duty to assist applicants and to inform on charging/how to appeal etc. To consider 'the public interest' when making information available. To explain why - information is not being released. Act gives a legal right to access information we can t insist on knowing why the applicant is making the request!
59 Freedom of Information What can be dealt with as 'normal course of business'? Publish as much as you can make it easy why hide policies why hide results available on other sites Have a system to deal with enquiries
60 FoI v Subject Access Request What are the differences?
61 FoI v Subject Access Request FoI Must be made in writing ( ) Environmental can be verbal 20 working days There can be a charge for photocopying or postage SAR Must be made in writing ( ) 40 working days 10 Maximum fee
62 Group discussion - Process Depends on size of school What is the process at your school? What needs to be recorded? Do you keep a log?
63 'What do they know' site
64 The trouble with progress
65 The trouble with progress.. 'Anything that gets invented after you re thirty is against the natural order of things and the beginning of the end of civilisation as we know it until it s been around for about ten years when it gradually turns out to be alright really.' Douglas Adams
66 Make a list of. The technology that you had in your house in 2005 This is the year that the first videoto YouTube was posted Best selling mobile phone was Nokia 1110 it made phone calls
67 Make a list of. The technology that you have in your house today? What are the differences?
68 What could the problems if teachers use... Think of a possible Data Protection breech. Think of a safeguarding issue. How could they be prevented?
69 What could the problems if teachers use... Mobile phones/tablets to access school Their own personal computers/tablets Smart watches Wearable cameras Drones Tablets to video class behaviour Apps on tablets such as Class Dojo Cloud services such as Edmodo Twitter, Facebook, Blogs on school trips
70 The schools' responsibility As Data Controllers the school has the rights and responsibility to inform staff and others how they can use personal data that belongs to the school. You can make demands! You can create procedures! You should must training!
71 Lunch
72 Data Protection and Freedom of Information Scenarios
73 Scenario 1 Child Moving School You are the head of a small primary school. A child who attended your school has just moved into another school. The parents thought that their child had special educational needs and had made extensive efforts to get her classed as such. The reason for the move is that the parents feel that they had exhausted the possibilities at your school. The child s personal folder includes many reports from outside experts and also comments about her behavior from many of your staff. There are also some comments about the parents themselves and their forceful nature. In fact during the discussions the parents did mention that they were prepared to take the school to court if they did not get the support they thought was necessary. The new school has asked for the pupils record. What are your next steps?
74 Scenario 2 Home tuition asking for information. You are the head of a small secondary school. A 12 year old boy has just left your school to be tutored at home by their grandparent. The grandparent has phoned the school quoting the Freedom of Information law requesting to see the child s educational record. What are your next steps?
75 Scenario 3 Teachers leaving personal data out on desks You are the head of a large community primary school. You have come into school early for a governors meeting. As always there are people from the community using the classrooms and today it is weightwatchers. Normally they occupy the hall but this is having its floor polished so they are using a classroom. You notice that one of the people attending weightwatchers is a difficult parent and he is going to the classroom that his daughter studies. As you go to the room where your meeting is held you notice that the teacher has left her mark book behind on her desk. You also notice that her lesson plan folders with Schemes of Work are on the shelves around the room. What do you do next?
76 Scenario 4 Teacher personal equipment You are the head of a large secondary school. A parent has contacted the school stating that they have just purchased a secondhand phone from a teacher. They are contacting you because the phone was not wiped of contacts, downloads and pictures. What are your next steps?
77 Scenario 5 Teachers salaries You are the head of a large federation of 5 schools. Ofsted has just inspected a couple of the schools in your federation, with one being placed in special measures and another requiring improvement. In both inspections there were some negative comments about Leadership and Management. You receive an , which you think has come from a local reporter, asking for a list of the salaries of all your staff. The does not mention Freedom of Information and you are sure that it is for an article that will put the federation in poor light. What are your next steps?
78 Training Where can I find training materials? Who should I train?
79 ICO Data Day Hygiene
80 Staff Training Who should I train? Who should lead the training? When should I train? How should I train?
81 Policies and Procedures Use the checklist What does your school do well? Celebrate Where are the gaps in the provision? Look at the SWGfL sample policy What does your school policy cover? Celebrate Where are the gaps?
82 Plenary Be a swan - glide don't drown Your interest in coming today is the first step List the things that you think you must do. Use the Evaluation sheet to guide you. Prioritise the activities
83 Plenary - The end Whatever you have been doing has been okay Identify someone to take a lead Make improvements one flipper movement at a time
84 Contacts In case of data breach where do you go for support and advice? In the case of policies or procedures where do you go for advice?
85 Thanks blog
How To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More information2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationInformation governance guidance for schools
Information governance guidance for schools Guidance Guidance document no: 186/2015 Date of issue: September 2015 Information governance guidance for schools Audience All staff, governors and learners
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationEveryone in the workplace has a legal duty to protect the privacy of information about individuals. AEP/BELB/LJ/2010 Awareness Session
Everyone in the workplace has a legal duty to protect the privacy of information about individuals AEP/BELB/LJ/2010 Awareness Session During 2007 alone, 36,989,300 people in the UK have had their private
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationRick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk
Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The
More informationIndex. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
More informationJohn Leggott College. Data Protection Policy. Introduction
John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and
More informationPolicy and Procedure for approving, monitoring and reviewing personal data processing agreements
Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More information1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationData Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website
Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationPhotography and filming in schools Code of Practice
Photography and filming in schools Code of Practice Data Protection compliance September 2010 Photography and filming in schools September 2010 1 Contents 1. About this code 3 2. Complying with the Data
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary
More informationUNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION
UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationData Protection and Information Security Policy and Procedure
Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May
More informationE-SAFETY POLICY 2014/15 Including:
E-SAFETY POLICY 2014/15 Including: Staff ICT policy (Corporation approved) Data protection policy (Corporation approved) Staff guidelines for Data protection Data Security, awareness raising Acceptable
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationIT asset disposal for organisations
ICO lo Data Protection Act Contents Introduction... 1 Overview... 2 What the DPA says... 3 Create an asset disposal strategy... 3 How will devices be disposed of when no longer needed?... 3 Conduct a risk
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationHampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationSecurity Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)
Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationData Protection Policy
Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...
More informationPolicy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
More informationData Protection. Policy and Application July 2009
Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationData Protection for Charities
Data Protection for Charities CFG 15 May 2014 Overview Overview and key definitions The data protection principles Fair and lawful processing Data security and outsourcing Rights of data subjects Recent
More informationPERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
More informationInformation Assurance Policies and Guidance. Information Governance Policy. Document Version: v0.5 Review Date: 1 May 2016
Information Assurance Policies and Guidance Information Governance Policy Document Version: v0.5 Review Date: 1 May 2016 Owner: Information Governance Manager 1 P a g e Document History Revision Version
More information1. Introduction... 3. 2. Statement of Policy. 3. 3. The Eight Principles of Data Protection... 4. 4. Scope... 5. 5. Roles and Responsibilities.
Data Protection Policy 2011 Contents Page 1. Introduction... 3 2. Statement of Policy. 3 3. The Eight Principles of Data Protection...... 4 4. Scope.... 5 5. Roles and Responsibilities. 5 6. Development
More informationData Protection and Information Security. Procedure for reporting a breach of data security. April 2013
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationPersonal Data Protection Policy
Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal
More informationThe Guide to Data Protection. The Guide to Data Protection
The Guide to Data Protection Contents Introduction 1 Key definitions of the Data Protection Act 4 The Data Protection Principles 19 1. Processing personal data fairly and lawfully (Principle 1) 20 2. Processing
More informationHow To Protect School Data From Harm
43: DATA SECURITY POLICY DATE OF POLICY: FEBRUARY 2013 STAFF RESPONSIBLE: HEAD/DEPUTY HEAD STATUS: STATUTORY LEGISLATION: THE DATA PROTECTION ACT 1998 REVIEWED BY GOVERNING BODY: FEBRUARY 2013 EDITED:
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationData protection policy
Data protection policy Introduction The College is required to keep certain information about employees, students and other users to allow it to monitor performance, achievements, health and safety, recruitment
More informationDean Bank Primary and Nursery School. Data Protection Policy
Dean Bank Primary and Nursery School Data Protection Policy January 2015 Data Protection Policy Dean Bank Primary and Nursery School handles increasing amounts of personal information and have a statutory
More informationTECHNOLOGY USAGE POLICY
TECHNOLOGY USAGE POLICY Computer Usage Policy (CUP). 2 Aims/Objectives. 2 General.. 2 Student Responsibilities 2 Monitoring 3 Access Violations... 3 Personal Devices 3 Internet Safety: Acceptable Usage
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationData protection. Report on the data protection guidance we gave schools in 2012
Data protection Report on the data protection guidance we gave schools in 2012 Contents 1. Background 2. Summary of recommendations 3. tification 4. Personal data 5. Fair processing 6. Information security
More informationInformation Governance
CONTROLLED Information Governance Caldicot Version-Workbok Non Caldicott Version - Workbook Version 12 January 2015 40 1 Don t Get Bitten by the Data Demon Notes Using this Workbook The objective of this
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationJohn of Rolleston Primary School
John of Rolleston Primary School E-Safety Policy February 2014 Contents 1 Introduction... 2 2 Aims... 2 3 Roles and Responsibilities... 2 3.1 Governors... 2 3.2 The Headteacher... 2 3.3 The Senior Leadership
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationINFORMATION GOVERNANCE HANDBOOK
INFORMATION GOVERNANCE HANDBOOK SECTION ONE Author Tracey Burrows Role Information Governance Manager (CSCSU) Date / Version February 2015 Version FINAL V1.0 Approved by IM&T Board Date 27 February 2015
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationData Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
More informationData Protection and Privacy Policy
Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.
More informationOn the edge Lexis PSL Restructuring & Insolvency
On the edge Lexis PSL Restructuring & Insolvency Data protection law for insolvency practitioners November 2014 Welcome to your third edition of On the edge, a series of guides highlighting a selection
More informationDATA PROTECTION POLICY
MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to
More informationThe Manchester College
The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Document Management: Date Policy Approved: 29 April 2015 Date Amended: Next Review Date: April 2017 Version: 1 Approving Body: Resources Committee 1 1. Introduction The Data Protection
More informationComments and proposals on the Chapter II of the General Data Protection Regulation
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationInformation sharing. Advice for practitioners providing safeguarding services to children, young people, parents and carers
Information sharing Advice for practitioners providing safeguarding services to children, young people, parents and carers March 2015 Contents Summary 3 About this government advice 3 Who is this advice
More informationwww.neelb.org.uk Web Site Download Carol Johnston
What I need to know about data protection and information security when purchasing a service that requires access to my information by a third party. www.neelb.org.uk Web Site Download Carol Johnston Corporate
More informationPlease Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.
May 2013 Bring Your Own Device Policy Template for Further Education Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision. Table
More informationGuidance on data security breach management
ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...
More informationSubject access code of practice
Data protection Subject access code of practice Dealing with requests from individuals for personal information Contents 3 Contents 1. About this code of practice 4 Purpose of the code 4 Who should use
More informationDATA PROTECTION MANUAL
DATA PROTECTION MANUAL VERSION TABLE Version Date Published CO Circular 1 September 2008 3 July 2015 July 2015 2 CONTENTS Part A: General Guidance 1 Introduction to the Data Protection Act 1998 5 2 The
More informationInformation Security Policy. Appendix B. Secure Transfer of Information
Information Security Policy Appendix B Secure Transfer of Information Author: Data Protection and Information Security Officer. Version: 0.7 Date: March 2008 Document Control Information Document ID Document
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationAcceptable Use of ICT Policy. Staff Policy
Acceptable Use of ICT Policy Staff Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 4 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 5 5. MONITORING 6 6. BEST PRACTICE 6 7. DATA PROTECTION 7 8.
More informationCleveland Police. Data protection audit report. Executive summary November 2014
Cleveland Police Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More information