Management of Personal Data Policy

Similar documents
Data Protection Policy

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Glyncoed Primary School. Data Protection Policy

Data Protection Policy

Data Protection Policy

DATA PROTECTION POLICY

Staple Hill Primary School. Data Protection Policy

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Policy Name: Data Protection. Nominated Lead Member of Staff: ICT Manager. Status: Review Cycle: 2 Years. Authorisation: Governing Body

Subject Access Request, Procedure, Guidance and Information

Version 1. Chair of Governors Signature.. Review Date: Spring term 2017

Human Resources and Data Protection

Data Protection Act 1998 Subject Access Request - Application Form

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Data Protection Policy

Data Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy

Information Governance Framework. June 2015

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION POLICY

MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose

PRIVACY POLICY. Privacy Statement

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

DATA PROTECTION POLICY

Subject Access Request Form Data Protection Act 1998 Application for Access to Personal Information. December 2013

Falkirk Council Data Protection Guidelines

Grievance Policy. 1. Policy Statement

HERTSMERE BOROUGH COUNCIL

Data Protection Guidance

RECORDS MANAGEMENT POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

SANDYMOOR SCHOOL GUIDANCE ON ACCESS TO STUDENT RECORDS

Information Sharing Policy

Access to Health Records

DATA PROTECTION CORPORATE POLICY

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

Halton Borough Council. Privacy Notice


Complaints Policy. Complaints Policy. Page 1

POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL

Beacon Financial Group - Privacy Policy

Not Protectively marked

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

National Governors Association s Code of Practice for School Governors 2015/16

Subject Access Request Protocol

COLLECTION, MANAGEMENT, SECURITY OF AND ACCESS TO INFORMATION RECORDS

Data Protection Policy

Requirements made under the Intermediaries Byelaw

Zinc Recruitment Pty Ltd Privacy Policy

Direct Recruitment Privacy Policy

PRIVACY POLICY Personal information and sensitive information Information we request from you

How To Protect Your Personal Information At A College

Information Governance Policy

Information Circular

Records Management. 1. Introduction. 2. Strategic Plan Desired Outcomes

DISPUTE RESOLUTION GRIEVANCE PROCEDURE FOR TEACHING & SUPPORT STAFF IN SCHOOLS

APPLICATION FOR HOME TUITION FOR THE 2015/2016 SCHOOL YEAR

Please print clearly 1 Please complete your name, address and contact details below. Title Surname Full given name(s)

Data Protection Policy

Information Assurance Policies and Guidance. Information Governance Policy. Document Version: v0.5 Review Date: 1 May 2016

DATA PROTECTION POLICY

Personal Information Protection and Electronic Documents Act

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )

Data Protection Policy

BAM regulations on the holding of and effecting transactions in shares and certain other financial instruments

Corporate ICT & Data Management. Data Protection Policy

How to Raise a Complaint Introduction

Employment Policies, Procedures & Guidelines for Schools

PART B NOTICE OF PROCEDURAL SAFEGUARDS PARENTAL RIGHTS FOR PUBLIC SCHOOL SPECIAL EDUCATION STUDENTS

DIFC LAW NO. 1 OF 2007

Information Governance Policy

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Information Governance Strategy & Policy

Doug Kerr Insurance Consultants P/L ABN AFSL Tel: Fax:

Site visit inspection report on compliance with HTA minimum standards. London School of Hygiene & Tropical Medicine. HTA licensing number 12066

Data and Information Sharing Protocol and Agreement for Agencies Working with Children and Young People

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

DEPARTMENT FOR BUSINESS INNOVATION AND SKILLS (BIS) ENGLAND ILLEGAL MONEY LENDING PROJECT

Enterprise bargaining

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

Application to become a Lloyd s Open Market Correspondent

European School Brussels II. Avenue Oscar Jespers Brussels

Clause 1. Definitions and Interpretation

Disclosure of Criminal Convictions Code of Practice

Crofton School Data Protection Policy

PERSONAL INFORMATION PRIVACY POLICY FOR EMPLOYEES AND VOLUNTEERS [ABC SCHOOL]

singapore american school

Code of Practice on the Identity Card Number and other Personal Identifiers Compliance Guide for Data Users

Credit Union Code for the Protection of Personal Information

UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY

Data Protection Policy Information for Clients

Credit Reporting Privacy Policy of Baybrick Pty Ltd

Little Marlow Parish Council Registration Number for ICO Z

Student Records. 4. Data Security: Upper Yarra Community House Inc. will protect the personal information it

West Midlands Police and Crime Commissioner Records Management Policy 1 Contents

You may choose not to provide us with any of this information, but not doing so will affect our ability to provide you with storage.

University of St Andrews Out of Hours Protocol Appendices: A- CCTV Code of Practice B- Service Level Statement

Transport Regulations (Port Tariff,Complaint, Dispute Resolution and Planning)

Appendix 1. This appendix is a proposed new module of the DFSA Rulebook. Therefore, the text is not underlined as it is all new text.

BYLAWS OF PARENTS ASSOCIATION OF THE INTERNATIONAL SCHOOL OF HELSINKI REGISTERED

ENC Li Subject Access Request Procedure

Transcription:

Management of Personal Data Policy 1

Contents Cover Page 1 Contents Page 2 Policy Statement Page 3 Enquiries and Information Page 4 Fair Obtaining Page 4 Data Uses and Processes Page 4 Data Integrity Page 4 Security Page 5 Physical Security Page 5 Logical Security Page 5 Procedures and Protocols Page 5 Subject Access Subject Information Requests Page 5-6 Complaints and Appeals Page 6 Appendices Appendix 1 Subject Access Request Form Page 7-10 2

Policy Statement The Governing Body of President Kennedy School are committed to the management of personal data of staff and students and this procedure is designed to ensure that all personal data is managed appropriately and in accordance with the requirements and principles of the Data Protection Act 1998, Human Rights Act 1998, and Freedom of Information Act 2000. The Headteacher delegates responsibility for the monitoring of personal data to the School Business Manager, Deputy School Business Manager and the Assistant School Business Manager (HRM). All staff involved with the collection, processing and disclosure of personal data will be made aware of their duties and responsibilities within these guidelines. It is recognised that other legislation, e.g. the Crime and Disorder Act, may override Data Protection law. Signed: Title: Dated: August 2012 Review Date Due: August 2013 3

Enquiries and Information. Enquiries about this policy should be made to the School Business Manager who can also provide further information about school procedures. The registered purposes for processing personal information, as recorded for notification by the school, are available by appointment for inspection in the school. Explanation of the entries registered is available from the School Business Manager who is the person nominated to deal with data protection issues. Fair Obtaining The school undertakes to obtain information fairly and lawfully by informing all data subjects of the reasons for its collection, the purposes for which the data will be held, where possible the likely recipients, and the data subject's rights of access. Information about the use of personal data is printed on the appropriate collection forms. Where details are given in person or by telephone the staff member collecting the details will advise on how those details will be used. Data Uses and Processes The school will not use or process personal information that contravenes its statutory or registered/notified purposes. Any new purposes for data processing introduced will, where appropriate, be notified to the individual and, if required by law, their consent will be sought. A copy of the up to date notification/registration will be kept at the school for inspection purposes. The school will only process data with the subject data's consent (or with the consent of parents/guardian acting on behalf of their child). There may be exceptions as outlined in Schedules 2 and 3 of the Data Protection Act 1998 where processing is necessary, e.g. for the school to comply with its other legal obligations or to protect the vital interests of the data subject. Only authorised will be permitted to make external disclosures of personal data. Data used within the school will ONLY be made available to staff if they need to know for their work in the school. Data Integrity The school will not collect data from individual s that is excessive or irrelevant in relation to the registered/notified purpose(s). Details collected will be adequate and no more. Information collected that becomes irrelevant or excessive will be deleted. Information will only be held for as long as is necessary for the registered/notified period following which the details will be deleted/destroyed. Data held will be as accurate and as up-to-date as is reasonably possible. If a data subject informs the school of a change of circumstances their record will be updated as soon as possible. Information received from a third party will be recorded as such. Where a data subject challenges the accuracy of their data and it cannot be updated immediately, or where the new information needs to be checked for accuracy and validity, a marker will be placed on the "challenged" record indicating the nature of the dispute and/or delay. The school will try to resolve the issue(s) informally and amicably with the individual but if this is not possible any dispute will be referred to the Governing Body. 4

Security The school undertakes to ensure the security of personal data to prevent unauthorised individuals and staff from gaining access to personal information through: Physical Security Ensuring that no student has access to networks where personal data is stored. Provision of appropriate building security and that alarms are regularly checked for functionality. Restricting access of unauthorised personnel to school offices and rooms where personal data systems are kept. Provision of secure storage/filing systems/lockable cabinets. Safe storage of computer back-up tapes/disks (risk of fire, theft, other damage or loss) Ensuring laptop computers are always stored in secure areas on site and off site if appropriate Logical Security Password protection and controls for electronic access of information, including networks. Pass worded screensavers, read only files (prevent unauthorised amendment). Ensuring that password changes are made regularly. Procedures and Protocols Only permitting authorised personnel to have access to personal data records. By implementing a controlled system to record the removal and transfer of personal data from its normal storage area, including transfer within the school and removal off- site. Ensuring that all staff are made aware of their responsibilities for data protection and for general security matters and their knowledge is updated as required. By destroying redundant data in accordance with the school's procedures for disposing of confidential materials as per the schools redundant materials policy. Subject Access Subject Information Requests Any person whose details are held/processed by the school (data subjects) have a general right to receive a copy of their own information. There are a few exceptions to this rule, such as, data held for child protection and/or crime detection/prevention purposes. The school will respond in writing to requests for access to pupil records within 15 school days and for all other types of record within the 40 days allowed by the Data Protection Act 1998. The school's policy for dealing with requests for subject access in respect of a pupil is: Requests from parents/legal guardians in respect of their own child will, provided that the child does not understand the nature of the subject access requests, be processed as requests made on behalf of the data subject (child) Requests from pupils who do not understand the nature of the request will be referred to the child's parents Requests from pupils who demonstrate an understanding of the nature of their request will be processed as any subject access request as outlined below. Under normal circumstances the schools will assume that at the age of 14 a child is able to understand the issues concerning access to their data. 5

The data controller (Headteacher or authorised person acting on his/her behalf) will make the judgement about whether a child has the necessary level of understanding, and will seek guidance from the Information Commissioner and /or City Council in the event of a dispute. A subject access/information request is to be submitted on the appropriate forms wherever possible to ensure that the school has the required information to be able to conduct a data search and fulfil the request. (See Appendix 1 Subject Access Request Form at the back of this policy) Where information is not available from the school but is processed by the Local Authority, e.g. admissions and transfers, the requests will be directed to the appropriate officer. In some cases, especially with requests not submitted on the appropriate forms, further information may need to be required from the requester which may delay the start of the 40 day maximum period. Repeat requests will be fulfilled unless deemed unreasonable, such as second request received so soon after the first that it would be impossible for the details to have changed. The school may charge a fee for providing copies of educational records. Further details about charges can be obtained from the School Business Manager. Complaints and Appeals Complaints, disputes or challenges as described above should be first taken up with the Head teacher (Data controller) or an authorised person acting on his/her behalf. 6

Appendix 1 Subject Access Request Form 7

Subject Access Request Form Section 1 This form is used by President Kennedy School to help you to receive information we hold and process about you, the data subject (the term used for the person whose information is held by the school). Please complete the form as fully as possible- if you do not it could make it difficult for us to process your request. If you are applying on behalf of another person, with their consent, please include proof of your right to do so. If you need help completing this form please contact the Assistant School Business Manager (HRM). Data subject's name Address Post code: Previous address if you have moved since your details were given to the school Post code: 8

Section 2 (Please tick) Are you the data subject named above? Yes No If yes please proceed to section 4 Are you the parent / guardian of the child Pursuing your separate right to access your child's official educational records. Are you the parent / guardian of the child and acting on behalf of a child who does not understand the nature of their own access rights Yes No If yes please proceed to section 4 Yes No If yes please proceed to section 3 Are you acting on behalf of the person named above Yes No If yes please proceed to section 3 Section 3 If you are acting on behalf of the data subject Do you have written permission? Yes No If yes please attach a copy and proceed to section 3a 3.a. Please complete the following declaration I..(Applicant) declare that I am an agent acting on behalf (the data subject) with their full knowledge and written consent (enclosed), or on behalf of a child who does not understand the nature of the request and I am acting in their interest. I will only disclose the information to the data subject except with further authorisation from them. Signed. Agent / Parent... 3.b Details about the agent. Agents name Address Post code Tel 9

Section 4 Please state in your own words what information you require, include details of any reference numbers given to you like payroll or client numbers, or reasons why you believe the school has your personal information in its files. Section 5 Declaration To be signed by all applicants I declare that the information given in this form is correct and that I am the data subject, parent or agent. Signed. Date.., The school has 15 school days to respond to a request for educational records and 40 calendar days to respond to other requests. The information you provide on this form will be used only for the purposes of processing your request. 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information