Access to Personal Information Procedure

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Access to Personal Information Procedure"

Transcription

1 Purpose of The sixth principle of the Data Protection Act 1998 gives rights to individuals in respect of the personal data that organisations hold about them. The Act says that: Personal data shall be processed in accordance with the rights of the data subject under this act. The purpose of this procedure is to provide guidance to staff on how to manage any requests in relation to these rights in line with the Data Protection Act, and company policy. For the purpose of clarity, these rights include: A right of access to a copy of the information held in their personal data commonly known as a Subject Access Request A right to object to any data processing that is likely to cause or is causing damage or distress A right to prevent data processing for direct marketing A right to object to decisions being taken by automated means A right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed, and A right to claim compensation for damages caused by a breach of the Act. NB. Key definitions of terms used within this procedure are provided in Appendix 1. Action Points Subject Access Requests Under Section 7 of the Data Protection Act, a Data Subject 1 can make a written request (includes ) to see a copy of the information Great Places as a data controller holds about them. A request must be made directly by the Data Subject unless there is clear evidence that a third party (i.e. an advocate or legal representative) is acting on behalf of that individual. Steps must be taken to verify that the request has come directly from the Data Subject as outlined in the Information Security before a response to the Subject Access Request is provided. This may include asking the requestor to provide proof of their identity. Under the Terms of the Data Protection Act, Great Places charge a 10 fee to cover the administrative costs of producing a Subject Access request, and this fee must be paid in full before the data is provided to the Data Subject. This fee may be waived in certain circumstances at the discretion of the Data Management Advisory Group. 1 For point of reference, a Data Subject includes anyone receiving a service from Great Places including (but not exclusively) tenants and residents, floating support clients, employees, and applicants for employment. Version date: January

2 After receipt of the request, we have 40 calendar days to supply a permanent copy of the information to the data subject in a form agreed with the individual. All Subject Access Requests should be directed to the Head of Business Assurance who will oversee the process and liaise with appropriate teams and 3 rd parties. Individuals are only entitled to their own personal data, and Great Places have a duty to protect the personal data of any other individuals who may be referred to within documents, etc. We will endeavour to provide as much information as possible by making use of redaction. Our contractors may hold personal information about our customers via their role as a data processor. In the course of compiling information for a Subject Access Request, we should contact any data processors who may hold data about the individual. Such data processors may include repairs contractors, out of hours call handlers, etc. When compiling a Subject Access Request, the data controller must take into account any exemptions that mean certain types of data do not have to be supplied to the data subject. Examples of exemption include, but are not exclusive to: Personal data processed for crime and taxation purposes including: o The prevention of detection of crime o The capture or prosecution of offenders o The assessment or collection of tax or duty Legal advice and proceedings Confidential references given in connection with education, training or employment Personal data processed for management forecasting or management planning Data consisting of our intentions in negotiating with an individual re: compensation, etc. Personal data relating to an individuals physical or mental health if granting access would be likely to cause serious harm to the individual or someone else Under section 42 of the Data Protection Act, individuals have the right to make a complaint to the Information Commissioners Office (ICO) if: We do not respond to a request satisfactorily within the 40 day time limit We are holding personal data unfairly for a different reason to that which it was originally collected for, or without appropriate security We are holding data that is inadequate, inaccurate or for longer than is necessary We fail to disclose information to the data subject outside of an accepted exemption Requests to share information with 3 rd parties Requests to share personal information can come from a variety of sources but most commonly come from the police, local authority departments, other housing providers and support agencies. We may also use the legitimate interest clause within the Data Protection Act in the following circumstances: To disclose a tenant s information to debt collection agencies if Great Places as the landlord are owed monies To pass tenant details to a utility company if the tenant has left the property with an unpaid debt on their account Version date: January

3 Where a request is made with the data subjects permission, staff should provide the information required whilst taking care not to breach the data rights of any 3 rd parties, and taking into account the exemptions within the Act. When a request is made to share data without the data subjects consent, staff should always consider whether there is a justifiable reason to share the data. If staff receive any queries that they are unsure about, they should contact the Data Management Advice Group who will consider the request. Where a request is made outside of office hours (8am 6pm) the individual dealing with the request should take a common sense approach to sharing the required information particularly in the case of a serious police or safeguarding incident and seek retrospective permission from the Data Management Advice Group at the earliest opportunity. Any decisions to share, or withhold, information should be recorded on the Data Protection Incident Log to enable us to defend any decisions accurately if the need arises. Requests for information about other individuals or general information The Data Protection Act does not grant individuals access to information about other people, or to general information about the company, our decision making processes, financial status, etc. Any requests of this nature should be directed to the Head of Business Assurance who will provide the required response. Data Breaches A data breach can occur where any of the 8 principles of the Data Protection Act are not complied with. The Information Commissioners Office can fine organisations for breaching the Act, and many of the fines to date have been in relation to breaches of the 7 th principle keeping personal information secure. With this in mind, staff must appreciate the importance of protecting the data we hold and ensuring its security at all times. Great Places has information security procedures in place to minimise the risk of data breaches. If a member of staff thinks that a data breach has occurred either directly or by a colleague or partner organisation they must notify the Data Management Advice Group within 1 working day to enable a thorough investigation to be carried out and a decision made on whether the breach is reportable to the Information Commissioners Office (based on its severity). All near misses should also be reported to ensure that appropriate preventative or corrective action can be taken to minimise any future risk. Staff should note that a data breach, or a near miss, may lead to action under the company Disciplinary Policy if the investigation indicates that the individual acted with malice or in direct contravention of information security procedures. Version date: January

4 Freedom of Information Requests Great Places Housing Group are not currently classified as a public body under the terms of the Freedom of Information Act 2000 and, as such, are not required to comply with any direct requests under this legislation. However, our local authority partners are covered by the Act and any information we have shared with them, i.e. s, joint working documents, etc. by be subject to disclosure. Any requests relating to the Freedom of Information Act should be directed to the Head of Business Assurance who will respond appropriately. Responsibilities All Great Places employees and partners have a responsibility to act in accordance with the Data Protection Act 1998, however, the following roles have a direct responsibility: Director of Business Intelligence named Data Controller with the Information Commissioners Office Head of Business Assurance delegated responsibility for compliance with the Act Members of Data Management Advice Group nominated points of contact for staff advice Links to Related Strategies, Policies, s and Forms Data Protection Policy Privacy Policy Information Security Version date: January

5 Appendix 1 Key Definitions Term Data Personal Data Sensitive Personal Data Data Processing Data Processor Data Subject Data Controller Definition Information which: a) Is being processed by means of equipment operating automatically in response to instructions given for that purpose b) Is recorded with the intention that it should be processed by means of such equipment c) Is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system d) Does not fall within points a-c above, but forms part of an accessible record e) Is recorded information held by a public authority and does not fall within points a-d above. Data which relates to a living individual who can be identified: a) From that data b) From that data and other information which is in the possession of, or is likely to come into the possession of, the data controller And includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Personal data consisting of information as to: a) The racial or ethnic origin of the data subject b) Their political opinions c) Their religious beliefs or other beliefs of a similar nature d) Whether they are a member of a trade union e) Their physical or mental health or condition f) Their sexual life g) The commission or alleged commission by them of any offence h) Any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or sentencing Obtaining, recording or holding information or data or carrying out any operation of set of operations on the data including: a) Organisation, adaptation or alteration of the information or data b) Retrieval, consultation or use of the information or data c) Disclosure of the information od data by transmission, dissemination or otherwise making available, or d) Alignment, combination, blocking, erasure or destruction of the information or data Any person (other than an employee of the data controller) who processes the data on behalf of the data controller An individual who is the subject of personal data A person who (either alone or jointly or in common with other persons) determined the purposes for which, and the manner in which, any personal data is to be processed Version date: January

6 Equality Impact Assessment Is this a key strategic document, major policy or procedure or service change? Examples may include: Homeless Strategy/ Customer Involvement Strategy YES NO What impact will your document or service delivery change have on the public or staff, giving particular regard to potential impacts on minority groups? Issues to consider include race, disability, gender, sexual orientation, religion, age, carers and other socio-economic factors Please explain your answer: Provide a narrative explaining why you gave the impact rating above. HIGH MEDIUM LOW DON T KNOW Approval Date: 5th January 2017 Equality Impact Assessment Date: January 2017 Safeguarding impact: Review Date: Lead Team: Level of Authorisation Required: Not applicable By 30th April 2018 prior to introduction of GDPR Business Assurance Service Delivery Leadership Team Version date: January

Data Protection Act 1998 Policy

Data Protection Act 1998 Policy Data Protection Act 1998 Policy Responsibility for Policy: Relevant to: University Secretary All Staff, Students and Academic Partnerships Approved by: SMT in September 2016 Responsibility for Document

More information

Data Protection Act 1998

Data Protection Act 1998 Data Protection Act 1998 1998 CHAPTER 29 ARRANGEMENT OF SECTIONS Part I Preliminary 1. Basic interpretative provisions. 2. Sensitive personal data. 3. The special purposes. 4. The data protection principles.

More information

European College of Business and Management Data Protection Policy

European College of Business and Management Data Protection Policy European College of Business and Management Data Protection Policy 1. INTRODUCTION 1.1 The European College of Business and Management (ECBM) is committed to full compliance with the Data Protection Act

More information

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016 1.0 Summary of Changes 1.1 This procedure/sop has had an additional paragraph added at 3.8.6 relating to data processing of information by direct access to Athena. 2.0 What this Procedure/SOP is About

More information

DATA PROTECTION (JERSEY) LAW 2005

DATA PROTECTION (JERSEY) LAW 2005 DATA PROTECTION (JERSEY) LAW 2005 Revised Edition Showing the law as at 1 January 2017 This is a revised edition of the law Data Protection (Jersey) Law 2005 Arrangement DATA PROTECTION (JERSEY) LAW 2005

More information

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE 2008 CONTENTS 1. INTRODUCTION Purpose of this document 1-6 2. KEY LEGISLATION AND GUIDANCE

More information

DATA PROTECTION POLICY STATUTORY

DATA PROTECTION POLICY STATUTORY DATA PROTECTION POLICY MAIDEN ERLEGH TRUST STATUTORY INITIAL APPROVAL July 2017 REVIEW FREQUENCY At least every two years REVIEWED CONTENTS PART ONE: POLICY STATEMENT & OBJECTIVES PART TWO: STATUS OF THE

More information

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS Short title. 1. This Law may be cited as the Processing of Personal Data (Protection of Individuals)

More information

SUBJECT ACCESS REQUEST

SUBJECT ACCESS REQUEST DATA PROTECTION ACT 1998 SUBJECT ACCESS REQUEST Procedure Manual Page 1 of 22 Invest NI 1. Introduction 1.1 What is a Subject Access Request? 1.2 Routine Requests 1.3 What is an individual entitled to?

More information

to the Government Gazette of Mauritius No. 14 of 14 February 2009

to the Government Gazette of Mauritius No. 14 of 14 February 2009 LEGAL Government SUPPLEMENT Notices 2009 45 45 to the Government Gazette of Mauritius No. 14 of 14 February 2009 Government Notice No. 22 of 2009 THE DATA PROTECTION ACT Regulations made by the Prime Minister

More information

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 General Rules on the Processing of Personal Data... 1 Rights of Data Subjects... 6 Notifications to the Registrar... 7 The Registrar...

More information

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 2 DATA PROTECTION (JERSEY) LAW 2005: CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV PART 1: CODE OF PRACTICE Introduction

More information

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1. Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information 1 In order to ensure the right of informational self-determination and the freedom of information, and to

More information

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) [S.L.440.05 1 SUBSIDIARY LEGISLATION 440.05 DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS 30th September,

More information

Staff Data Protection Policy

Staff Data Protection Policy Staff Data Protection Policy Version: 9.0 Approval Status: Approved Document Owner: Graham Feek Classification: External Review Date: 02/11/2016 Effective from: 1 July 2015 Table of Contents 1. The Data

More information

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998 North Yorkshire County Council Subject Access Request Guidance and Procedure Data Protection Act 1998 The Data Protection Act 1998 (the Act), section 7 (1) gives individuals certain rights with regards

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Durrington High School as part of the Durrington Multi Academy Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact

More information

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan ELECTRONIC DATA PROTECTION ACT 2005 An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan Whereas it is expedient to provide for the processing

More information

COMP Article 1. Article 1 Subject matter and objectives

COMP Article 1. Article 1 Subject matter and objectives Proposal for a directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention,

More information

THE PERSONAL DATA (PROTECTION) BILL, 2013

THE PERSONAL DATA (PROTECTION) BILL, 2013 THE PERSONAL DATA (PROTECTION) BILL, 2013 [Long Title] [Preamble] CHAPTER I PRELIMINARY 1. Short title, extent and commencement. (1) This Act may be called the Personal Data (Protection) Act, 2013. (2)

More information

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum The object of this Bill is to repeal the Data Protection Act and replace it by a new and more appropriate legislation which will strengthen

More information

Freedom of Information Policy

Freedom of Information Policy Audience Named person responsible for monitoring Freedom of Information Policy All Staff & Governors Head Agreed by Personnel Committee June 2015 Agreed by Governing Body July 2015 Date to be Reviewed

More information

Data Protection Bill, House of Lords second reading Information Commissioner s briefing

Data Protection Bill, House of Lords second reading Information Commissioner s briefing Data Protection Bill, House of Lords second reading Information Commissioner s briefing Introduction... 2 Overview... 2 Derogations... 4 Commissioner s part-by- part commentary on the Bill... 5 Part one:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy St Barnabas & St Philip s Church of England Primary School P:\Policies and Documents\Data Protection Policy.docx 1 Responsibility: Contents: It is the responsibility of the Governors

More information

CHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PART II

CHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PART II CHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Short Title 2. Interpretation 3. Scope of Application PART II DATA PROTECTION AUTHORITY 4. Establishment

More information

the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States

the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States Agreement between the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States on the Transfer of Certain Personal Data The Public

More information

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI)

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI) PURPOSE PARTNERS The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief Police Officers and relevant agencies

More information

Data Protection. Standard Operating Procedure

Data Protection. Standard Operating Procedure Data Protection Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised as

More information

Guide for Municipalities

Guide for Municipalities APPENX B: Unreasonable Invasion of Priva Access to Information and Protection of Privacy Guide for Municipalities October 2015 Table of Contents Introduction... 3 Overview of Public Documents... 7 Adopted

More information

Data Protection Policy. Revisions and Editions Log

Data Protection Policy. Revisions and Editions Log Data Protection Policy Revisions and Editions Log Data Protection Policy adopted February 2015 Review Resources Comm February 2016 Reviewed Feb 2017 FGB Next review Feb 2018 School Data Protection Policy

More information

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT The purpose of this Statoil Binding Corporate Rules Public Document is to explain the content of the Binding Corporate Rules (BCR) and help ensure that

More information

THE PRIVACY ACT OF 1974 (As Amended) Public Law , as codified at 5 U.S.C. 552a

THE PRIVACY ACT OF 1974 (As Amended) Public Law , as codified at 5 U.S.C. 552a THE PRIVACY ACT OF 1974 (As Amended) Public Law 93-579, as codified at 5 U.S.C. 552a Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, that

More information

5418/16 AV/NT/vm DGD 2

5418/16 AV/NT/vm DGD 2 Council of the European Union Brussels, 6 April 2016 (OR. en) Interinstitutional File: 2012/0010 (COD) 5418/16 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: DATAPROTECT 1 JAI 37 DAPIX 8 FREMP 3 COMIX 36

More information

Whistleblowing & Serious Misconduct Policy

Whistleblowing & Serious Misconduct Policy King s Norton Boys School Whistleblowing & Serious Misconduct Policy We recognise that children cannot be expected to raise concerns in an environment where staff fail to do so. All staff should be aware

More information

THE PIGGOTT SCHOOL FREEDOM OF INFORMATION POLICY AND GUIDANCE

THE PIGGOTT SCHOOL FREEDOM OF INFORMATION POLICY AND GUIDANCE THE PIGGOTT SCHOOL...to be a school which inspires and encourages the highest achievement FREEDOM OF INFORMATION POLICY AND GUIDANCE Date last reviewed: Summer term 2017 Responsibility: Headteacher and

More information

Personal Data Protection Act

Personal Data Protection Act Personal Data Protection Act Promulgated State Gazette No. 1/4.01.2002, effective 1.01.2002, supplemented, SG No. 70/10.08.2004, effective 1.01.2005, SG No. 93/19.10.2004, No. 43/20.05.2005, effective

More information

Memorandum of Understanding. between. Solicitors Regulation Authority. and. The Claims Management Regulation Unit (CMR)

Memorandum of Understanding. between. Solicitors Regulation Authority. and. The Claims Management Regulation Unit (CMR) Memorandum of Understanding between Solicitors Regulation Authority and The Claims Management Regulation Unit (CMR) Introduction 1. The Claims Management Regulation Unit (CMR) and the Solicitors Regulation

More information

Clare County Council Data Access Requests Policy

Clare County Council Data Access Requests Policy Clare County Council Data Access Requests Policy Data Subject A Data Subject is the individual who is the subject of the personal data. Only a Data Subject is entitled to make a Data Access Request. Section

More information

Data protection and journalism: a guide for the media

Data protection and journalism: a guide for the media Data protection Data protection and journalism Data protection and journalism: a guide for the media Contents * About this guide 3 2 Technical guidance 18 1 Practical guidance 6 Data protection basics

More information

St. Paul s C of E Primary School

St. Paul s C of E Primary School St. Paul s C of E Primary School Data Protection Policy Reviewed January 2016 Next Review Date January 2019 St. Paul s C. of E. Primary School DATA PROTECTION POLICY School Aim Statement Everyone working

More information

DISCLOSURE & BARRING CHECKS POLICY

DISCLOSURE & BARRING CHECKS POLICY Westcountry Schools Trust (WeST) DISCLOSURE & BARRING CHECKS POLICY Mission Statement WeST holds a deep seated belief in education and lifelong learning. Effective collaboration, mutual support and professional

More information

CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS

CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS 1 INTRODUCTION This Code of Practice sets out the basic conditions of use for Community-Based CCTV systems by applicants for the Department of Justice,

More information

Staff information. ICO policy and procedure regarding party political activities

Staff information. ICO policy and procedure regarding party political activities Staff information ICO policy and procedure regarding party political activities 1. Scope All employees of the Information Commissioner's Office. 2. Purpose 2.1 To ensure that all staff are aware of their

More information

RESTREINT UE/EU RESTRICTED

RESTREINT UE/EU RESTRICTED Council of the European Union General Secretariat Brussels, 16 March 2015 (OR. en) 7236/15 RESTREINT UE/EU RESTRICTED JAI 177 USA 10 DATAPROTECT 32 RELEX 228 NOTE From: To: Subject: Commission Services

More information

Privacy Law Template. Prepared for The Alberta First Nations Information Governance Centre. By Krista Yao

Privacy Law Template. Prepared for The Alberta First Nations Information Governance Centre. By Krista Yao Privacy Law Template Prepared for The Alberta First Nations Information Governance Centre By Krista Yao Edited by: Amelia Crowshoe, BCC Design by: Michal Waissmann - mw creative Purpose 1. The purpose

More information

Anti-Bribery and Corruption Policy

Anti-Bribery and Corruption Policy Anti-Bribery and Corruption Policy 1. Policy Statement In accordance with the highest standards of professional practice and good governance, the University does not tolerate bribery or corruption of any

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 13 September 2011 (OR. en) 10093/11 Interinstitutional File: 2011/0126 (NLE)

COUNCIL OF THE EUROPEAN UNION. Brussels, 13 September 2011 (OR. en) 10093/11 Interinstitutional File: 2011/0126 (NLE) COUNCIL OF THE EUROPEAN UNION Brussels, 13 September 2011 (OR. en) 10093/11 Interinstitutional File: 2011/0126 (NLE) JAI 314 AUS 7 RELEX 493 DATAPROTECT 50 LEGISLATIVE ACTS AND OTHER INSTRUMENTS Subject:

More information

INFORMATION SHARING AGREEMENT This document is NOT PROTECTIVELY MARKED

INFORMATION SHARING AGREEMENT This document is NOT PROTECTIVELY MARKED PURPOSE PARTNERS The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief Police Officers and relevant agencies

More information

The Scottish Further and Higher Education Funding Council. Standard Terms and Conditions of Contract for professional services.

The Scottish Further and Higher Education Funding Council. Standard Terms and Conditions of Contract for professional services. The Scottish Further and Higher Education Funding Council Standard Terms and Conditions of Contract for professional services. These standard terms and conditions may only be varied with the written agreement

More information

Disclosure and Barring Service (DBS) Policy

Disclosure and Barring Service (DBS) Policy Disclosure and Barring Service (DBS) Policy Please be aware that this printed version of the Policy may NOT be the latest version. Staff are reminded that they should always refer to the Intranet for the

More information

Disclosure and Barring Service (DBS) Checks Policy

Disclosure and Barring Service (DBS) Checks Policy Disclosure and Barring Service (DBS) Checks Policy For the attention of: All Staff Produced by: Director of Human Resources Approved by: SMT Date of publication: April 2013 Date of review: April 2015 Our

More information

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012 Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012 Glossary of Terms... 3 The Privacy Principles at Nestlé Canada... 5 Accountability... 5 Identifying Purpose... 5 Consent... 6 Obtaining

More information

FREEDOM OF INFORMATION ACT 2000 SUMMARY GUIDANCE

FREEDOM OF INFORMATION ACT 2000 SUMMARY GUIDANCE FREEDOM OF INFORMATION ACT 2000 SUMMARY GUIDANCE This guidance is a short and succinct summary of what you need to know and do about the Freedom of Information Act 2000 (FOIA). This guidance is no substitute

More information

Data Protection in Germany

Data Protection in Germany Data Protection in Germany We live in an information society. Freely available information has become a new factor in the economy, indeed it is now among the most important factors of economic life. Data

More information

Recruitment, selection and disclosure policy and procedure

Recruitment, selection and disclosure policy and procedure Recruitment, selection and disclosure policy and procedure 1 Introduction Eton College (the College) is committed to providing the best possible care and education to its pupils and to safeguarding and

More information

St John s Church of England (Voluntary Aided) Primary School, Croydon. Disclosure and Barring Policy 2017

St John s Church of England (Voluntary Aided) Primary School, Croydon. Disclosure and Barring Policy 2017 St John s Church of England (Voluntary Aided) Primary School, Croydon Disclosure and Barring Policy 2017 Date: January 2017 Frequency of review: Annual Reviewed by: Personnel Committee Background Criminal

More information

FREEDOM OF INFORMATION POLICY

FREEDOM OF INFORMATION POLICY FREEDOM OF INFORMATION POLICY Approved: October 2014 Review due: October 2017 FREEDOM OF INFORMATION POLICY 1. Introduction The Southfield Grange Trust is committed to the Freedom of Information Act (FoI)

More information

RIVERSIDE SCHOOL DISTRICT

RIVERSIDE SCHOOL DISTRICT No. 801 SECTION: OPERATIONS RIVERSIDE SCHOOL DISTRICT TITLE: PUBLIC RECORDS ADOPTED: May 8, 1989 REVISED: December 1, 2008 801. PUBLIC RECORDS 1. Purpose The Board recognizes the importance of public records

More information

Guidelines on Disclosure & Barring Service (DBS) Checks

Guidelines on Disclosure & Barring Service (DBS) Checks Guidelines on Disclosure & Barring Service (DBS) Checks What is DBS? Requirement for DBS checks at Southampton Solent University (SSU) Information for new applicants Information for existing employees

More information

Disclosure and Barring Scheme Policy and Procedure

Disclosure and Barring Scheme Policy and Procedure Disclosure and Barring Scheme Policy and Procedure Author HR Manager Date September 2013 (Policy Statement) Person Responsible HR Manager Approval/ review body (ies) SLT/ JNC/ Corporate Board Frequency

More information

The Freedom of Information and Protection of Privacy Act

The Freedom of Information and Protection of Privacy Act FREEDOM OF INFORMATION AND 1 The Freedom of Information and Protection of Privacy Act being Chapter of the Statutes of Saskatchewan, 1990-91, as amended by the Statutes of Saskatchewan, 1992, c.62; 1994,

More information

As approved by the Office of Communications for the purposes of Sections 120 and 121 of the Communications Act 2003 on 21 June 2016

As approved by the Office of Communications for the purposes of Sections 120 and 121 of the Communications Act 2003 on 21 June 2016 Code of Practice Code for Premium rate services Approved under Section 121 of the Communications Act 2003 Code of Practice 2016 (Fourteenth Edition) Phone-paid Services Authority As approved by the Office

More information

Practical Guidance on the sharing of information and information governance for all NHS organisations specifically for Prevent and the Channel process

Practical Guidance on the sharing of information and information governance for all NHS organisations specifically for Prevent and the Channel process Page 1 of 15 Practical Guidance on the sharing of information and information governance for all NHS organisations specifically for Prevent and the Channel process Page 2 of 15 NHS England Information

More information

CITY OF GARDEN CITY FREEDOM OF INFORMATION ACT PROCEDURES & GUIDELINES

CITY OF GARDEN CITY FREEDOM OF INFORMATION ACT PROCEDURES & GUIDELINES CITY OF GARDEN CITY FREEDOM OF INFORMATION ACT PROCEDURES & GUIDELINES Preamble: Statement of Principles It is the policy of the City of Garden City that all persons, consistent with the Michigan Freedom

More information

SCHEDULE Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

SCHEDULE Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. SCHEDULE 1 THE DATA PROTECTION PRINCIPLES PART I THE PRINCIPLES 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless- (a) at least one of the conditions

More information

D I R E C T I O N S AND N O T E S

D I R E C T I O N S AND N O T E S Surname, first name of applicant D I R E C T I O N S AND N O T E S Verwaltung des Klinikums Geschäftsbereich Personal Abteilung Personalbetreuung 1. DIRECTIONS CONCERNING THE OBLIGATION OF LOYALTY TO THE

More information

Criminal Records Checks

Criminal Records Checks 1 Sir Christopher Hatton Academy Criminal Records Checks Policy for the use of Criminal Records Checks and vetting adults with access to Sir Christopher Hatton Academy and its pupils. Statement on the

More information

Kent County Council. A Guide to Managing Allegations against Members of Staff

Kent County Council. A Guide to Managing Allegations against Members of Staff Kent County Council A Guide to Managing Allegations against Members of Staff 1 Kent County Council Managing Allegations Against Staff Practice Guidance Title Managing Allegations Against Staff Practice

More information

COLLEGE OF OPTOMETRISTS OF BRITISH COLUMBIA. Bylaws

COLLEGE OF OPTOMETRISTS OF BRITISH COLUMBIA. Bylaws COLLEGE OF OPTOMETRISTS OF BRITISH COLUMBIA Bylaws DEFINITIONS (SECTION 1)... 1 PART 1 COLLEGE BOARD, COMMITTEES AND PANELS (SECTIONS 2 TO 26)... 3 Composition of the board... 3 Eligibility for election

More information

The Local Authority Freedom of Information and Protection of Privacy Act

The Local Authority Freedom of Information and Protection of Privacy Act LOCAL AUTHORITY FREEDOM OF INFORMATION 1 The Local Authority Freedom of Information and Protection of Privacy Act being Chapter L-27.1 of the Statutes of Saskatchewan, 1990-91 (consult Table of Saskatchewan

More information

The London Borough of Barnet. The Metropolitan Police Barnet Borough Division

The London Borough of Barnet. The Metropolitan Police Barnet Borough Division The London Borough of Barnet in partnership with The Metropolitan Police Barnet Borough Division Code of Practice for the operation of Closed Circuit Television October 2014 Change Control Item Reason

More information

Disclosing criminal records

Disclosing criminal records Disclosing criminal records Contents Introduction The legal background Preparing to disclose When to disclose Disclosure: top tips Glossary 1 2 4 7 8 9 Introduction This guide is for adult job seekers

More information

EMPLOYER AGREEMENT PARTIES BACKGROUND AGREED TERMS. (1) The SFA; and. (2) The Employer.

EMPLOYER AGREEMENT PARTIES BACKGROUND AGREED TERMS. (1) The SFA; and. (2) The Employer. EMPLOYER AGREEMENT PARTIES (1) The SFA; and (2) The Employer. BACKGROUND This Agreement sets out the terms for use of the Apprenticeship Service by the Employer and the obligations by which the Employer

More information

Financial Dispute Resolution Service (FDRS)

Financial Dispute Resolution Service (FDRS) RULES FOR Financial Dispute Resolution Service (FDRS) DATE: 1 April 2015 Contents... 1 1. Title... 1 2. Commencement... 1 3. Interpretation... 1 Part 1 Core features of the Scheme... 3 4. Purpose of the

More information

WINSLOW CE COMBINED SCHOOL

WINSLOW CE COMBINED SCHOOL Recruitment Policy Introduction The purpose of this policy is to set out the minimum requirements of a recruitment process that: Attracts the best possible applicants to apply for any vacancies Has safeguarding

More information

Privacy Act of 1974: A Basic Overview. Purpose of the Act. Congress goals. ASAP Conference: Arlington, VA Monday, July 27, 2015, 9:30-10:45am

Privacy Act of 1974: A Basic Overview. Purpose of the Act. Congress goals. ASAP Conference: Arlington, VA Monday, July 27, 2015, 9:30-10:45am Privacy Act of 1974: A Basic Overview 1 ASAP Conference: Arlington, VA Monday, July 27, 2015, 9:30-10:45am Presented by: Jonathan Cantor, Deputy CPO, Dep t of Homeland Security (DHS) Alex Tang, Attorney,

More information

CITY OF CHICAGO BOARD OF ETHICS. AMENDED RULES AND REGULATIONS (Effective January 5, 2017)

CITY OF CHICAGO BOARD OF ETHICS. AMENDED RULES AND REGULATIONS (Effective January 5, 2017) CITY OF CHICAGO BOARD OF ETHICS AMENDED RULES AND REGULATIONS (Effective January 5, 2017) (As required by Chapter 2-156 of the Municipal Code of Chicago.) rev. 1/5/17 TABLE OF CONTENTS Rule 1. Jurisdiction

More information

KING COUNTY HOUSING AUTHORITY PUBLIC RECORDS DISCLOSURE POLICY

KING COUNTY HOUSING AUTHORITY PUBLIC RECORDS DISCLOSURE POLICY KING COUNTY HOUSING AUTHORITY PUBLIC RECORDS DISCLOSURE POLICY 1. PURPOSE: 1.1 Public Records Act: The Public Records Act, chapter 42.56 RCW, requires the King County Housing Authority ( KCHA ) to make

More information

Freedom of Information Act 2000 (FOIA) Decision notice

Freedom of Information Act 2000 (FOIA) Decision notice Freedom of Information Act 2000 (FOIA) Decision notice Date: 16 March 2016 Public Authority: Address: Nottingham City Council Guildhall Nottingham Nottinghamshire NG1 4BT Decision (including any steps

More information

THE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE

THE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE THE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE Digital forensics and incident response is fundamentally about digital evidence, and

More information

BERMUDA TRUSTS (REGULATION OF TRUST BUSINESS) ACT : 22

BERMUDA TRUSTS (REGULATION OF TRUST BUSINESS) ACT : 22 QUO FA T A F U E R N T BERMUDA TRUSTS (REGULATION OF TRUST BUSINESS) ACT 2001 2001 : 22 TABLE OF CONTENTS 1 2 3 4 4A 5 6 7 8 9 10 11 11A 12 13 14 15 16 17 18 19 20 21 22 PRELIMINARY Short title and commencement

More information

PROTOCOL BETWEEN WEST MIDLANDS POLICE CPS WEST MIDLANDS AND WEST MIDLANDS LOCAL AUTHORITIES

PROTOCOL BETWEEN WEST MIDLANDS POLICE CPS WEST MIDLANDS AND WEST MIDLANDS LOCAL AUTHORITIES PROTOCOL BETWEEN WEST MIDLANDS POLICE CPS WEST MIDLANDS AND WEST MIDLANDS LOCAL AUTHORITIES IN THE EXCHANGE OF INFORMATION IN THE INVESTIGATION AND PROSECUTION OF CHILD ABUSE CASES IN THE WEST MIDLANDS

More information

EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY

EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY Document Reference Number CORP 22 Policy Author Rosie Sergison Policy Implementation date 18 September 2013 Leadership Team

More information

King Edward s School RECRUITMENT, SELECTION AND DISCLOSURE POLICY AND PROCEDURE

King Edward s School RECRUITMENT, SELECTION AND DISCLOSURE POLICY AND PROCEDURE RECRUITMENT, SELECTION AND DISCLOSURE POLICY AND PROCEDURE Recruitment, selection and disclosure policy and procedure 1 Introduction King Edward s School is committed to providing the best possible care

More information

DBS referral form guidance

DBS referral form guidance DBS referral form guidance The Safeguarding Vulnerable Groups Act 2006 (SVGA) places a legal duty on employers and personnel suppliers to refer any person who has: harmed or poses a risk of harm to a child

More information

TRUSTS (REGULATION OF TRUST BUSINESS) ACT 2001 BERMUDA 2001 : 22 TRUSTS (REGULATION OF TRUST BUSINESS) ACT 2001

TRUSTS (REGULATION OF TRUST BUSINESS) ACT 2001 BERMUDA 2001 : 22 TRUSTS (REGULATION OF TRUST BUSINESS) ACT 2001 BERMUDA 2001 : 22 TRUSTS (REGULATION OF TRUST BUSINESS) ACT 2001 [Date of Assent: 8 August 2001] [Operative Date: 25 January 2002] ARRANGEMENT OF SECTIONS PRELIMINARY 1 Short title and commencement 2 Interpretation

More information

Annex 1: Standard Contractual Clauses (processors)

Annex 1: Standard Contractual Clauses (processors) Annex 1: Standard Contractual Clauses (processors) For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure

More information

.nz Connection Agreement

.nz Connection Agreement Title: Date 23 February 2018 Issued: Version 4.1 between: Internet New Zealand Incorporated, trading as InternetNZ and: [full & formal name of Registrar's legal entity] dated: 1. Definitions In this Agreement:

More information

SELF-DECLARATION FORM FOR A CHILD CARE POSITION

SELF-DECLARATION FORM FOR A CHILD CARE POSITION SELF-DECLARATION FORM FOR A CHILD CARE POSITION As required in Clydesdale Cricket Club s Child Protection Policy and Procedures this form must be completed by all members for positions Clydesdale Cricket

More information

Human Resources People and Organisational Development. Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees

Human Resources People and Organisational Development. Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees Human Resources People and Organisational Development Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees 1 Contents What is the DBS?... 3 Assessing the need to conduct a

More information

THE PRIVACY (PROTECTION) BILL, 2013

THE PRIVACY (PROTECTION) BILL, 2013 THE PRIVACY (PROTECTION) BILL, 2013 [Long Title] [Preamble] CHAPTER I PRELIMINARY 1. Short title, extent and commencement. (1) This Act may be called the Privacy (Protection) Act, 2013. (2) It extends

More information

Association of Law Enforcement Intelligence Units

Association of Law Enforcement Intelligence Units Association of Law Enforcement Intelligence Units Your Voice at the National Level! An International Law Enforcement Intelligence Network Founded in 1956 0 Revised: July 25, 2011 ASSOCIATION OF LAW ENFORCEMENT

More information

CRIMINAL RECORDS CHECK (DBS) POLICY. Author/Reviewer: Date Approved: Jan 2006

CRIMINAL RECORDS CHECK (DBS) POLICY. Author/Reviewer: Date Approved: Jan 2006 CRIMINAL RECORDS CHECK (DBS) POLICY Author/Reviewer: DHR Date Approved: Jan 2006 Where Approved: Corporation Date of Issue: Nov 2008 Impact Assessment: Jan 2008 Date Reviewed: August 2010 Date Reviewed

More information

National Register of Public Service Interpreters CODE OF PROFESSIONAL CONDUCT

National Register of Public Service Interpreters CODE OF PROFESSIONAL CONDUCT National Register of Public Service Interpreters CODE OF PROFESSIONAL CONDUCT PREAMBLE The Code set out below is intended to regulate the professional conduct of members of the registrants on the National

More information

BILL NO. 42. Health Information Act

BILL NO. 42. Health Information Act HOUSE USE ONLY CHAIR: WITH / WITHOUT 4th SESSION, 64th GENERAL ASSEMBLY Province of Prince Edward Island 63 ELIZABETH II, 2014 BILL NO. 42 Health Information Act Honourable Doug W. Currie Minister of Health

More information

Inquiry Protocol on Redaction of Documents (VERSION 2)

Inquiry Protocol on Redaction of Documents (VERSION 2) Inquiry Protocol on Redaction of Documents (VERSION 2) Introduction 1. It is important that the Inquiry sees all documents it obtains from institutions which are relevant to its work in complete form.

More information

TERMS OF REFERENCE INSURANCE & FINANCIAL SERVICES OMBUDSMAN SCHEME INCORPORATED

TERMS OF REFERENCE INSURANCE & FINANCIAL SERVICES OMBUDSMAN SCHEME INCORPORATED TERMS OF REFERENCE INSURANCE & FINANCIAL SERVICES OMBUDSMAN SCHEME INCORPORATED 1 JULY 2015 Contents 1. Definitions and Interpretation... 3 2. Delegation Powers... 5 3. Principal Powers and Duties of the

More information

Application for Civil Legal Aid certificate

Application for Civil Legal Aid certificate Emergency Application? Granted under delegated functions Your client's details Application for Civil Legal Aid certificate Legal Representation n-family Proceedings Has an emergency certificate been granted

More information

2.2 References to Blossom, Blossom Educational, Platform, we and us are references to BLOSSOM EDUCATIONAL LTD.

2.2 References to Blossom, Blossom Educational, Platform, we and us are references to BLOSSOM EDUCATIONAL LTD. PLEASE READ THIS DOCUMENT CAREFULLY. IT CONTAINS IMPORTANT INFORMATION ABOUT YOUR RIGHTS AND OBLIGATIONS. IT ALSO CONTAINS A DISCLAIMER OF WARRANTY AND A LIMITATION OF LIABILITY CLAUSE. 1. ABOUT THESE

More information

Royal Mail Group Ltd. Bullying & Harassment Procedure Agreement. 1 st July 2013 For all employees of Royal Mail Group

Royal Mail Group Ltd. Bullying & Harassment Procedure Agreement. 1 st July 2013 For all employees of Royal Mail Group Royal Mail Group Ltd Bullying & Harassment Procedure Agreement 1 st July 2013 For all employees of Royal Mail Group 1 Joint Royal Mail, CWU, Unite Statement 1. Royal Mail Group, CWU and Unite are committed

More information