Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website
|
|
- Derick Eaton
- 8 years ago
- Views:
Transcription
1 Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone, Director of Digital Strategy A. Related Truro School Policies This policy is intended to ensure that personal data is dealt with correctly and securely, in accordance with the Data Protection Act 1998, and other related legislation. It should be read along with the following policies: Admissions Policy; Complaints Policy; E-Safety Policy; School Network and Internet Acceptable Use Policy; Mobile Devices Policy; B. Data Protection Introduction Truro School (including Truro School Prep, Truro School Enterprises, Truro School Foundation and Truro School Former Pupils Association) collects and processes personal data, including some sensitive personal data. This policy is intended to ensure that personal data is dealt with correctly and securely, in accordance with the Data Protection Act 1998, and other related legislation. It will apply to personal data regardless of the way it is collected, used, recorded, stored or destroyed, and irrespective of whether it is held in paper files or electronically. All staff involved with the collection, processing and disclosure of personal data will be made aware of their duties and responsibilities and will be required to adhere to these guidelines. C. Processing of personal data C1. Collection and processing of personal data Truro School collects and processes personal data for the following reasons: To enable us to provide education and training conducted outside the state system; To enable us to provide welfare and educational support services; To administer school property and library services; To maintain our own accounts and records; 1
2 For administration in connection with boarding; For administration in connection with rental of facilities, including the Sir Ben Ainslie Sports Centre and Burrell Theatre; For the organisation of alumni associations and events; For fundraising purposes; To support and manage our staff. Our processing also includes the use of CCTV to maintain the security of the premises and for preventing and investigating crime. In those locations where CCTV is used, we display clear signage to indicate this. Truro School is registered, as a Data Controller, with the Information Commissioner s Office. Details of the data that we hold and how data is used are available on the Data Protection Public Register at A Fair Processing / Privacy Notice forms part of the Terms and Conditions and there is a Privacy Notice on our web pages; these notices summarise the data held, why it is held and the other parties to whom it may be passed. C2. Types/classes of data processed Truro School process data relevant to the above reasons/purposes. This may include: Personal details; Family details; Lifestyle and social circumstances; Financial details; Education and employment details; Disciplinary and attendance records; Vetting checks; Visual images, personal appearance and behavior; Details of goods and services provided. We also process sensitive personal data that may include: Physical or mental health details; Sexual life; Racial or ethnic origin; Religious or other beliefs; Trade union membership; Data relating to offences or alleged offences. C3. Who the data is processed about Truro School process personal data relating to: Employees; Pupils and students; Professional advisers and consultants; Governors and members of school boards; Sponsors and supporters; Services providers and suppliers; Members of the Sports Centre; Customers of Truro School Enterprises; Complainants, enquirers; 2
3 Individuals captured by CCTV images. C4. Who the data may be shared with We sometimes need to share the personal data we process with the individual and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act What follows is a description of the types of organisations with which we may need to share some of the personal data we process with for one or more reasons. Where necessary, or required, we share appropriate data with: Educators, carers and examining bodies; Staff, students, governors and school boards; Current, past and prospective employers; Family, associates and representatives of the person whose personal data we are processing; Central and local government; Healthcare professionals, social and welfare organisations; Police, courts, tribunals and security organisations; Voluntary and charitable bodies; The media; Financial organisations; Suppliers; Service providers; The Truro School Former Pupils Association; Professional advisers. C5. Transfers It may sometimes be necessary to transfer personal data overseas. Any transfers made will be in full compliance with the Data Protection Act Before pupils join Truro School we will request details of medical records and their discipline record and any special needs from their previous school. Additionally we seek cooperation of parents in providing such information in order that suitable plans can be made where necessary. When a pupil moves on to another establishment, we will always provide discipline records if requested. For misdemeanors that resulted in Safeguarding or Child Protection issues, or significant sanctions such as suspension or expulsion, we would always provide this information voluntarily to the appropriate staff or professional bodies, as appropriate. C6. What is Personal Data? Personal data means data which relate to a living individual who can be identified (a) from those data, or (b) from those data and other data which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. C7. What is Sensitive Personal Data? Sensitive personal data means personal data consisting of data as to - (a) the racial or ethnic origin of the data subject, (b) his political opinions, (c) his religious beliefs or other beliefs of a 3
4 similar nature, (d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992), (e) his physical or mental health or condition, (f) his sexual life, (g) the commission or alleged commission by him of any offence, or (h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings. C8. Data Protection Principles The Data Protection Act 1998 establishes eight enforceable principles that must be adhered to at all times: 1. Personal data shall be processed fairly and lawfully; 2. Personal data shall be obtained only for one or more specified and lawful purposes; 3. Personal data shall be adequate, relevant and not excessive; 4. Personal data shall be accurate and where necessary, kept up to date; 5. Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose or those purposes; 6. Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998; 7. Personal data shall be kept secure i.e. protected by an appropriate degree of security; 8. Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection. C9. Our Commitment as Data Controller A Data Controller is an organization which determines the purposes for which and the manner in which any personal data are, or are to be, processed. As a Data Controller, Truro School is committed to maintaining the above principles at all times. Therefore Truro School will: Inform individuals why data is being collected, when it is collected; Inform individuals when their data is shared, why and with whom it was shared; Check the quality and the accuracy of the data it holds; Ensure that data is not retained for longer than is necessary; Ensure that when obsolete data is destroyed, it is done so appropriately and securely; Ensure that clear and robust safeguards are in place to protect personal data from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded; Share data with others only when it is legally appropriate to do so; Set out procedures to ensure compliance with the duty to respond to requests for access to personal data, known as Subject Access Requests; Ensure our staff are aware of and understand our policies and procedures. C10. Staff Obligations Data protection is the responsibility of all members of staff. Staff must not disclose to a third party personal data associated with another member of staff, a pupil or a pupil s family. When sending s, staff should ensure the anonymity of addressees by making use of the BCC (blind carbon copy) functionality when addressing s to groups of recipients outside the school, such as groups of parents. Staff must ensure that when they obtain personal data from the school or from a parent or pupil in the course of their work, they do not retain copies of this personal data on their personal devices. 4
5 Printed materials containing personal data should be processed in accordance with the principles of the data protection act, including not putting printouts containing personal data into regular rubbish bins, recycling or reusing the paper for scrap. All such materials should be shredded before disposal. Staff must ensure that computing devices connected to school accounts are kept secure whilst in and out of school and report any loss of data, or loss of connected electronic equipment to the Network Manager, or Director of Digital Strategy immediately. Staff must not store personal data or commercially sensitive information on personal cloud folders, USB sticks or external hard drives. OneDrive folders associated with school addresses are held on secure servers in Europe, in compliance with the Data Protection Act In this case, it is acceptable for staff to temporarily store digital copies of files containing limited personal data, such pupil names and pupil photographs, as mark books or lists, but these files should contain only necessary information and should be processed in accordance with the eight principles of the data protection act and the data must not be used for purposes other than educational administration. Sensitive personal data should not be stored by staff on cloud-based services, USB sticks or external hard drives. Selected sensitive personal data may be made available to parents through the school portal. Responsibility for what is shown on the Portal lies with the Deputy Headmaster. The Director of Digital Strategy is responsible for ensuring that appropriate security is maintained on the Portal. In exceptional circumstances, permission may be given by the Headmaster or Director of Digital Strategy for sensitive personal data to be stored on a portable device, for example for use by the Designated Safeguarding Lead (DSL). In this case, data will be stored in an encrypted form, will be password protected, the device will be for the exclusive use of the member of staff. Any loss of hardware or data will be immediately reported to the Network Manager or Director of Digital Strategy. Staff must not disclose personal data to third parties without authorisation from the Headmaster or Director of Digital Strategy. The processing of subject Access Requests is discussed below. C11. Complaints Complaints will be dealt with in accordance with the school s complaints policy. Complaints relating to data handling may be referred to the Information Commissioner (the statutory regulator). C12. Review This policy will be reviewed as it is deemed appropriate, but no less frequently than every 2 years. The policy review will be undertaken by the Headmaster, or nominated representative. C13. Contacts If you have any enquires in relation to this policy, please contact Andrew Gordon-Brown, Headmaster at Truro School, Trennick Lane, Truro, TR1 1TH, who will also act as the contact point for any subject access requests. Further advice and data is available from the Information Commissioner s Office, or telephone their helpline on
6 D. Processing of Subject Access Requests D1. Right of access to data This right, commonly referred to as subject access, is created by section 7 of the Data Protection Act. It is most often used by individuals who want to see a copy of the information an organisation holds about them. However, the right of access goes further than this, and an individual who makes a written request and pays a fee is entitled to be: told whether any personal data is being processed; given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people; given a copy of the information comprising the data; and given details of the source of the data (where this is available). An individual can also request information about the reasoning behind any automated decisions, such as a computer-generated decision to grant or deny credit, or an assessment of performance at work (except where this information is a trade secret). D2. Actioning a subject access request 1. Requests for data must be made in writing; which includes , and be addressed to Andrew Gordon-Brown, Headmaster, Truro School, Trennick Lane, Truro, TR1 1TH. If the initial request does not clearly identify the data required, then further enquiries will be made. 2. The identity of the requestor must be established before the disclosure of any data, and checks should also be carried out regarding proof of relationship to a child. Evidence of identity can be established, for example, by requesting production of: Passport; Driving licence; Utility bills with the current address; Birth / Marriage certificate; P45/P60; Credit Card or Mortgage statement. 3. Any individual has the right of access to data held about them. However with children, this is dependent upon their capacity to understand (normally age 12 or above) and the nature of the request. The Headmaster should discuss the request with the child and take their views into account when making a decision. A child with competency to understand can refuse to consent to the request for their records. Where the child is not deemed to be competent, an individual with parental responsibility or guardian shall make the decision on behalf of the child. 4. The school may make a charge for the provision of data, dependent upon the following: Should the data requested contain the educational record then the amount charged will be dependent upon the number of pages provided; Should the data requested be personal data that does not include any data contained within educational records, Truro School may charge up to 10; 6
7 If the data requested is only the educational record, viewing will be free, but a charge not exceeding the cost of copying the data may be made by the Headmaster. 5. The response time for subject access requests, once officially received, is 40 days (not working or school days but calendar days, irrespective of school holiday periods). However the 40 days will not commence until after receipt of fees or clarification of data sought. 6. The Data Protection Act 1998 allows exemptions as to the provision of some data; therefore all data will be reviewed prior to disclosure. 7. Third party data is that which has been provided by another, such as the Police, Local Authority, Health Care professional or another school. Before disclosing third party data consent should normally be obtained. There is still a need to adhere to the 40 day statutory timescale. 8. Any data which may cause serious harm to the physical or mental health or emotional condition of the pupil or another should not be disclosed, nor should data that would reveal that the child is at risk of abuse, or data relating to court proceedings. 9. If there are concerns over the disclosure of data then additional advice should be sought. 10. Where redaction (data blacked out/removed) has taken place then a full copy of the data provided should be retained in order to establish, if a complaint is made, what was redacted and why. 11. Data disclosed should be clear, thus any codes or technical terms will be clarified and explained. If data contained within the disclosure is difficult to read or illegible, then it will be retyped. 12. Data can be provided at the school with a member of staff on hand to help and explain matters if requested, or provided at a face to face handover. The views of the applicant should be taken into account when considering the method of delivery. If postal systems have to be used then registered / recorded mail will be used. D3. Complaints Complaints about the above procedures should be made to the Chairman of the Governing Body, who will decide whether it is appropriate for the complaint to be dealt with in accordance with the school s complaint procedure. Complaints which are not appropriate to be dealt with through the school s complaint procedure can be dealt with by the Information Commissioner. Up-to-date contact details of both will be provided with the disclosure data. D4. Contacts If you have any queries or concerns regarding these policies / procedures then please contact Andrew Gordon-Brown, Headmaster, Truro School, Trennick Lane, Truro, TR1 1TH. Further advice and data can be obtained from the Information Commissioner s Office, 7
8 E. Appendix: further information and contacts Information Sharing: advice for practitioners providing safeguarding services, DfE, March nformation_sharing_advice_safeguarding_practitioners.pdf Data Protection Act 1998, the eight principles are found on the web site 8
Glyncoed Primary School. Data Protection Policy
Glyncoed Primary School Data Protection Policy Date agreed: March 2015 Review date: March 2017 1 Data Protection Policy Glyncoed Primary School collects and uses personal information about staff, pupils,
More informationStaple Hill Primary School. Data Protection Policy
Staple Hill Primary School Data Protection Policy Staple Hill Primary School collects and uses personal information about staff, pupils, parents and other individuals who come into contact with the school.
More informationVersion 1. Chair of Governors Signature.. Review Date: Spring term 2017
Version 1 Chair of Governors Signature.. Date of Adoption/Ratification: 4 th February 2015 Review Date: Spring term 2017 Purpose Cliff Park School s Trust collects and uses personal information about staff,
More informationHampstead Parochial CofE Primary School Data Protection Policy Spring 2015
Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school
More informationDATA PROTECTION AUDIT GUIDANCE
DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More information2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.
University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationInformation Privacy Policy
Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationEMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998. Contents
EMMANUEL COLLEGE THE APPLICATION OF THE DATA PROTECTION ACT 1998 Contents 1. Introduction Page 2 2. The Data Protection Act 1998 Page 2 3. Review of data used in College departments Page 3 4. Security
More informationHuman Resources Policy documents. Data Protection Policy
Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationPolicy Document Control Page
Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:
More informationData protection registration: nature of work descriptions
Data protection registration: nature of work descriptions Finance, insurance and credit We use these descriptions to help us process your registration: Accountant Actuaries Agents for the NFU mutual Bank
More informationData Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy
Data Protection policy approved by the Governing Body of Ifield Community College Ifield Community College Data Protection Policy Introduction The school collects and uses certain types or personal information
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationData Protection and Information Security Policy and Procedure
Data Protection and Information Security Policy and Procedure Document Detail Category: Data Protection Authorised By: Full Governing Body Author: School Business Manager Version: 1 Status: Approved May
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationData protection registration: nature of work descriptions
Data protection registration: nature of work descriptions Telecoms and ISPs We use these descriptions to help us process your registration: Internet Service Provider Networking Site Telecommunications
More information1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.
MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationSubject Access Request (SAR) Procedure
Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the
More informationData Protection and Data security Policy
Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us
More informationPrivacy Policy. Approved by: College Board, 01/12/2005 Principal from 14/02/2014
Privacy Policy Approved by: College Board, 01/12/2005 Principal from 14/02/2014 Revised Date: 11/01/2008 26/08/2011 19/03/2013 14/02/2014 Review Date: 14/02/2016 PLEASE NOTE: Version control for this document
More informationCORPORATE TRAVEL MANAGEMENT PRIVACY POLICY
CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY 1. About this Policy Corporate Travel Management Group Pty Ltd (ABN 52 005 000 895) (CTM) ('we', 'us', 'our') understands the importance of, and is committed
More informationAPPOMENSE HOPE FOR AFRICA PRIVACY POLICY
APPOMENSE HOPE FOR AFRICA PRIVACY POLICY Appomense Hope for Africa respects your privacy Appomense Hope for Africa understands the importance of protecting personal information we receive from supporters
More informationHERTSMERE BOROUGH COUNCIL
HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act
More informationData Protection and Privacy Policy
Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationData Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationPolicy Name: Data Protection. Nominated Lead Member of Staff: ICT Manager. Status: Review Cycle: 2 Years. Authorisation: Governing Body
Policy Name: Data Protection Nominated Lead Member of Staff: ICT Manager Status: Review Cycle: 2 Years Authorisation: Governing Body Review Date: June 2017 Data Protection Policy The Governing Body of
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationData Protection and Information Security. Procedure for reporting a breach of data security. April 2013
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
More informationInformation Assurance Policies and Guidance. Information Governance Policy. Document Version: v0.5 Review Date: 1 May 2016
Information Assurance Policies and Guidance Information Governance Policy Document Version: v0.5 Review Date: 1 May 2016 Owner: Information Governance Manager 1 P a g e Document History Revision Version
More informationData Protection Policy
Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages
More informationData Protection. Policy and Application July 2009
Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:
More informationInformation Management Handbook for Schools. Information Management Handbook for Schools London Borough of Barnet
Information Management Handbook for Schools London Borough of Barnet Document Name Document Description Information Management Handbook for Schools This document is intended for use by Barnet Borough Schools.
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationUniversity of Birmingham. Closed Circuit Television (CCTV) Code of Practice
University of Birmingham Closed Circuit Television (CCTV) Code of Practice University of Birmingham uses closed circuit television (CCTV) images to provide a safe and secure environment for students, staff
More informationPrivacy Policy PEGS our Privacy Act APPs
Privacy Policy Penleigh and Essendon Grammar School ACN 006 038 071 (which, for the purpose of this Privacy Policy includes any of its Related Bodies Corporate, as that term is defined in the Corporations
More informationData controllers and data processors: what the difference is and what the governance implications are
ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a
More informationCrofton School Data Protection Policy
Crofton School Data Protection Policy Crofton School collects and uses personal information (referred to in the Data Protection Act as personal data) about staff, students, parents and other individuals
More informationJohn Leggott College. Data Protection Policy. Introduction
John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and
More informationIndex. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
More informationDirect Recruitment Privacy Policy
Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationWhite Paper Security. Data Protection and Security in School Management Systems
White Paper Security Data Protection and Security in School Management Systems This paper clarifies the roles and responsibilities of those dealing with the data that is central to school management systems.
More informationPERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
More informationSo the security measures you put in place should seek to ensure that:
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
More informationSubject Access Request, Procedure, Guidance and Information
Subject Access Request, Procedure, Guidance and Information Updated: July 2015 Page 1 of 61 CONTENTS 1. Introduction 5 2. Legal Context 5 3. Subject Access Request to Personal Records Guidance 6 Guidance
More informationData Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationBarnet Partnership Information Sharing Protocol
Barnet Partnership Information Sharing Protocol Information Sharing Protocol V1_0C - FINAL Page 1 of 52 Version 1.0 (FINAL) Contents 1 Background... 4 1.1 The need to share information... 4 2 Scope...
More informationPRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;
PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal
More informationData Protection and Community Councils Briefing Note
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationBelmont 16 Foot Sailing Club. Privacy Policy
Belmont 16 Foot Sailing Club Privacy Policy APRIL 2014 1 P age Belmont 16 Foot Sailing Club Ltd (the 16s ) respects your right to privacy and is committed to protecting your personal information. This
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationZEN Telecom Pty. Ltd. Privacy Policy
ZEN Telecom Pty. Ltd. Privacy Policy ZEN Telecom provides broadband internet, mobile voice & data, and PSTN fixed landline telephone, products and services, to residential and small to medium business
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention
More information2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy
Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change
More informationSUBJECT ACCESS REQUEST PROCEDURE
SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under
More informationATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
More informationPrivacy Statement. April 2015
Privacy Statement April 2015 RACT Health Insurance is provided by GMHBA Limited. In this privacy statement, references to RACT Health Insurance are references to GMHBA Limited. References to RACT are references
More informationDATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff
DATA PROTECTION IT S EVERYONE S RESPONSIBILITY An Introductory Guide for Health Service Staff 1 Message from Director General Dear Colleagues The safeguarding of and access to personal information has
More informationContents. Section/Paragraph Description Page Number
- NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICAL NON CLINICA CLINICAL NON CLINICAL - CLINICAL CLINICAL Complaints Policy Incorporating Compliments, Comments,
More informationData Protection in the Charity & Voluntary Sector
1 Data Protection in the Charity & Voluntary Sector Guidelines April 2011.Version 5.0 Office of the Data Protection Commissioner 2 CONTENTS Page INTRODUCTION 3 1. Key Recommendations 4 2. Donor Databases
More informationResearch Governance Standard Operating Procedure
Research Governance Standard Operating Procedure The Management and Use of Research Participant Data for Secondary Research Purposes SOP Reference: Version Number: 01 Date: 28/02/2014 Effective Date: Review
More informationInformation security incident reporting procedure
Information security incident reporting procedure Responsible Officer Author Date effective from 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended
More informationPrivacy Policy. Board for Lutheran Education Australia. Policy. Purpose. Exclusion
Policy Relevant to Responsible officer Contact officer Authorisation Date introduced March 2014 Effective date of latest version March 2014 Next review date March 2017 Relevant legislation or source Board
More informationPhotography and filming in schools Code of Practice
Photography and filming in schools Code of Practice Data Protection compliance September 2010 Photography and filming in schools September 2010 1 Contents 1. About this code 3 2. Complying with the Data
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationGuidelines for the application of advertised Religious Education Coordinator position
Guidelines for the application of advertised Religious Education Coordinator position APPLICATION: 1. Cover Letter Briefly outline your strengths, professional experience and accomplishments, why you are
More informationChild and Adult Services Subject Access Requests Guidance
Child and Adult Services Subject Access Requests Guidance This Guidance is not applicable to Access to Information requests about Adoption. For requests about Adoption please consult the Adoption and Children
More informationHow To Share Your Health Records With The National Health Service
HOW WE USE YOUR PERSONAL INFORMATION Information Leaflet Your Health. Our Priority. Page 2 of 9 Introduction This Leaflet explains why the NHS collects information about you and how it is used, your right
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationHong Leong Asia Ltd.
Hong Leong Asia Ltd. Personal Data Protection Policy The protection of your Personal Data is important to us. This Personal Data Protection Policy ( PDP Policy ) outlines how we manage your personal data,
More informationSUBJECT ACCESS REQUEST
DATA PROTECTION ACT 1998 SUBJECT ACCESS REQUEST Procedure Manual 1 Invest NI Subject Access Request Procedure Manual 1. Introduction 1.1 What is a Subject Access Request? 1.2 Routine Requests 1.3 What
More informationGymSports NZ Incorporated. Membership Data Regulation. Commencement Date 23 January 2009. Issued 23 January 2009
GymSports NZ Incorporated Membership Data Regulation Commencement Date 23 January 2009 Issued 23 January 2009 GymSports NZ, 2008 GymSports New Zealand Incorporated Membership Data Regulation 1. Purpose
More informationDATA PROTECTION POLICY
MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to
More information