Data Protection Policy

Similar documents
Little Marlow Parish Council Registration Number for ICO Z

HERTSMERE BOROUGH COUNCIL

Information Governance Policy

Policy Document Control Page

Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy

Data Protection Policy

Data Protection Policy

Human Resources and Data Protection

Data Protection Policy

DATA PROTECTION ACT 1998 COUNCIL POLICY

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

Data Protection Policy

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

DATA PROTECTION POLICY

Merthyr Tydfil County Borough Council. Data Protection Policy

DATA PROTECTION POLICY

Data Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy

Data Protection Guidance

Glyncoed Primary School. Data Protection Policy

DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

How To Understand The Data Protection Act

The Manitowoc Company, Inc.

Data Protection Policy

DATA PROTECTION POLICY

DATA PROTECTION POLICY

Scottish Rowing Data Protection Policy

Data Protection Act a more detailed guide

Information Security Policy. Appendix B. Secure Transfer of Information

Data Security and Extranet

DATA PROTECTION POLICY

CORK INSTITUTE OF TECHNOLOGY

Data protection policy

Falkirk Council Data Protection Guidelines

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

Data Quality Strategy a guide. Helping you to build a contact data management strategy

Data Protection and Privacy Policy

Data Protection and Community Councils Briefing Note

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

Staple Hill Primary School. Data Protection Policy

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

Data Protection Policy

DATA PROTECTION POLICY

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

Dublin City University

Data Protection. Policy and Application July 2009

DATA PROTECTION POLICY

10 DATABASE PRACTICE

AlixPartners, LLP. General Data Protection Statement

Version 1. Chair of Governors Signature.. Review Date: Spring term 2017

DATA PROTECTION POLICY

The Manchester College

Crofton School Data Protection Policy

University of Limerick Data Protection Compliance Regulations June 2015

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

How To Protect Your Personal Information At A College

DATA PROTECTION AND DATA STORAGE POLICY

Rick Parsons Information Governance Officer County Hall

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

UNIVERSITY OF SOUTHAMPTON DATA PROTECTION POLICY

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

Data Protection Policy

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Data Protection Policy June 2014

Information Sharing Policy

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Data Protection and Information Security Policy and Procedure

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Somerset County Council - Data Protection Policy - Final

Guidelines on Data Protection. Draft. Version 3.1. Published by

Personal Data Act (1998:204);

The best advice before you decide on what action to take is to seek the advice of one of the specialist Whistleblowing teams.

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

Data Protection for the Guidance Counsellor. Issues To Plan For

Access Control Policy

Robyn Academy. Code of Professional Conduct for Teachers. Dance & Theatre Arts

Data Protection Policy

Data Compliance. And. Your Obligations

Data Protection Policy Information for Clients

Web Site Download Carol Johnston

Data Protection Procedures

PRIVACY POLICY Personal information and sensitive information Information we request from you

Human Resources Policy documents. Data Protection Policy

Data protection policy

ATMD Bird & Bird. Singapore Personal Data Protection Policy

INFORMATION GOVERNANCE POLICY

ON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS

How To Protect Your Data In European Law

Personal Data Protection Policy

Data Protection Policy

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS

INFORMATION GOVERNANCE POLICY

PRESIDENT S DECISION No. 40. of 27 August Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

Transcription:

Data Protection Policy (Revised January 2013)

ASSUMPTION GRAMMAR SCHOOL Data Protection Policy (Revised January 2013) Introduction Assumption Grammar School recognises and accepts its responsibility as set out in the Data Protection Act 1998 and sub-legislation contained therein. The school, as a Data Controller, will take all reasonable steps to meet this responsibility and to promote good practice in the handling and use of personal information. In particular, the school will comply with the Data Protection Principles as set out in the 1998 Act. This policy statement applies to all members of the Board of Governors, employees and individuals about whom the school processes personal information, as well as other partners and companies with which the school undertakes its business. Scope In order to operate, the school must collect and use certain types of personal information about people with whom it deals. These include current, past and prospective employees, pupils, suppliers, clients, and others with whom it communicates. Information is, on occasions, shared with agencies such as the Careers or Counselling Services. Such agencies are committed to storing the information securely and complying with the Data Protection Act 1998. They will not supply the information to third parties. Parents/Guardians will be informed and their permission sought, at the start of the school year, for the school to share pupils information with these services. Pupils may also be asked to give their own consent when providing information to these services. This will not, however, replace parental consent. The school will also use the Call Parent system which is operated by the Contact Group to contact parents via text and email. This system is registered under the Data Protection Act by the Contact Group themselves (Registration Number Z7911829). All information is accessible only by the school using a unique ID number and password. It may be required by law to collect and use certain types of information to comply with the requirements of government departments. This personal information will be dealt with properly whether it is collected on paper, in a computer, or recorded 2

on other materials. The school will comply with all safeguards in the Data Protection Act 1998 to ensure this. The school regards as essential the lawful and correct treatment of personal information and wishes to maintain the confidence of those with whom we deal. It will ensure that it treats personal information lawfully, correctly and in compliance with the 1998 Act. (Teachers have been instructed regarding the sharing of confidential information by email see Appendix) To this end we fully endorse the obligations of the Act and adhere to the Principles of data protection, as enumerated in the 1998 Act. The following paragraphs provide a brief aid to the Data Protection Act 1998. 1. Main Provisions of the 1998 Legislation (a) (b) (c) The school, as Data Controller, will notify its processing of personal data with the Information Commissioners Officer who maintains a public register of the type of information organisations process, where it gets the information from and what it does with it. The school will observe the eight Data Protection Principles. The school will allow the data subject to exercise his/her rights i.e. to have right of access to his/her personal information - what is held, how it is processed and to whom it is disclosed. Such access requests will be complied with within 40 days. The maximum fee for access is 10. 2. Definitions Data Controller Personal Data: Any individual or organisation who controls personal data, in this instance the School. Information held on a relevant filing system, accessible record or computerized record (as well as digital audio or video equipment), which identifies living individuals. Sensitive Personal Data: Personal data relating to an individuals race or ethnic origin, political opinions, religious beliefs, 3

physical/mental health, trade union membership, sexual life and criminal activities. Relevant Filing System: Also known as manual records i.e. a set of records which are organised by reference to the individual/their criteria and are structured in such a say as to make specific information readily accessible e.g. personnel records, microfiches. Data Subject: Processing: Accessible Records An individual who is the subject of the personal data, for example, employees, pupils, claimants etc. Obtaining, recording or holding data or carrying out any operation on the data including organising, adapting, altering, retrieving, consulting, using, disclosing, disseminating, aligning, blocking, erasing or destroying the data. Any records which are kept by the Organisation as part of a statutory duty, e.g. pupil records, housing tenancy records, social services records. 3. Data Protection Principles Specifically, the Principles require that personal information: 1. shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions as set out in the 1998 Act are met; 2. shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes; 3. shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed; 4. shall be accurate and, where necessary, kept up to date; 5. shall not be kept for longer than is necessary for that purpose or those purposes; 6. shall be processed in accordance with the rights of the data subject under the 1998 Act; 4

and that: 7. appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data; 8. shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Commitment The school will, through appropriate management and application of criteria and controls: observe fully conditions regarding the fair collection and use of information; meet its legal obligations to specify the purposes for which information is used; collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements; ensure the quality of information used, including its accuracy and relevancy for the purpose(s) specified; apply strict checks to determine the length of time information is held; ensure that the rights of people about whom information is held can be fully exercised under the 1998 Act. (These include: the right to be informed that processing is being undertaken: the right of access to one's personal information; the right to prevent processing in certain circumstances; the right to correct, block or erase information which is regarded as erroneous); take appropriate technical and organisational security measures to safeguard personal information; and ensure that personal information is not transferred abroad without suitable safeguards. Compliance In addition, the School takes steps to ensure that: there is someone with specific responsibility for data protection in the organisation. (Currently, the nominated person is Mrs Devlin); everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice; 5

everyone managing and handling personal information is appropriately trained to do so; everyone managing and handling personal information is appropriately supervised; anybody wanting to make enquiries about handling personal information knows what to do; queries about handling personal information are promptly and courteously dealt with; methods of handling personal information are clearly described; a regular review and audit is made of the way personal information is managed; methods of handling personal information are regularly assessed and evaluated; performance of handling personal information is regularly assessed and evaluated; and it disseminates to employees, information on good practice in respect of handling, using and storing personal information. A copy of this policy statement will be issued to all employees. It will be reviewed annually, added to, or modified from time to time and may be supplemented in appropriate cases by further statements and procedures relating to the work of the particular groups of workers. 6

DATA PROTECTION APPENDIX 1. The 1998 Data Protection Act guides school policy and practices. 2. Our school is fully committed to protecting the rights and privacy of staff and pupils. 3. Certain personal information must be obtained and stored. 4. Teachers must be extremely careful to keep information relating to pupils in a secure place. 5. Teacher planners, diaries, mobile phones must never be left on desks or computer screens. Notes/ information re medical details, child protection issues and children s performance must be kept secure. 6. Be careful re departmental store rooms and who has access to them. 7. Always ensure that confidential pupil information is sent electronically in an attachment and that a pupil s name is not written in the email or Subject box. This information should only be sent to those teachers involved with the relevant pupil. Policy is reviewed annually 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information