DATA PROTECTION CORPORATE POLICY



Similar documents
Data Protection Policy

Human Resources Policy documents. Data Protection Policy

DATA PROTECTION POLICY

Data Protection Policy

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

DATA PROTECTION POLICY

Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy

AIRBUS GROUP BINDING CORPORATE RULES

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

Human Resources and Data Protection

Caedmon College Whitby

Data Protection Policy

Appendix 11 - Swiss Data Protection Act

ATMD Bird & Bird. Singapore Personal Data Protection Policy

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

DATA PROTECTION POLICY

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

Data Protection Policy

Information Governance Policy

Data Protection Workshop: How the Law Affects You Practice Questions

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

THE UK S ANTI-MONEY LAUNDERING LEGISLATION AND THE DATA PROTECTION ACT 1998 GUIDANCE NOTES FOR THE FINANCIAL SECTOR. April 2002

Data Protection Policy June 2014

technical factsheet 176

Information Governance Framework. June 2015

DATA PROTECTION ACT 1998 COUNCIL POLICY

CODE GOVERNANCE COMMITTEE CHARTER. 1 Functions and responsibilities of the Code Governance Committee

AITKIN COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT. Aitkin County

Corporate ICT & Data Management. Data Protection Policy

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Data protection policy

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

Child and Adult Services Subject Access Requests Guidance

Little Marlow Parish Council Registration Number for ICO Z

Photography and filming in schools Code of Practice

Information Sharing Policy

TERMS & CONDITIONS of SERVICE for MSKnote. Refers to MSKnote Limited. Refers to you or your organisation

Data Protection Policy

Business Associate Agreement

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

ASPEN AUSTRALIA BRANCH PRIVACY POLICY

Daltrak Building Services Pty Ltd ABN: Privacy Policy Manual

Clause 1. Definitions and Interpretation

Information Classification and. Handling Policy

Subject Access Request, Procedure, Guidance and Information

Align Technology. Data Protection Binding Corporate Rules Processor Policy Align Technology, Inc. All rights reserved.

Data Protection Policy

Customer Feedback Management Policy

GSK Public policy positions

1.4 For information about our management of your other personal information, please see our Privacy Policy available at

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

REQUEST FOR QUOTE. RFQ Reference Number: RFQ <<INSERT e.g SWR 03-11/12>> <<Enter Course Name>>

Data Protection. Policy and Application July 2009

Downloaded from the website of the Data Protection Commissioner on 26 th July, 2011.

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

HERTSMERE BOROUGH COUNCIL

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

PROTECTION OF PERSONAL INFORMATION

Council, 14 May Information Governance Report. Introduction

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER

DATA PROTECTION POLICY

CORK INSTITUTE OF TECHNOLOGY

The Manitoba Child Care Association PRIVACY POLICY

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

3. Consent for the Collection, Use or Disclosure of Personal Information

Corporate Policy. Data Protection for Data of Customers & Partners.

Closed Circuit Television (CCTV) code of practice. Based on the publication A Code of Practice for CCTV

Home Building Amendment Act 2011 No 52

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Information Governance Policy

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

THE CLAIMS MANAGEMENT CODE ( the Code )

The potential legal consequences of a personal data breach

Identity Cards Act 2006

So the security measures you put in place should seek to ensure that:

Players Agent Registration Regulations

Privacy Policy. Federal Insurance Company, Singapore Branch Singapore Personal Data Protection Privacy Policy. 1. Introduction

Data Protection Policy

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

Information Governance Policy

Information Governance Policy

Transcription:

DATA PROTECTION CORPORATE POLICY Information Management V1.1 03 July 2012 Not protectively marked

This policy must be complied with fully by all Members, Officers Agents and Contractors of Plymouth City Council who collect, hold, process or deal with Personal Data for or on behalf of the City Council. Plymouth City Council supports the objectives of the Data Protection Act 1998 (the DPA ) and intends to conform to the requirements of the Act at all times. 1.0 PROCESSING PERSONAL DATA (for further information please consult the Support to the Data Protection Policy, clause 1) 1.1. Personal Data must be processed fairly and lawfully in accordance with the provisions of the DPA. 1.2. Personal Data may only be processed for notified purposes as stated within the DPA. 1.3. Anyone with responsibility for holding or collecting data must ensure that data kept and processed about any Data Subject is accurate and up to date. All due skill and care must be taken. Data must not be excessive to need and superfluous data must be destroyed or removed from the system. 1.4. Directors and Heads of Service are responsible for ensuring compliance with this policy within their departments. Each Director and Head of Service shall nominate a person to ensure compliance with the Act and to ensure that other members of staff are aware of the provisions of the Act. This person shall be called the Data Protection Act Representative. The nomination of such a person shall not release other members of staff from compliance with this Act and this policy. 1.5. Any processing of sensitive data must comply with the special and more stringent rules set out in the DPA. 2.0 SECURITY AND REGISTRATION (for further information please consult the Support to the Data Protection Policy, clause 2) 2.1. Each Member, Director and Head of Service are responsible for ensuring that data cannot be accessed by unauthorised personnel and to ensure that data cannot be tampered with, lost or damaged. All superfluous data must be disposed of in a secure manner. 2.2. The Information Commissioner keeps a register of all organisations, which process data. The Council shall submit a Notification to the Information Commissioner and pay the requisite fee at least once a year. This will be done centrally by the Corporate Information Manager, Directors and Heads of Service must furnish the Corporate Information Manager DATA PROTECTION CORPORATE POLICY Page 2 of 5

with any information requested for this purpose. Directors and Heads of Service must notify the Corporate Information Manager immediately if, during the course of any year, this information changes, and the Corporate Information Manager must update the Register entry accordingly. Members may have to register personally with the Information Commissioner with respect to constituency or party records. 3.0 AGENTS, PARTNER ORGANISATIONS AND CONTRACTORS If a Contractor, Partner Organisation or Agent of the Council is appointed or engaged to collect, hold, process or deal with Personal Data for or on behalf of the Council or if they will do so as part of the Services they are providing to the Council, the Lead Council Officer must as part of evaluation obtain confirmation that the Agent, Partner Organisation or Contractor is able, willing and does comply with the DPA. There must be specific obligations in every such contract requiring the Contractor to comply with the DPA. 4.0 DISCLOSURE OF PERSONAL DATA Personal Data will only be disclosed in accordance with the provisions of the DPA. 5.0 ACCESS RIGHTS BY INDIVIDUALS (for further information please consult the Support to the Data Protection Policy, clause 5) 5.1 An individual may request a copy of any data held about them, or information about the reasons it is kept and processed and the people to whom it is disclosed. The information must be provided, in clearly understandable terms within 40 days of a valid written request and the payment of the required fee. 5.2 A person seeking information shall be required to prove their identity in accordance with the DPA. The 40 days will run from the date the person provides this information, and pays the required fee. 5.3. Information may be withheld where the Council is not satisfied that the person requesting information about themselves are who they say they are, or when the requester is an organisation or body where the Council are not satisfied that they have the authority to receive that information. 6.0 DISCLOSURE TO AND ABOUT THIRD PARTIES (for further information please consult the Support to the Data Protection Policy, clause 6) Personal Data must not be disclosed about a Third Party except in accordance with the DPA. If it appears absolutely necessary to disclose information about a Third Party to a person requesting data about themselves advice must be sought from the Corporate Information Manager. DATA PROTECTION CORPORATE POLICY Page 3 of 5

7.0 INACCURATE DATA (for further information please consult the Support to the Data Protection Policy, clause 7) If an individual complains that the data held about them is wrong, incomplete or inaccurate, the position should be investigated thoroughly including checking with the source of the information. In the meantime a caution should be marked on the person s file that there is a question mark over the accuracy. An individual is entitled to apply to the court for a correcting order and it is obviously preferable to avoid legal proceedings by working with the person to correct the data or allay their concerns. 8.0 REQUESTS BY INDIVIDUALS TO STOP PROCESSING INFORMATION (for further information please consult the Support to the Data Protection Policy, clause 8) 8.1. If data is properly held for marketing purposes, an individual is entitled to require that this is ceased as soon as possible. Requests must be made in writing but generally all written or oral requests should be heeded as soon as they are made. The cessation must be confirmed in writing. 8.2. If data is held for any other purposes, an individual may request that processing ceases if it is causing them unwarranted harm or distress. This does not apply if they have given their consent, if the data is held in connection with a contract with the person, if the Council is fulfilling a legal requirement or if the person s vital interests are being protected. Valid written requests must be heeded within 21 days. The cessation must be confirmed in writing. 9.0 COMPLAINTS Any complaint or concern expressed by an individual in connection with the DPA must be reported to the Corporate Information Manager immediately in case legal action is taken. The Corporate Information Manager will work with the Department to ensure that there has been no breach of the DPA and, if there has, what action needs to be taken to remedy it. 10.0 EXEMPTIONS (for further information please consult the Support to the Data Protection Policy, clause 10) There are a number of purposes which are exempt from certain provisions of the DPA. These purposes are listed in clause 13 of the Data Protection Guidance. If you are in doubt about which purposes are exempt and the scope of the exemption please contact the Corporate Information Manager. 11.0 VIOLATIONS OF RULES AND PROCEDURES 11.1. It is the responsibility of all employees to report any suspected breaches of the DPA, or of this policy, to their Head of Service in accordance with the Financial Regulations. DATA PROTECTION CORPORATE POLICY Page 4 of 5

11.2. It is the responsibility of all Members to report any suspected breaches of the DPA, or this policy, to the Chief Executive in accordance with the Financial Regulations. 11.3. Disciplinary action in accordance with procedures approved by the Council, may be taken against any employee or Member who breaches the DPA, or the requirements of this policy. 12.0 FURTHER INFORMATION AND OTHER RELATED POLICIES 12.1. If in doubt about any aspect of this policy, contact the Corporate Information Manager. 12.2. Other related Policies include the Access to Personal Files Policy and the Disciplinary Policy. 12.3 Further information can be found in the Support to the Data Protection Policy pamphlet, which includes Data Protection Guidance. 13.0 VERSION UPDATE 08/09/2003 Audit Committee: the Data Protection Policy be approved and the Data Protection Policy and Data Protection Guidance attached to the report as Appendix A be supported; Heads of Service be required to make sufficient resources available to enable the policy to be properly implemented and brought to the attention of Members and Officers; Delegated authority be given to the City Solicitor to allow for the updating of the Support to the Data Protection Policy and the Data Protection Guidance without seeking specific Council approval provided that the guidance notes do not conflict with the Data Protection Policy 03/07/2012 Reformatted into current corporate template 03/07/2012 References to City Treasurer and City Solicitor replaces with the role of Corporate Information Manager (this role was not in place when the original policy was approved) DATA PROTECTION CORPORATE POLICY Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information