Procedure No: 34 Revision: 1 Sheet: 1 of 5 Date of Issue: January Data Protection Act, 1988

Similar documents
Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

Data Protection Policy

HERTSMERE BOROUGH COUNCIL

Little Marlow Parish Council Registration Number for ICO Z

Data Protection Policy

Data Protection Policy

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

DATA PROTECTION POLICY

Policy Document Control Page

CORK INSTITUTE OF TECHNOLOGY

Corporate ICT & Data Management. Data Protection Policy

Data Compliance. And. Your Obligations

ATMD Bird & Bird. Singapore Personal Data Protection Policy

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

Information Governance Policy

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Merthyr Tydfil County Borough Council. Data Protection Policy

Dublin City University

Data Protection in Ireland

Data protection policy

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

DATA PROTECTION POLICY

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

AlixPartners, LLP. General Data Protection Statement

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

The Manitowoc Company, Inc.

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection Act a more detailed guide

DATA PROTECTION POLICY

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

Guidelines on Data Protection. Draft. Version 3.1. Published by

DATA PROTECTION POLICY

Rick Parsons Information Governance Officer County Hall

Data Protection Acts 1988 and 2003: Informal Consolidation

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

Data Protection. Policy and Application July 2009

Human Resources and Data Protection

10 DATABASE PRACTICE

technical factsheet 176

Data protection compliance checklist

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

University of Limerick Data Protection Compliance Regulations June 2015

How To Understand The Data Protection Act

DATA PROTECTION [CH.324A 1 CHAPTER 324A DATA PROTECTION ARRANGEMENT OF SECTIONS

Data Protection Policy

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

Data Protection Good Practice Note

The Manchester College

DATA PROTECTION AUDIT GUIDANCE

Data Protection Act, 2012

PRESIDENT S DECISION No. 40. of 27 August Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

Data Protection Policy

Personal Data Act (1998:204);

Proposal of regulation Com /4 Directive 95/46/EC Conclusion

Data Protection Standard

John Leggott College. Data Protection Policy. Introduction

Session: 2002 Bill No. 26 A BILL. for

IRISH BANKING FEDERATION DATA PROTECTION GUIDE MAY 2013

Scottish Rowing Data Protection Policy

DATA PROTECTION MANUAL

Data Protection Procedures

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

The Romanian Parliament adopts the present law. Chapter I: General Provisions

INFORMATION GOVERNANCE AND DATA PROTECTION POLICY

DATA PROTECTION POLICY

Data Protection Policy

Table of contents: ***

Crimes (Computer Hacking)

DATA PROTECTION POLICY

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

ST IVES CHAMBERS POLICY ON THE COLLECTION AND USE OF DIVERSITY DATA

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection and Data security Policy

CORE SKILLS FRAMEWORK INFORMATION GOVERNANCE LESSON NOTES AND TIPS FOR A SUGGESTED APPROACH

Personal Data Protection LAWS OF MALAYSIA. Act 709 PERSONAL DATA PROTECTION ACT 2010

INERTIA ETHICS MANUAL

Code of Practice on Data Protection for the Insurance Sector

How To Protect Your Data In European Law

Data Protection and Community Councils Briefing Note

2015 No FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Businesses (Credit Information) Regulations 2015

Number 25 of 1988 DATA PROTECTION ACT 1988 REVISED. Updated to 30 March 2012

FEDERATION OF EUROPEAN DIRECT MARKETING EUROPEAN CODE OF PRACTICE FOR THE USE OF PERSONAL DATA IN DIRECT MARKETING

COUNCIL OF EUROPE COMMITTEE OF MINISTERS. RECOMMENDATION No. R (90) 19 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

How To Protect Your Personal Information At A College

Data Protection Policy

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection for the Guidance Counsellor. Issues To Plan For

PRIVACY POLICY Personal information and sensitive information Information we request from you

2015 No FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Credit Information) Regulations 2015

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE

Data Protection and Privacy Policy

Corporate Policy. Data Protection for Data of Customers & Partners.

Data Protection Policy

Data Protection Policy

Transcription:

Procedure No: 34 Revision: 1 Sheet: 1 of 5 Date of Issue: January 2001 Data Protection Act, 1988 1. Purpose To define procedures in relation to Data Protection. 2. Scope This Act ratified the Council of Europe Convention on Data Protection, and regulates the collection, processing, keeping, use and disclosure of personal information that is processed by automated means. Scope All employers All employees 3. Definition of Terms Data: Data Controller: Data processor: Data subject: Information in a form in which it can be processed (automatically). The Act applies whether or not the personal data are kept on mainframes, minicomputers, microcomputers, or word processors. The Act does not apply to data, which is held on manual files. Person who controls the contents and use of personal data. A data controller can be a person, a firm or a corporate or unincorporated body. Person who processes personal data on behalf of a data controller. It does not include an employee of a data controller who processes such data in the course of his/her employment. An individual who is the subject of personal data. Page 1 of 5

Personal Data: Data relating to a living individual (not a company) who can be identified either from the data or from the data in conjunction with other information in the possession of the data controller. Such personal information could include data on an employee s health, family and social circumstances, political opinions etc. Certain data will be exempt from the terms of the Act. These relate to data kept for the purpose of safeguarding the State, data required by law to be made available to the public, data kept by the individual and concerned only with his/her personal, family or household affairs or for recreational reasons. 4. Key Provisions The Act gives a right to every individual, irrespective of nationality or residence, to establish the existence of personal data, to have access to any such data relating to him/her and to have inaccurate data rectified or erased. It imposes obligations on data controllers and data processors to ensure that automated data kept are accurate, up to date, and are kept for lawful purposes; that due security measures are taken; and that data are not disclosed for any reason incompatible with the purpose for which they are kept. 5. The Data Protection Commissioner A Data Protection Commissioner has been appointed under the Act to supervise the operation of the legislation and to investigate complaints. Certain categories of data controllers and data processors are required to register with the Data Protection Commissioner. These are:- all Public Authorities all financial institutions, life assurance and insurance companies, or businesses, which are wholly or mainly involved in direct marketing, credit referencing or collecting debts Page 2 of 5

data controllers who keep personal data relating to racial origin, political opinions, religious or other beliefs, physical or mental health, sexual life, or criminal convictions, collectively called sensitive data data processors whose business consists wholly or partly of processing personal data on behalf of data controllers, for example computer bureaux finally, data controllers or data processors who may be prescribed under the Act by the Data Protection Commissioner with the consent of the Minister for Justice. To date, no such prescription orders have been made. Note: Therefore, if an employer, as such, does not fall within the above categories, s/he is not obliged under the Act to register with the Data Protection Commissioner. Companies which keep ordinary personal data relating to employees including such matters as absence/injury records, disciplinary records, etc., are not required to register simply by reason of keeping that data. Such matters are not sensitive within the meaning of the Act. 6. Duties of Data Controller Data controllers must abide by what are known as the Data Protection Principles. There are seven in all and they are as follows: The fairly obtaining and processing principle An employee should be told why the information is needed, should be given an explanation of what use such information may be put to and the information should not be used for any other purpose. The data shall be accurate and kept up-to-date The employer must take care to keep data accurate and up-to-date because if they are inaccurate or not kept up-to-date, they may cause damage to the individual concerned who is most likely to be the employee. The Act extends the law of tort by specifically imposing a duty of care on data controllers and processors. Page 3 of 5

The data shall be kept for specified and lawful purposes This means that if the data are kept for some other purposes, a complaint to and an investigation by the Data Protection Commissioner, may result in prosecution under the Act. The data will not be used or disclosed in any manner incompatible with those purposes For instance, it would appear that data collected and kept on employees for personnel administration reasons, should not be used for direct mailing unless specified for this purpose in advance. The data must be adequate, relevant and not excessive in relation to that purpose In other words, the data kept must be in proportion to the use to which they are put. Therefore, some personal details may be quite irrelevant or may be excessive under this rule. This is a matter of judgment and is related to the next principle. The data must not be kept for longer than is necessary At some stage, data will become stale or irrelevant, for example, the fact that your employee may have received a criminal conviction 15 years ago, may be of no relevance at the present time for the purpose for which the data is kept. The security principle Data controllers and processors are required by the Act to initiate and maintain appropriate security against unauthorised access to, alteration, disclosure or destruction of personal data and against accidental loss or destruction. Examples of such security requirements would be the use of code words, passwords, restricting physical access. The first 6 principles apply to data controllers only, whereas the security principle applies to both data controllers and data processors. 7. Duties of Data Processors The only provision that applies to data processors is that requiring appropriate security measures to be taken in relating to the data. It is an offence for a data processor knowingly to disclose personal data without the prior authority of the data controller on whose behalf the data are processed. Page 4 of 5

8. Duty of Care The Act imposes on all data controllers and data processors a duty of care towards data subject to the extent that such a duty does not already exist under the law of tort. Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information