DATA PROTECTION POLICY



Similar documents
DATA PROTECTION ACT 1998 COUNCIL POLICY

Data Protection Policy

Little Marlow Parish Council Registration Number for ICO Z

Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy

Data Protection Policy

HERTSMERE BOROUGH COUNCIL

Human Resources and Data Protection

DATA PROTECTION POLICY

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

Data Protection Procedures

Data Protection Policy

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

DATA PROTECTION POLICY

Policy Document Control Page

DATA PROTECTION POLICY

Data Protection Policy

DATA PROTECTION AND DATA STORAGE POLICY

Merthyr Tydfil County Borough Council. Data Protection Policy

Data Protection in Ireland

Information Governance Policy

DATA PROTECTION POLICY

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

technical factsheet 176

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

Data Protection Policy June 2014

Data Protection Policy

UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY

Islington Data Protection Policy. A council-wide information policy Version 1.1 June 2014

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

AlixPartners, LLP. General Data Protection Statement

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

Rick Parsons Information Governance Officer County Hall

Data Protection Policy

RECORDS MANAGEMENT POLICY

Scottish Rowing Data Protection Policy

Data Protection. Policy and Application July 2009

The CPS incorporates RCPO. CPS Data Protection Policy

Data Protection Policy Information for Clients

Human Resources Policy No. HR46

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

University of Limerick Data Protection Compliance Regulations June 2015

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

The Manitowoc Company, Inc.

DATA PROTECTION POLICY

INFORMATION SECURITY POLICY

Information Sharing Policy

Information Governance Framework. June 2015

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

CORK INSTITUTE OF TECHNOLOGY

Data Protection Policy

How To Understand The Data Protection Act

Human Resources Policy documents. Data Protection Policy

Data Security and Extranet

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

INFORMATION GOVERNANCE POLICY

Data Protection Breach Management Policy

Data Protection Policy

OFFICIAL. NCC Records Management and Disposal Policy

How To Protect Your Personal Information At A College

Data Protection and Privacy Policy

Corporate Information Security Policy

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

Somerset County Council - Data Protection Policy - Final

Data Protection Policy

Glyncoed Primary School. Data Protection Policy

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

ATMD Bird & Bird. Singapore Personal Data Protection Policy

Information Governance Policy

Align Technology. Data Protection Binding Corporate Rules Processor Policy Align Technology, Inc. All rights reserved.

Data protection policy

An overview of UK data protection law

INFORMATION SECURITY POLICY

DATA PROTECTION CORPORATE POLICY

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER

Transcription:

DATA PROTECTION POLICY

DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary of approval, by Information Management Services Scope/Applicable to All elected members, employees and agents acting for and on behalf of Blaby District Council Introduction The Data Protection Act 1998 ( the Act ) established a framework of rights and duties designed to safeguard personal data. It balances the legitimate needs of organisations to collect and use personal data against the individuals right to respect for the privacy of their personal details. In order to provide services and adhere to legislative requirements the Council collects and processes personal information. The maintenance of individual privacy and the lawful and secure processing of personal data is important to the Council and it is fully committed to compliance with the Act. Blaby District Council is registered as a Data Controller with the Information Commissioner s Office and it is therefore the responsibility of every elected member, employee and agent of the Council to comply with the legislative obligations placed on the organisation by the Act and treat the personal data collected and processed with due care and respect. Blaby District Council requires its partners and contractors acting on its behalf to comply with the Act when providing services to, for and on behalf of Blaby District Council and when sharing information with Council it is the responsibility of agents of the Council liaising with these third parties to ensure that the necessary procedures are in place to maintain compliance with the Act.

Policy Statement The purpose of this policy is to ensure that all elected members, employees and agents acting for and on behalf of the Council are aware of their obligations and responsibilities with regards to the collection and processing of personal data under the provisions of the Data Protection Act 1998 and that it is the intention of the Council to comply with all aspects and requirements of the Act. The Council is committed to: Ensuring compliance with the provisions of the Act and the eight principles as detailed below. Ensuring all members, employees, etc. are aware of their responsibilities and consequences with respect to non compliance with this policy or breaches of the Data Protection Act 1998. Maintaining and updating the registration with the Information Commissioner s Office as appropriate. Providing ongoing data protection training and awareness programmes for all members, employees and agents of the Council in order to maintain high standards of data protection. Ensuring ongoing monitoring is undertaken to ensure compliance with this policy and the Data Protection Act 1998. Data Protection Principles 1) Personal data shall be processed fairly and lawfully Blaby District Council will be open and transparent with regard to the processing of personal data and will ensure that individuals whose personal information is held by the Council are aware, as far as is reasonably practicable, as to the reasons for the collection and use of the data, and are not misled in this regard. Assumptions regarding consent, intended use and disclosure must not be made. There are strict conditions within Schedules 2 and 3 of the Act that cover the processing of personal data which must be adhered to. Blaby District Council will not process personal data in any way that would breach the Act or contravene the notified purposes registered with the Information Commissioner s Office. 2) Personal data shall be obtained for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes Personal data collected from individuals should only be used for the purpose for which it has been collected, unless the data subject has been advised otherwise or they have given their consent. All reasonable steps 3

will be taken to ensure individuals are aware of how the personal data they provide will be used. Individuals are also entitled to know how the information is stored and disclosed. To this end service areas are required to provide fair processing notices on all forms and provide this notice verbally if the personal information is received by telephone. Fair processing notices inform individuals who we are, what we are going to do with their information and who it will be shared with. 3) Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed Personal data collected will be adequate for the purposes for which it is collected and additional or excessive information will not be collected. Only the information which is necessary to provide the service or comply with a statutory duty should be collected. Excessive information must be deleted. Information which becomes irrelevant over time must be treated as excessive and deleted. 4) Personal data shall be accurate and, where necessary, kept up to date Steps should be taken, as far as is reasonably practicable; to ensure that the personal data held is accurate and up to date. 5) Personal data shall not be kept for longer than is necessary Personal information should be held in accordance with the Council s approved Retention and Disposal Schedule, which is available on the Council s intranet, and measures put in place to ensure the correct retention periods are adhered to. Where long term storage of personal details is necessary this should be done in accordance with the Act and where possible records should be anonymised to reduce risks to the Council. The retention period for keeping the personal information must be decided before the information is collected. 6) Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act If the data collected will be processed by an automated decision making procedure e.g. where a score based decision is made by a software programme, the data subject has the right to know how the process works and their rights of appeal against the decision/s. The Council will respect the rights of data subjects and provide access to their information when requested. Access to information is covered in a separate policy. 4

7) Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data Blaby District Council has implemented appropriate physical and electronic security measures and these will be reviewed regularly and updated as necessary. Physical security measures include locked cabinets, offices and facilities. Electronic security measures include passwords, electronic audit facilities and encrypted mobile devices. 8) Personal data shall not be transferred to a country or territory outside the European Economic Area etc. Accountability and Responsibilities All elected members, employees and agents acting for and on behalf of Blaby District Council All individuals should take personal responsibility for ensuring that personal data that they collect and process is done so in accordance with the Data Protection Act 1998 and this policy. All due care and attention should be taken to ensure that the privacy of the data subject is maintained this must be treated as a matter of priority. Managers It is the responsibility of all line managers to ensure that this policy and any associated procedures are implemented in their service area. They should ensure team members have read and agreed to abide by the policy and are aware of the Data Protection Act 1998. Training needs should be identified and training arranged as necessary. This responsibility extends to ensuring the importance of protecting personal data is prioritised in partnership working and data sharing arrangements. Should it be necessary to share information with other organisations under the provisions of Section 29 of the Act the necessary forms should be completed and safeguards put in place to protect the data. If the purposes for which the data is processed change, managers should liaise with Information Management Services to update the registration with the Information Commissioner s Office (see below). Registration with the Information Commissioner s Office Blaby District Council is registered with the Information Commissioner s Office as a Data Controller. 5

This registration provides the Information Commissioner s Office with details about the purposes for which the Council processes personal information and the types of personal data collected. The registration is renewed annually in August and the Council will review and update it as required. Training and Awareness The Council is committed to providing ongoing training and awareness programmes, making use of available software systems such as NETconsent (policy management system), Athena (online training system) and the Council s intranet, and providing a variety of printed materials and face to face training and awareness opportunities. Monitoring and Compliance Ongoing audits and monitoring will be undertaken to assess how the policy is being put into practice. Individuals who are dissatisfied with the way their personal data is processed have recourse through the Corporate Complaints procedure and the Information Commissioner s Office. Breaches of the Act can result in serious consequences for the Council. Elected members, employees and agents of the Council deliberately obtaining, disclosing or using personal data processed by the Council in any way which is not compatible with their duties, the functions of the Council or without authority may be subject to disciplinary action and legal action where an offence has been committed. Data Protection Advice and Guidance The Data Protection Officer for Blaby District Council is: The Democratic Services and Governance Manager For advice and guidance please contact the Information Management Services team in the first instance. Information Management Services Blaby District Council Council Offices Desford Road Narborough LE19 2EP 0116 272 7678 foi@blaby.gov.uk 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information