Data Protection Policy



Similar documents
Data Protection Policy

HERTSMERE BOROUGH COUNCIL

Human Resources and Data Protection

Rick Parsons Information Governance Officer County Hall

Data Protection Policy

Little Marlow Parish Council Registration Number for ICO Z

Glyncoed Primary School. Data Protection Policy

Version 1. Chair of Governors Signature.. Review Date: Spring term 2017

Quick guide to the employment practices code

Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy

Data Protection Policy

Data Protection Policy

How To Share Your Health Records With The National Health Service

DATA PROTECTION POLICY

Data Protection Procedures

Data Protection Policy

Access to Health Records

Request under the Freedom of Information Act 2000 (FOIA)

DATA PROTECTION POLICY

Merthyr Tydfil County Borough Council. Data Protection Policy

FREEDOM OF INFORMATION REQUEST

HOW YOU CAN OBTAIN ACCESS TO YOUR PERSONAL RECORDS Notes to accompany Application Form

The Care Record Guarantee Our Guarantee for NHS Care Records in England

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

ACCESS TO PATIENT HEALTHCARE RECORDS UNDER THE DATA PROTECTION ACT 1998 & THE ACCESS TO HEALTH RECORDS ACT 1990

SUBJECT ACCESS REQUEST

Data Protection Policy

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

An Easyread guide on how to deal with Nuisance phone calls and text messages. Northamptonshire Learning Disability Partnership Board

Please print clearly 1 Please complete your name, address and contact details below. Title Surname Full given name(s)

Privacy Policy. January 2014

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

BAILIWICK OF GUERNSEY DATA PROTECTION

DATA PROTECTION ACT 1998 COUNCIL POLICY

The Regulatory Reform (Fire Safety) Order 2005: Enforcement Policy

Home and Contents Insurance Claim. and. corporate. Title Surname Full given name(s) Postcode Contact home phone number. Contact facsimile number ( )

technical factsheet 176

Request under the Freedom of Information Act 2000 (FOIA)

Notification of data security breaches to the Information Commissioner s

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Policies and Procedures

Data Protection Act a more detailed guide

Spectrum Housing Group, Spectrum House, Grange Road, Christchurch, Dorset, BH23 4GE. Dear Sir/Madam. Shared Ownership

Islington Data Protection Policy. A council-wide information policy Version 1.1 June 2014

Casino, Liquor and Gaming Control Authority Act 2007 No 91

Subject Access Request, Procedure, Guidance and Information

University of Essex Automatic Number Plate Recognition (ANPR) Policy

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Child and Adult Services Subject Access Requests Guidance

Environmental Information Regulations POLICY STATEMENT

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

The Care Record Guarantee Our Guarantee for NHS Care Records in England

DATA PROTECTION POLICY

London Borough of Brent Joint Regulatory Services ENFORCEMENT POLICY

Guidance. Guide to Debt Relief Orders. When, Where, How, Who, What

Data Security and Extranet

FREEDOM OF INFORMATION REQUEST

Scottish Rowing Data Protection Policy

COMPLAINTS IN RETIREMENT HOMES

University of Birmingham. Closed Circuit Television (CCTV) Code of Practice

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

To summarise some of the key points of the Regulations are as follows:

Transcription:

Data Protection Policy

1. INTRODUCTION 1.1. The Data Protection Act gives you as an individual the right to know what information is held about you. It provides a framework to ensure that personal information held by the Office of the Durham Police and Crime Commissioner(ODPCC), and other bodies, is handled properly. 1.2. The ODPCC undertakes to handle information it holds about you in an appropriate and sensitive manner and that all procedures for the handling of such information are compliant with legislation. The ODPCC adhere to the following principles, ensuring that personal information is: 1.2.1. Fairly and lawfully processed 1.2.2. Processed for limited purposes 1.2.3. Adequate, relevant and not excessive 1.2.4. Accurate and up to date 1.2.5. Not kept for longer than is necessary 1.2.6. Processed in line with your rights 1.2.7. Secure 1.2.8. Not transferred to other countries without adequate protection 1.3. The Act also provides you with rights, including the right to find out what personal information is held on computer and most paper records. 1.4. The Data Protection Act does not guarantee personal privacy at all costs, but aims to strike a balance between the rights of individuals and the competing interests of those with legitimate reasons for using personal information. It applies to some paper records as well as computer records. 1.5. In handling personal information, the ODPCC considers the following matters to ensure it complies with the Data Protection Act:- 1.5.1. Information about individuals is only retained for a business reason; 1.5.2. People whose information the ODPCC holds have consented to the use of that information, and should understand what it will be used for; 1.5.3. The ODPCC will only pass on personal information with the express permission of the individual, and only for ODPCC related purposes; 1.5.4. Information is held securely and is only accessed by ODPCC staff; 1.5.5. The use of personal information is limited to those with a strict need to know; 1.5.6. Personal information is accurate and up to date; 1.5.7. Information is destroyed if there is no further need for it; 1.5.8. Staff are fully aware of their duties and responsibilities under the Data Protection Act, and put this into practice when handling information; 1.5.9. The ODPCC s notification (ref:z3439263) to the Information Commissioner is up to date and reviewed annually.

2. NOTIFICATION 2.1. The ODPCC is required to notify the Information Commissioner s Office (ICO). Failure to notify is a criminal offence. 2.2. Notification is the process by which the ODPCC informs the Information Commissioner of certain details about its processing of personal information. These details are used by the Information Commissioner to make an entry describing the processing in the register of data controllers that is available to the public for inspection. 2.3. It is a basic principle of data protection that the public should know (or should be able to find out) who is carrying out the processing of personal information as well as other details about the processing (such as for what reason it is being carried out). Notification serves the interests of individuals in assisting them to understand how personal information is being processed by data controllers. 2.4. It is not, however, intended (nor is it practicable) that the register should contain very detailed information about a data controller s processing. The aim is to keep the content at a general level, with sufficient detail to give an overall picture of the processing. More detail is only necessary to satisfy specific statutory requirements or where there is particular sensitivity. 3. INFORMATION WHERE THE ODPCC IS THE DATA CONTROLLER 3.1. Where the ODPCC is the data controller, individuals are entitled to be told whether the ODPCC holds data about them, and if it does: 3.1.1. to be given a description of the data in question; 3.1.2. to be told for what purposes the data is processed; 3.1.3. to be told the recipients, or classes of recipients, to whom the data is or may be disclosed; 3.2. Any individuals making application are entitled to a copy of the information with any unintelligible terms, acronyms or codes explained. They will also be given any information available to us on the source of the data. The data will be in its latest form. 3.3. Anyone wishing to wish to apply for access to their personal data, known as a subject access request, should write to the Chief of Staff at the following address:- Office of the Durham Police and Crime Commissioner County Hall Durham DH1 5UL

3.4. A statutory fee of 10 is payable to make a request plus two forms of original proof of identity documents (these between them must provide your name, date of birth and current address). 3.5. A request for access to personal data will be dealt with promptly and in any event within 40 days of receipt of the request and payment of the fee. 3.6. Anyone who considers that a request for access to personal data has not been dealt with properly, may: 3.5.1. Write to the Chief of Staff at the above address seeking resolution of their complaint; or 3.5.2. Write to the Information Commissioner, who is appointed to consider such complaints at: Office of the Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF Tel: 01625 545745 ICO Website www.ico.gov.uk 3.7. The Information Commissioner is empowered to assess whether there has been a failure to comply with the 1998 Act. The Commissioner can issue enforcement proceedings if satisfied that there has been a contravention of the data protection principles. The Commissioner can also recommend that a an individual apply to court alleging a failure to comply with the subject access provisions of the 1998 Act. The court may make an order requiring compliance with those provisions and may also award compensation for any damages the individual has suffered as well as any associated distress. 4. INFORMATION WHERE THE ODPCC IS NOT THE DATA CONTROLLER 4.1. In many cases, it is the Constabulary and not the ODPCC who hold personal information. For example the Police National Computer includes information on prosecutions, convictions and cautions. Chief Officers of Police are the data controllers for this information and not the ODPCC. 4.2. An individual has the right to be told by a Chief Officer whether any information is held on the Police National Computer and a right to a copy of that information. A similar process applies for making a subject access request to the Chief Officer. 4.3. Police forces provide a form to simplify the exercise of your subject access rights to information. In the case of Durham Constabulary you should contact:

The Information Compliance Unit Peterlee Police Station St Aidans Way Peterlee Co Durham SR8 1QR Telephone 0191 375 2585 0191 375 2584 Fax 0191 375 2290 E mail data.protection@durham.pnn.police.uk

Document History Version No: 2 Next Review Date: November 2015 Created by: Office Manager Policy Owner: Chief Executive Version 1 Version Control Reviewed and updated October 2014

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information