Staff Data Protection Policy

Size: px
Start display at page:

Download "Staff Data Protection Policy"

Transcription

1 Staff Data Protection Policy Version: 9.0 Approval Status: Approved Document Owner: Graham Feek Classification: External Review Date: 02/11/2016 Effective from: 1 July 2015

2 Table of Contents 1. The Data Protection Act Principles of Data Protection Responsibilities Access to Information Disclosure of Personal Data Third Party Disclosures General Guidance for Staff Monitoring and Review Information held about Pupils Sensitive Personal Data Introduction This document sets out the Trust s and it s Academies responsibilities under the Data Protection Act 1998 ( the Act ) and provides guidance on the maintenance of and access to data, including employment and educational records in accordance with the provisions of the Act. Title: Staff Data Protection Policy Page 2 of 17

3 1. The Data Protection Act The Data Protection Act 1998 came into force on 1 March It introduced into UK law the provisions of the European Commission Data Protection Directive (95/46/EC). It applies to anyone who processes, stores or is the subject of personal data. The Act works in two ways and provides that: anyone who records and uses personal information (data controllers) must be open about how the information is used and must follow the eight principles of good information handling. all individuals (data subjects) have the right to see information that is held about them and the right to have information corrected if it is wrong. the Act applies to all electronic records that contain information about living and identifiable individuals and extends data protection to manual files where the personal data of a data subject is readily accessible (a structured filing system). The main aim of the Act is to protect data from unnecessary, unauthorised or harmful use and to provide individuals with some control over the use of their personal data. Individuals have the right to take action for compensation caused by inaccurate, lost or destroyed data or unauthorised disclosure of information. They also have the right to complain to the Information Commissioner who may serve an enforcement notice and, in some circumstances, impose a financial penalty. 1.2 Notification Notification is the process by which a data controller's details are added to a public register along with information about the types of personal data that are processed and the purposes and nature of that processing. The register is maintained by the Information Commissioner and can be consulted by individuals to find out what processing of personal data is being carried out by a particular data controller. The Greenwood Academies Trust is registered as data controller for all Trust and Academy data. All Academy Data Protection Officers must advise the Trust Data Controller if there are any changes to the use of personal data that are not covered by the Trust registration. 2. Principles of Data Protection In collecting, using, storing and disposing of data, the Trust or Academy will comply with the requirements of the Act that govern the processing of personal data. Under these requirements, the information will be collected and used fairly, stored safely and not disclosed to any other person where to do so would be in breach of those requirements or would otherwise be unlawful. The Academy and its staff who process or use personal information will ensure they comply with the following eight data protection principles which are laid out in the Act. 2.1 Principle 1: Fairness Personal data will be processed fairly and lawfully. The collection and disclosure of data is subject to scrutiny and is only lawful if it meets at least one of the following criteria (as specified in Schedule 2 to the Act): With the consent of the data subject, e.g. pupil, parent/guardian or employee. The current legal requirements are that the Trust is not obliged to share education records with pupils or parents/guardians. All requests for pupil records must be cleared by the Regional Education Director before being released Title: Staff Data Protection Policy Page 3 of 17

4 In performance of a contract, for example to process an application as part of the admissions process, or, If there is a legal obligation, for example under prevention of terrorism legislation, or, For the protection of the vital interests of the individual, for example to prevent injury or other damage to the health of the data subject, or, In the legitimate interest of any party, unless it is prejudicial to the interests of the individual. The processing of personal data must meet all of the following criteria in order to be processed fairly : Data will only be collected from persons who have the authority to disclose it. If personal information is collected from a third party, the data subject will be informed of the use of the information When personal data is collected then a Privacy Notice is required that states: - the identity of the organisation in control of the processing - the purpose, or purposes, for which the information will be processed - any further information necessary, in the specific circumstances, to enable the processing in respect of the individual to be fair In addition to the requirements outlined above, Sensitive Personal Data may only be processed if the processing also meets at least one of the following criteria, as specified in Schedule 3 to the Act: The data subject has given explicit consent It is necessary to meet requirements of employment law It is necessary to protect the vital interests (i.e. if the situation is a matter of life or death) of the subject or another person The data subject has already made the information public It is necessary for legal proceedings, obtaining legal advice or defending legal rights It is necessary for the carrying out of statutory functions It is necessary for medical purposes It is necessary for equal opportunities It is necessary in order to comply with legislation from the Secretary of State 2.2 Principle 2: Purpose Personal data will be obtained only for one or more specified and lawful purpose. Data will not be further processed in any manner incompatible with the initial specified purpose or those purposes for which it was obtained as specified in the Privacy Notice. 2.3 Principle 3: Quality Data must be adequate, relevant and not excessive. Personal information which is not necessary for the intended processing must not be acquired i.e. personal information cannot be collected just because it may be useful. Only the minimum information required for the purposes for which it is obtained should be held. Title: Staff Data Protection Policy Page 4 of 17

5 2.4 Principle 4: Accuracy Data must be accurate and up to date. The Trust or Academy must ensure that there is a system in place to review data for accuracy and to ensure it is up to date. Procedures must be in place to make any amendments requested by a data subject or a record kept if the amendment is not considered appropriate. 2.5 Principle 5: Storage Data must not be kept for longer than required for the purpose for which it was obtained. Refer to the Greenwood Academies Trust Data Retention and Disposal Policy for further information. Information should not be kept any longer than the time period indicated to the data subject. The Trust or Academy must regularly review data held in order to assess whether information is still required in accordance with the Greenwood Academies Trust Data Retention and Disposal Policy. Before disposing of any data (physical or electronic), the Data Manager responsible for the data must ensure he/she has consulted the Greenwood Academies Trust Data Retention and Disposal Policy to ensure the data is disposed of in the correct manner. Before disposing of any data in accordance with Section Principle 7: Data must be processed in a secure manner, the Trust or Academy will consider the following key points: Any legal requirements (e.g. possible negligence action). The length of any appeals procedure relating to the information. The number of times in the last two or three years that a particular type of record has been accessed. 2.6 Principle 6: Individual s Rights Data must be processed in line with the rights of data subjects. This is linked to the first principle of fair and lawful processing and the rights afforded to data subjects by the Act. Data subjects have the right to know details of the processing of their personal data and have the right of access to personal information. A data subject (including a member of staff) has the right to object to data processing relating to them which is likely to cause substantial and unwarranted damage or distress to that data subject or another person. There are a number of provisos to this right. Data subjects must make such a request in writing and, where their request is refused, can apply to the Court for an order. All requests and Court orders must be managed by the Trust Infrastructure Manager and, where applicable, the Academy Data Manager. In addition, the Act gives data subjects the right to object to processing used for the purpose of direct marketing and/or wholly automated decision making. Data subjects have the right to request that the data controller rectifies or erases inaccurate data and to block future processing in cases of unlawful/unfair processing. Data subjects must make such a request in writing and, where their request is refused, can apply to the Court for an order for rectification/erasure. All requests will be managed by the Trust Infrastructure Manager. Title: Staff Data Protection Policy Page 5 of 17

6 2.7 Principle 7: Data must be processed in a secure manner The Trust and the Academy must guard against unauthorised and unlawful processing (e.g. access, alteration, disclosure or disposal). Appropriate security records must be kept in order to provide an audit trail of any disposal of personal data. Personal information will, so far as possible, be: kept in a locked filing cabinet, or in a locked drawer; or if it is computerised, be password protected, or kept only on disk or other media which is encrypted. When personal data is to be destroyed, paper or microfilm records will be disposed of by shredding or incineration. Data on computer hard disks or other magnetic media will be destroyed using a recognised supplier and destruction certificates obtained and retained. Optical media is to be shredded. 2.8 Principle 8: Outside the European Economic Area (EAA) Personal data shall not be transferred outside of the EAA unless that country or territory ensures an adequate level of protection. Certain countries/territories, such as Australia, have been certified as providing an adequate level of protection. Where it is proposed to transfer to a country/territory that has not been so certified, the data controller must satisfy itself that the country/territory affords an adequate level of protection. If the data is to be transferred to a country or territory that does not have adequate protection, then the Trust Infrastructure Manager must approve the transfer and at least one of the following conditions must be met: The data subject has given consent to the transfer. It is necessary for the performance of a contract between the data subject and the data controller or with a view to entering into such a contract. The transfer is necessary for reasons of substantial public interest. The personal data is already on a public register. The transfer is necessary for the purposes of legal proceedings, legal advice or defending legal rights The transfer is necessary to protect the vital interests of the data subject 3. Responsibilities All staff have a duty to observe the principles of the Data Protection Act. These guidelines are intended to assist staff to understand the aims and principles of the Act and to set out the main areas in which staff are likely to be affected by data protection issues in the course of their work. 3.1 The Trust Board The Trust Board has responsibility for: Approving and reviewing this policy Ensuring the implementation of the Act Title: Staff Data Protection Policy Page 6 of 17

7 Ensuring that Trust or Academy policies, procedures and practices are consistent with the objectives of the Act Ensuring that complaints about the handling of personal data are investigated and dealt with effectively Ensuring that appropriate training takes place for all staff. 3.2 The Trust Infrastructure Manager The Trust Infrastructure Manager will act as the Trust Data Protection Officer and is responsible to the Trust to ensure that: the Trust and its Academies are appropriately registered with the Information Commissioner s Office. It is the responsibility of the Academy s Data Manager to affect the registration and ensure that any changes required to the registration are implemented. this policy is implemented in the Trust and Academies procedures and practices. the Trust Board is appropriately advised of all relevant information relating to the Act including any changes to the Act and any effect on the Trust and Academies. the processes for managing complaints, Subject Access Requests and Freedom of Information requests are properly managed. this policy is brought to the attention of all employees, data subjects and that all staff, including temporary, volunteer, supply and agency personnel, receive appropriate training. achieving compliance with this policy is sought at a practical level through action in recruitment and selection, training and development and general management. good practice is encouraged by all staff and any breaches of the Act and this policy are dealt with appropriately. Refer to the Greenwood Academies Trust Data Breach Management Procedure for further information. advice and guidance on the aspects of current data protection legislation are provided. 3.3 The Academy Data Controller The Academy Data Controller is responsible for: ensuring that the Academy is appropriately registered with the Information Commissioner s Office. seeking to ensure that this policy is implemented in Academy procedures and practices and monitoring staff and other data subjects when processing data. ensuring that this policy is brought to the attention of all employees and data subjects and all staff, including temporary, volunteer, supply and agency personnel, receive appropriate training in line with the training standards. seeking to achieve compliance with this policy at a practical level through action in recruitment and selection, training and development and general management within their Academy. providing advice on the current data protection legislation to the Academy. reporting to the Trust Infrastructure Manager any breaches of the Act and policy according to the Greenwood Academies Trust Data Breach Management Procedure. Title: Staff Data Protection Policy Page 7 of 17

8 determining the purposes for which and the manner in which any personal data is or is to be processed. ensuring the associated Greenwood Academies Trust policies and procedures governing the use, storage and disposal of data are adhered to and reporting any variances to the Trust Infrastructure Manager. 3.4 All Staff Staff must ensure they understand how their work is affected by the Act and abide by the principles of the Act when processing personal data. All staff must assess the information used in the course of their work and their responsibility for any personal data. All personal data collected should be factually accurate and relevant. Staff must respect that all sensitive data must be kept confidential and that any breaches of that confidentiality may result in legal action. It is a condition of employment that employees will abide by the rules and policies made by the Trust from time to time. All staff must be aware of and ensure that they comply with this Policy. Non-compliance may result in appropriate disciplinary or legal action being taken against the Trust, the Academy and/or the member of staff. All contractors and volunteers employed by the Greenwood Academies Trust that have access to personal data are required to comply with this policy and its supporting policies as specified in the Data Protection schedule of their contract. 4. Access to Information The Act gives all individuals about whom the Trust or Academy holds personal information the right to access information that relates to them, whether it is held electronically or in manual form. Although the Act refers to a structured manual filing system, access to information held in an unstructured filing system may also be requested but further information may be required from the data subject to help the Trust or Academy retrieve the data. Each Academy has a legal responsibility to respond to Subject Access Requests and Freedom of Information requests and must inform the individuals making the request that the request has been received. All Subject Access Requests or Freedom of Information Requests received by Academies must then be passed to the Trust Infrastructure Manager for processing. The Trust will only allow access once a request has been received in writing (or by ) and the Trust is satisfied as to the identity of the person making the request. Proof of identity, confirming name and address, will be requested for this purpose. A pupil s parent or legal guardian may make requests for access to their child s educational records only if they have the pupil s permission or the pupil is unable to act on their own behalf. Proof of this relationship will be required before access is granted. On receipt of a subject access request, the Trust will inform the data subject of: the personal data of which that individual is the data subject, the purpose or purposes for which the information is or are to be processed, and the recipients or classes of recipients to whom the information may be disclosed. The data subject is however entitled to request a copy of the information related to her/him which will be supplied by the Trust or Academy unless the supply is not possible or would involve disproportionate effort. Dealing with the request will be subject to a fee as per the Information Commissioners Office current fee rates. That fee must be paid before the request is dealt with. Title: Staff Data Protection Policy Page 8 of 17

9 The right of access extends to children and young people who understand what it means to exercise that right. Where a pupil under 14 years makes a request for access to her/his records, the Trust or Academy or a relevant authority (e.g. doctor or educational psychologist) will decide whether or not he/she has sufficient understanding to do so. If the request is from a Parent/Legal Guardian, then children over the age of 14 years have the right to refuse access to the data providing they are considered competent to exercise that right. 4.1 Dealing with Requests The Trust/Academy will comply with Freedom of Information Requests as defined in the Greenwood Academies Trust Freedom of Information Policy. For Subject Access Requests for personal information, the Trust/Academy will ensure that requests for access are dealt with within the timescale specified by legislation. The Trust s Data Subject Access Request procedure provides detailed guidance about how requests should be dealt with. Request for copies of educational records, once cleared by the Regional Education Director, will be dealt with within fifteen (15) school days. The Trust or Academy will process requests for all other information received from data subjects within forty (40) calendar days. An initial response will be sent to the requestor within twenty-one (21) days of receiving an access request. The response will confirm the request has been complied with, indicate the intention to comply or give the reasons for not complying with the request. If for any reason these timescales cannot be met, the reason will be explained, in writing, to the individual making the request. Any person wishing to exercise their right of access should obtain a copy of the Trust s Freedom of Information Policy or Subject Access Request Policy by writing to the Trust or Academy. 5. Disclosure of Personal Data The following attempts to illustrate when personal data can be disclosed. This list is not exhaustive and, if further guidance is required, staff should contact the Trust Data Protection Officer. 5.1 Staff Who Need to Know Access to personal data will be provided to members of staff who need to know it in order to carry out their normal duties. However, only access to the data that is required will be provided. 5.2 Purposes Specified Data will only be disclosed for use for the purposes specified when it was collected and any additional purpose of which the data subject has been notified. Any other use amounts to unlawful processing. For example, if information has been collected in order to pay school uniform grants in previous years, the Academy will not be allowed to use that information as a mailing list for a library service without having first notified the data subjects of the intention to do so and given data subjects the opportunity to opt out of such processing. Title: Staff Data Protection Policy Page 9 of 17

10 5.3 Specific Agreement of Data Subject Data subjects should be made aware, via the relevant privacy notice, that their personal data may be disclosed to various third parties, without needing specific consent, during the normal course of business activities. Data may be used for other purposes such as Ofsted Inspections or other governmental/regulatory activity, accounting and statistical analysis, Internal and External Audit and also to prevent or detect fraud or other crimes for example. In all other cases data will only be disclosed to a third party if the data subject has given specific consent, ideally in writing. 5.4 Telephone Enquiries/ Home Addresses and Telephone Numbers Requests from third parties are often made by telephone, giving the added problem of verifying the identity of the caller. Even when the call appears to be genuine, personal data must not be disclosed (save where necessary for one of the purposes mentioned above and where the identity of the caller, purpose of the enquiry and proposed use of the information have been verified). Where appropriate, the caller will be asked to put their request in writing or an offer will be made to contact the data subject concerned, on behalf of the caller and pass on any message. Home addresses or personal telephone numbers of staff or other data subjects must not be given out to third parties unless the individual has given permission to do so. Alternative approaches include taking the caller's contact details and advising that a message will be passed on requesting that the caller is contacted, or offering to forward correspondence to a pupil or a member of staff on behalf of the caller. It is important to take care when handling such requests. An individual's pupil/staff status is personal data. The Trust or Academy should be careful to neither confirm nor deny that the person is a pupil or member of staff at the Academy or that the person is otherwise known to the Trust or Academy. 5.5 The Police Disclosures to the Police are not compulsory except in cases where the Trust or Academy is served with a Court Order requiring information. Requests from the Police for access to information must be made, in writing, from one of the Constabulary s Data Protection officers. In cases where the Trust or Academy has not been served with a Court Order but receives a request, consideration must be given to the implications of disclosure before any action is taken and to the nature of the information sought and the reasons for the request. The Trust or Academy may be required to provide an explanation for any disclosure of the data subject s personal information at a later date and must be able to provide justifiable reasons for doing so, for example where the Trust or Academy believes that failure to release the information would prejudice a criminal investigation. In such cases the Trust Infrastructure Manager or Academy Data Manager who receives the request must make a clear and accurate record of the circumstances, the advice sought and the decision making process followed so that there is clear evidence of the reasoning and the prevailing circumstances. Section 29 (3) of the Act allows organisations to disclose personal data where necessary for the prevention and detection of crime. At least one of the conditions of Schedule 2, and in the case of sensitive personal data, Schedule 3, must be satisfied in relation to the processing. Title: Staff Data Protection Policy Page 10 of 17

11 6. Third Party Disclosures There are a number of circumstances under which data can be disclosed to a third party without the consent of the data subject. The circumstances are set out in the Act as follows: Data required by law for example data supplied to statutory bodies. Data that is in the vital interests of the data subject for example in a life or death situation. Data that would prevent harm to a third party. Data that would prevent a crime. Data that would be in the interests of national security. Even in these circumstances, proof of identity, confirming name and address and a request in writing, will be required where practicable and only the minimum information necessary to achieve the relevant purpose should be disclosed. 7. General Guidance for Staff The Trust or Academy needs to collect and use data (information) about its staff and other individuals for a variety of purposes. The purposes of processing data include the recruitment and payment of staff, organisation and administration of courses, monitoring of health and safety arrangements, monitoring of performance and achievements and in connection with the statutory functions of the Local Authority, government agencies and other regulatory bodies. Included below is a list of general areas where the issue of data protection may arise. These guidelines do not attempt to cover every situation. 7.1 Recruitment and Selection It is important to ensure that applicants who are responding to job advertisements or completing application forms know exactly to whom or where they are supplying their information and for what purposes their information will be used. Only information relevant to the recruitment decision should be requested. Applicants should have explained to them as early as possible what verification checks may be undertaken. This is currently covered in the application form where the individual is requested to sign a declaration of consent. Personal information is also used in less obvious ways such as for Accounting and Statistical Analysis, Internal and External Audit purposes Ofsted Inspections and the prevention and detection of fraud and other crimes. Before attempting to obtain any information from a third party, for example for the purpose of confirming qualifications or employment history, it is necessary to obtain a signed consent form or some similar form of consent from applicants (this is currently covered in the declaration of consent on the application form). Information should not be sought from applicants unless it can be justified as being necessary to enable the recruitment decision to be made or for a related purpose such as equal opportunities monitoring. For example, there is no obvious reason why the Trust or Academy should ask applicants for information about their membership of a trade union. It is important to ensure that the processing of personal data during and retained after the interview process is relevant and necessary. The Trust or Academy may be asked to prove that the non-selection of a candidate was on the basis of something other than a discriminatory attitude held by the interviewer. Applicants will have subject access rights in relation to any interview notes taken. It is for this reason that all interview notes must be legible and understandable. It is recommended that interview notes be kept for a period of six (6) months after the date of interview. Title: Staff Data Protection Policy Page 11 of 17

12 7.2 Disclosure and Barring Service Checks The Trust will require all applicants (paid and voluntary) for all posts to declare criminal convictions, which are spent or unspent and including any cautions and pending prosecutions. Such declarations will be made on the relevant application form. This information must only be disclosed to those that are authorised to see it in the course of their duties. For those working in the Early Years Foundation Stage (EYFS), there are also childcare disqualification requirements ; this means further criteria is asked in addition to inclusion of the Children s Barred List for the individual and their household, known as disqualification by association. Details of any convictions/cautions may be explored through the interview process as part of the Trust s safeguarding obligations as outlined in the Keeping Children Safe in Education statutory guidance. Exemptions from the Rehabilitation of Offenders Act apply in this context and following the making of an offer of employment, further details on any convictions may be obtained through the completion of the Disclosure Barring Service (DBS) check. 7.3 Confidential References The Act allows data subjects to access references about themselves received by the Trust or Academy (subject to respecting the confidentiality of third parties), but provides an exemption to the right of subject access in respect of those provided by the Trust or Academy. Although confidential references received by the Trust or Academy are not exempt from the right of access, consideration must be given to the data privacy rights of the referee. Information contained in, or about, a confidential reference need not be provided in response to a subject access request if the release of this information would identify an individual referee unless: the identity of the referee can be protected by anonymising the information the referee has given his/her consent, or it is reasonable in all the circumstances to release the information without consent. The Trust or Academy may not refuse to disclose references received from third parties without providing reasons e.g. the referee may have refused permission for the information to be made available. Opinions expressed by third parties, such as a referee, constitute their personal data and there is a presumption within the Act that such data will not be disclosed without their consent. Consent in cases where a confidential reference discloses the identity of an organisation but not an identifiable individual, as referee, disclosure will not breach data privacy rights. Confidential references written by the Trust or Academy are exempt from subject access requests. When writing a reference it must be kept in mind that the details of the reference may, at a later date, be disclosed to the individual, for example by the new employer. The Trust or Academy must ensure that all information provided is up to date and accurate. Where a reference requests it, the Trust or Academy can disclose information regarding the number of days sickness absence of a data subject. Title: Staff Data Protection Policy Page 12 of 17

13 However, detailed information about the data subject s health or sickness record, including reasons for absence, falls within the definition of sensitive personal data and must only be disclosed with the explicit (i.e. written) consent of the data subject. 7.4 Education Records There is no legal requirement for Trusts or Academies to disclose Education Records. All requests for the data held in Education Records by pupils or parents/legal guardians must be cleared by the Regional Education Director. All requests for data from third parties must conform to the principles of the Act and must be covered with a Data Sharing Agreement. All Data Sharing Agreements taken out by the Trust or Academy must undergo a Privacy Impact Assessment as defined in the Greenwood Academies Trust Privacy Impact Assessment guidance and the results of the assessment to be kept on file with the Data Sharing Agreement. 7.5 Examination Results The Academy must ensure that strict confidentiality and secure office practices are followed while papers, including examination coursework, are being marked and while results are being compiled. The Act does not give pupils the right to access their own examination scripts but it does allow access to comments made upon them by examiners. However, pupils are able, under subject access rights, to see the breakdown of marks awarded for particular questions or sections of examinations. Examination marks should not be shared, either verbally or in writing, with any other person unless the individual pupil has given their permission e.g. the displaying of examination results on a Academy notice board or a list sent around the classroom is prohibited. Exceptions are other Trust or Academy staff relevant to their role, Ofsted and the DfE Addresses Personal addresses must not be disclosed for non-work purposes. If asked to disclose another member of staff's personal address, the caller can be asked to give her/his address and told that it will be passed on to the individual s/he is trying to contact if she/he is a member of the Trust or Academy. It is not appropriate to disclose a colleague's work details to someone who claims she/he wishes to contact her/him regarding a non-work related matter. 7.7 Sickness and Accident Records Sickness and accident records will include information about an employee s physical or mental health. This information constitutes sensitive personal data and is therefore subject to enhanced protection under the Act. There is a distinction between sickness, accident and absence records. Sickness and accident records contain details of the illness, condition or accident suffered by the individual and, as such, contain sensitive personal data. Absence records, however, may explain the reason for the absence as sickness or accident but not include any reference to specific medical conditions and as such contain personal data. The Information Commissioner recommends that sickness and accident records should be separated from absence records and that sickness and accident records should not be accessed where records of absence could be used instead. Title: Staff Data Protection Policy Page 13 of 17

14 In order to process the sickness and accident records, the Trust or Academy has to satisfy at least one of the conditions for processing sensitive personal data. Those conditions that may be most directly relevant to sickness and accident records are: The processing is necessary for the purposes of the exercising or performing of any right or obligation, which is conferred or imposed by law on the Trust or Academy in connection with employment. This could include obligations under Health and Safety legislation or for the purpose of administering statutory sick pay. This condition may also be relevant to the need to maintain sickness records so that the Trust or Academy can ensure that an employee is treated fairly. The processing is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), or is necessary for the purpose of obtaining legal advice, or is otherwise necessary for the purposes of establishing, exercising or defending legal rights. This condition may therefore apply where the Trust or Academy is defending itself against actual or threatened tribunal or court proceedings. The data subject has given his or her explicit consent to the processing. This will only apply where the employee understands what personal data is involved and has given a positive indication of agreement (such as a signature). The consent must also be freely given i.e. the employee must not be made subject to a detriment if he/she withholds their consent. Being known as an employee of the Trust or Academy may mean being asked for information, for instance by parents, about a member of staff who is off sick. Although this can be awkward, parents must be informed that employees are unable to discuss confidential Trust or Academy matters. Persistent enquiries must be referred to the Principal or Trust Infrastructure Manager. 7.8 Payroll, Pension, Occupational Health and Insurance Schemes Payroll, Pension schemes, Occupational Health, private medical and permanent health insurance schemes and other employment related schemes can be administered by the Trust but provided or controlled by third parties. Personal data required to administer such schemes should not be used for other purposes and any data passed to the scheme providers should be limited to that which is necessary to operate the relevant scheme. It should be made clear to employees who join these schemes what data will be passed between the employer and the scheme controller and for what purposes this will be used. 7.9 Photographs, Videos and CCTV Where it is wished for photographs to be taken or video recordings to be made of staff and/or pupils, as individuals, as small groups or organised groups, the individual(s) concerned must give their consent and be informed of the purpose(s) for which the information is to be used. For general photographs or video recordings of the Academy grounds and public places, whereby individuals cannot be identified, consent is not required. If the Academy intends to record an Academy event such as a sports day or Academy play, parents must be informed of the intention and the purpose(s) for which the recording will be used. A parent may choose to withdraw their child from such an event if they object to the recording. The Academy must ensure the recorded images are stored securely, and in a location/on a medium where only authorised persons have access to them. The recorded images must only be retained long enough for any incident to come to light (e.g. for a theft to be noticed). The Academy may disclose recordings to a law enforcement agency in order to help with the prevention or detection of crime but must not release the images to any other third party. Title: Staff Data Protection Policy Page 14 of 17

15 Further guidance on the use of CCTV can be found on the Information Commissioners website under Topic guides for organisations : Equal Opportunities Monitoring The Act specifically allows for processing of data on racial or ethnic origin, religion and disability if it is necessary for keeping under review the existence, or absence, of equality of opportunity. The collection of this information is exclusively used for the statistical evaluation of the Trust s equal opportunities policy within recruitment and employment. The Trust, where possible, will ensure anonymity of information when meaningful monitoring is required. The equal opportunities monitoring form, which collects information for this purpose, must be removed from all applications before any assessment of suitability for the post is considered Discipline, Grievance and Dismissal Employees have the same rights of access to files containing information about disciplinary matters or grievances about themselves as they do to other personal data held. All of the normal data protection and access obligations apply to data created or accessed in the course of dealing with disciplinary and grievance issues. Any information referring to a third party must be removed or anonymised before access is granted. Disciplinary warnings typically expire after a specified period provided that no further warnings have been issued and no disciplinary action has been taken against the employee during that period. In these circumstances, the warnings will generally be disregarded for future disciplinary purposes but not removed from the employee s personal file. Exceptions to the specified expiration limit will apply where child protection issues are raised - refer to the Safeguarding Policy for further information. Details regarding information relating to discipline/grievance issues must not be disclosed to a third party; exceptions are Employment Tribunals and Trust Solicitors. For example, being known as an employee of the Academy may mean being asked, for instance by parents, about the alleged suspension of another member of staff. Under no circumstances should this information be disclosed or confirmed and persistent enquiries must be referred to the Trust Infrastructure Manager or Principal The Internet Data placed on the Trust s or Academy s website and made available via the Internet will be available in countries which do not have a data privacy regime considered adequate by the EU. Where the Trust or Academy wishes to make staff/pupil personal data available in this way, the consent of the staff and/or pupil(s) concerned must be obtained. Consent can be withdrawn at any point. Internet pages are sometimes used to collect personal data such as names and addresses of individuals who request Trust or Academy information e.g. from those who are registering to attend an open day. The relevant web page should indicate the purpose or purposes for which the data is collected, the recipients to whom it may be disclosed and an indication of the time period for which it will be kept (e.g. "while we process your application", rather than a specific date). All sites that collect information from site visitors must provide a Privacy Statement. The purpose of this statement is to help individuals to decide whether they want to visit Title: Staff Data Protection Policy Page 15 of 17

16 the site and, if so, whether to provide any personal information. Privacy Statements must be prominently displayed. The following is an example of a privacy statement: This Website aims to provide on-line information about all of the Trust s or Academy s services. We do not use cookies for collecting user information from the site and we will not collect any information about you via this website without your consent. The above does cover all requirements and consideration must be given to the intended audience and the use their data may be put to deliver Trust obligations. All Privacy Statements need to be reviewed by the Trust Infrastructure Manager before they are published. Individuals must be given the opportunity to opt out of parts of the collection or use of the data not directly relevant to the specific purpose Collecting Personal Information Before collecting or processing personal information, the Trust or Academy must consider whether the personal data collected about staff and other data subjects is necessary in the context of the relationship and is covered by a privacy notice. For example, information concerning an employee s life outside work is unlikely to be necessary unless it is to determine potential or actual conflicts of interest and connected or related party transactions. However, it might be legitimate to request information about an employee s other jobs where there is a justifiable need, for example, in connection with the Working Time Regulations, or to request information about her/his children in connection with an application for parental leave. Information collected for a particular purpose should not be used for any other, incompatible purposes. 8. Monitoring and Review The Trust s or Academy s Data Controller will report on the policy to the Chief Executive, Deputy Chief Executive or Principal as appropriate. The Chief Executive, Deputy Chief Executive or Principal will report to the Trust Board or Advisory Councils on any relevant aspects of the working of this policy (including non-compliance) as appropriate. The Trust will review this policy every two (2) years. 9. Information held about Pupils A pupil, or someone acting on their behalf, may make a SAR in respect of personal data held about the pupil by a school. If the school is in England, Wales or Northern Ireland, the SAR should be dealt with by the school. If the school is in Scotland, the SAR should be dealt with by the relevant education authority or the proprietor of an independent school. There are two distinct rights to information held about pupils by schools. They are: the pupil s right of subject access under the DPA; and the parent s right of access to their child s educational record (in England, Wales and Northern Ireland this right of access is only relevant to maintained schools not independent schools, English academies or free schools. However in Scotland the right extends to independent schools). Although this code is only concerned with the right of subject access, it is important to understand what is meant by a pupil s educational record. This is because there is an Title: Staff Data Protection Policy Page 16 of 17

17 overlap between the two rights mentioned above and also because educational record is relevant when ascertaining the fee you may charge for responding to a SAR. The statutory definition of educational record differs between England and Wales, Scotland and Northern Ireland. Broadly speaking, however, the expression has a wide meaning and includes most information about current and past pupils that is processed by or on behalf of a school. However, information kept by a teacher solely for their own use does not form part of the educational record. It is likely that most of the personal information a school holds about a particular pupil will form part of the pupil s educational record. However, it is possible that some of the information could fall outside the educational record; e.g. information about the pupil provided by the parent of another child is not part of the educational record. Unlike the distinct right of access to the educational record, the right to make a SAR is the pupil s right. Parents are only entitled to access information about their child by making a SAR if the child is unable to act on their own behalf or has given their consent. If it is not clear whether a requester has parental responsibility for the child or is acting on their behalf, you should clarify this before responding to the SAR. In deciding what information to supply in response to a SAR, you need to have regard to the general principles about exemptions from subject access described elsewhere in this code. Examples of information which (depending on the circumstances) it might be appropriate to withhold include: information that might cause serious harm to the physical or mental health of the pupil or another individual; information that would reveal that the child is at risk of abuse, where disclosure of that information would not be in the child s best interests; information contained in adoption and parental order records; and certain information given to a court in proceedings concerning the child. 10. Sensitive Personal Data 'Sensitive personal data means personal data consisting of information as to: a) the racial or ethnic origin of the data subject b) their political opinions c) their religious beliefs or other beliefs of a similar nature d) whether they are a member of a trade union e) their physical or mental health or condition f) their sexual life g) the commission or alleged commission by them of any offence, or h) any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings. Title: Staff Data Protection Policy Page 17 of 17

European College of Business and Management Data Protection Policy

European College of Business and Management Data Protection Policy European College of Business and Management Data Protection Policy 1. INTRODUCTION 1.1 The European College of Business and Management (ECBM) is committed to full compliance with the Data Protection Act

More information

DATA PROTECTION POLICY STATUTORY

DATA PROTECTION POLICY STATUTORY DATA PROTECTION POLICY MAIDEN ERLEGH TRUST STATUTORY INITIAL APPROVAL July 2017 REVIEW FREQUENCY At least every two years REVIEWED CONTENTS PART ONE: POLICY STATEMENT & OBJECTIVES PART TWO: STATUS OF THE

More information

Data Protection Policy

Data Protection Policy Data Protection Policy St Barnabas & St Philip s Church of England Primary School P:\Policies and Documents\Data Protection Policy.docx 1 Responsibility: Contents: It is the responsibility of the Governors

More information

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016 1.0 Summary of Changes 1.1 This procedure/sop has had an additional paragraph added at 3.8.6 relating to data processing of information by direct access to Athena. 2.0 What this Procedure/SOP is About

More information

RECRUITMENT, SELECTION AND DISCLOSURES POLICY AND PROCEDURE

RECRUITMENT, SELECTION AND DISCLOSURES POLICY AND PROCEDURE RECRUITMENT, SELECTION AND DISCLOSURES POLICY AND PROCEDURE 1. General Blundell s School ( the School ) is committed to ensuring the best possible environment for the children and young people in its care.

More information

Data Protection Act 1998 Policy

Data Protection Act 1998 Policy Data Protection Act 1998 Policy Responsibility for Policy: Relevant to: University Secretary All Staff, Students and Academic Partnerships Approved by: SMT in September 2016 Responsibility for Document

More information

LEICESTER GRAMMAR SCHOOL TRUST RECRUITMENT POLICY

LEICESTER GRAMMAR SCHOOL TRUST RECRUITMENT POLICY LEICESTER GRAMMAR SCHOOL TRUST RECRUITMENT POLICY GENERAL Leicester Grammar School Trust comprising Leicester Grammar School, Leicester Grammar Junior School and Stoneygate School ("the Trust") is committed

More information

The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales).

The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales). DECLARATION FORM A Guidance for applicants The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales). When South Central Ambulance Service

More information

Including all of the Pre-Prep Department and Early Years Foundation Stage. Recruitment Policy

Including all of the Pre-Prep Department and Early Years Foundation Stage. Recruitment Policy Including all of the Pre-Prep Department and Early Years Foundation Stage Contents Recruitment Policy 1. General... 2 2. Scope of this Policy... 2 3. Application Form... 3 4. Invitation to Interview...

More information

How we use Personal Information

How we use Personal Information How we use Personal Information Introduction This document explains how Essex Police obtains, holds, uses and discloses information about people - their personal information 1 -, the steps we take to ensure

More information

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE 2008 CONTENTS 1. INTRODUCTION Purpose of this document 1-6 2. KEY LEGISLATION AND GUIDANCE

More information

APPLICATION AND RECRUITMENT PROCESS EXPLANATORY NOTE

APPLICATION AND RECRUITMENT PROCESS EXPLANATORY NOTE APPLICATION AND RECRUITMENT PROCESS EXPLANATORY NOTE 1. General Immanuel College ( the School ) is committed to ensuring the best possible environment for the children and young people in its care. Safeguarding

More information

Recruitment, Selection and Disclosures Policy and Procedure

Recruitment, Selection and Disclosures Policy and Procedure Recruitment, Selection and Disclosures Policy and Procedure 1. General Moreton Hall Educational Trust Limited ("the School") is committed to ensuring the best possible environment for the children and

More information

DBS CHECKS AND EMPLOYING EX- OFFENDERS: GUIDE TO POLICY AND PROCEDURE

DBS CHECKS AND EMPLOYING EX- OFFENDERS: GUIDE TO POLICY AND PROCEDURE NEWPORT COMMUNITY SCHOOL PRIMARY ACADEMY Date Adopted: 16 th July 2015 Author/owner: Resources Committee Anticipated Review: July 2017 DBS CHECKS AND EMPLOYING EX- OFFENDERS: GUIDE TO POLICY AND PROCEDURE

More information

How we use Personal Information

How we use Personal Information How we use Personal Information Introduction This document explains how British Transport Police obtains, holds, uses and discloses information about people - their personal information 1 -, the steps

More information

Recruitment, Selection and Disclosures Policy

Recruitment, Selection and Disclosures Policy Recruitment, Selection and Disclosures Policy This is a whole school policy including Early Years Foundation Stage (EYFS). It is written with due regard to the following: Keeping Children Safe in Education

More information

Charities & Not-for-Profits Overview of Data Protection Law

Charities & Not-for-Profits Overview of Data Protection Law Charities & Not-for-Profits Overview of Data Protection Law The Data Protection Law provides a framework for the processing of data relating to individuals that serves to balance the needs of organisations

More information

DBS Policy Agreed: September 2016 Signed: (HT) Signed: (CofG) Review Date: September 2017

DBS Policy Agreed: September 2016 Signed: (HT) Signed: (CofG) Review Date: September 2017 DBS Policy Agreed: September 2016 Signed: (HT) Signed: (CofG) Review Date: September 2017 Goldthorpe Primary School: DBS Policy Aim At Goldthorpe Primary School the safety of our staff, pupils and visitors

More information

Data Protection Act 1998

Data Protection Act 1998 Data Protection Act 1998 1998 CHAPTER 29 ARRANGEMENT OF SECTIONS Part I Preliminary 1. Basic interpretative provisions. 2. Sensitive personal data. 3. The special purposes. 4. The data protection principles.

More information

ARTICLE 29 Data Protection Working Party

ARTICLE 29 Data Protection Working Party ARTICLE 29 Data Protection Working Party 11580/03/EN WP 82 Opinion 6/2003 on the level of protection of personal data in the Isle of Man Adopted on 21 November 2003 This Working Party was set up under

More information

CRIMINAL RECORDS CHECK (DBS) POLICY. Author/Reviewer: Date Approved: Jan 2006

CRIMINAL RECORDS CHECK (DBS) POLICY. Author/Reviewer: Date Approved: Jan 2006 CRIMINAL RECORDS CHECK (DBS) POLICY Author/Reviewer: DHR Date Approved: Jan 2006 Where Approved: Corporation Date of Issue: Nov 2008 Impact Assessment: Jan 2008 Date Reviewed: August 2010 Date Reviewed

More information

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy Mannofield Parish Church Registered Scottish Charity No: SC 001680 (the Congregation ) Data Protection Policy December 2018 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special

More information

Disclosure Barring Service (DBS) Checks & Employing Ex-offenders

Disclosure Barring Service (DBS) Checks & Employing Ex-offenders Disclosure Barring Service (DBS) Checks & Employing Ex-offenders Category Summary Policy This policy outlines BAPAM s policy and procedures for conducting DBS checks and for recruiting exoffenders. Valid

More information

DATA SHARING AND PROCESSING

DATA SHARING AND PROCESSING DATA SHARING AND PROCESSING Capita Business Services Limited March 2016 Version 1.3 TABLE OF CONTENTS: Item Heading Page 1 Data Processing Agreement 2 2 Data Protection Act 1998 2 3 Data Protection Act

More information

BACKGROUND INFORMATION

BACKGROUND INFORMATION Data Protection 1. BACKGROUND INFORMATION The law governing Data Protection is covered by the Data Protection Act 1998. It implements the EC Data Protection Directive (95/46/EC) in the UK. The Act came

More information

Access to Personal Information Procedure

Access to Personal Information Procedure Purpose of The sixth principle of the Data Protection Act 1998 gives rights to individuals in respect of the personal data that organisations hold about them. The Act says that: Personal data shall be

More information

THE ORATORY SCHOOLS ASSOCIATION. Recruitment, Selection & Disclosure Policy and Procedure

THE ORATORY SCHOOLS ASSOCIATION. Recruitment, Selection & Disclosure Policy and Procedure THE ORATORY SCHOOLS ASSOCIATION Recruitment, Selection & Disclosure Policy and Procedure 1. Introduction The Oratory Schools Association ("the School") is committed to providing the best possible care

More information

Recruitment Policy and Procedures

Recruitment Policy and Procedures Recruitment Policy and Procedures Date of Last Review: 25.01.17 Review Period: Every 2 years Date of Next Review: 25.01.19 Owner: JAI Type of Policy: Compliance Governors Approval 1. Introduction St Michael

More information

Disclosure and Barring Service

Disclosure and Barring Service Disclosure and Barring Service 1.0 POLICY STATEMENT Birkbeck is committed to ensuring the protection of staff, students and volunteers. In fulfilling this commitment the College will undertake appropriate

More information

Data Protection Policy

Data Protection Policy Complaints Procedure If anyone in the school community feels that this policy is not being followed then they should raise the matter first with the Headteacher and, if concerns persists, with the Chair

More information

Port Glasgow St Andrew s Data Protection Policy

Port Glasgow St Andrew s Data Protection Policy Port Glasgow St Andrew s Data Protection Policy CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data should be processed 7. Privacy

More information

AIA Australia Limited

AIA Australia Limited AIA Australia Limited Privacy policies & procedures May 2010 The Power of We AIA.COM.AU AIA Australia Limited Privacy policies & procedures Contents Purpose 3 Policy 3 National Privacy Principles Policy

More information

DISCIPLINARY PROCEDURE FOR TEACHING STAFF AT LOCALLY MANAGED SCHOOLS

DISCIPLINARY PROCEDURE FOR TEACHING STAFF AT LOCALLY MANAGED SCHOOLS LONDON BOROUGH OF BARKING AND DAGENHAM DEPARTMENT OF EDUCATION, ARTS AND LIBRARIES DISCIPLINARY PROCEDURE FOR TEACHING STAFF AT LOCALLY MANAGED SCHOOLS Department of Education, Arts and Libraries Town

More information

Recruitment Policy. This document applies to all parts of The Pilgrims School, including the Early Years Foundations Stage

Recruitment Policy. This document applies to all parts of The Pilgrims School, including the Early Years Foundations Stage Recruitment Policy This document applies to all parts of The Pilgrims School, including the Early Years Foundations Stage Drafted By: Bursar Approved by: The SMT Next Review Date: September 2018 The Pilgrims

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Perth: Craigie and Moncreiffe CHARITY NO. SC001330 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data

More information

Recruitment, selection and disclosure policy and procedure

Recruitment, selection and disclosure policy and procedure Recruitment, selection and disclosure policy and procedure 1 Introduction Eton College (the College) is committed to providing the best possible care and education to its pupils and to safeguarding and

More information

DISCLOSURE AND BARRING SERVICE (DBS) POLICY

DISCLOSURE AND BARRING SERVICE (DBS) POLICY DISCLOSURE AND BARRING SERVICE (DBS) POLICY Article 19 (protection from violence, abuse and neglect) Governments must do all they can to ensure that children are protected from all forms of violence, abuse,

More information

Human Resources People and Organisational Development. Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees

Human Resources People and Organisational Development. Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees Human Resources People and Organisational Development Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees 1 Contents What is the DBS?... 3 Assessing the need to conduct a

More information

DECLARATION FORM. Page1

DECLARATION FORM. Page1 DECLARATION FORM Guidance Notes for applicants The position you have applied for has been identified as providing a regulated activity within the terms of the Protection of Freedoms Act 2012 and is eligible

More information

Whistleblowing & Serious Misconduct Policy

Whistleblowing & Serious Misconduct Policy King s Norton Boys School Whistleblowing & Serious Misconduct Policy We recognise that children cannot be expected to raise concerns in an environment where staff fail to do so. All staff should be aware

More information

Data Protection Bill [HL]

Data Protection Bill [HL] [AS AMENDED IN PUBLIC BILL COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Protection of personal data 3 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Co-ordinator Will Taylor Date of Completion June 2017 Date of adoption by Governors June 2017 Date to be reviewed June 2019 Introduction The new Data Protection Act 1998 (EU Directive

More information

Recruiting ex offenders policy

Recruiting ex offenders policy Recruiting Ex-Offenders Policy February 2014 Reviewed April 2018 Recruiting ex offenders policy Created, reviewed & updated by: Jo Lake, HR Adviser Date approved by the Board of Trustees: February 2014

More information

CCTV CODE OF PRACTICE

CCTV CODE OF PRACTICE EDINBURGH NAPIER UNIVERSITY CCTV CODE OF PRACTICE Introduction The monitoring, recording, holding and processing of images of identifiable individuals constitutes personal data as defined by the Data Protection

More information

Safer School Recruitment Policy

Safer School Recruitment Policy Safer School Recruitment Policy The welfare of the child is paramount. Children Act 1989 Adopted: Review Date: November 2019 Signed see hard copy Page 1 of 17 Contents 1. Rationale 2. Policy aims 3. Our

More information

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures Version History and Document Approval Version History: Version Date Author Reason 1.0 31 st December 2017 Barry Wilson Document

More information

COBIS Policy on Disclosure & Barring Service Checks for Member Schools COBIS Policy on the Recruitment of Ex-Offenders... 3

COBIS Policy on Disclosure & Barring Service Checks for Member Schools COBIS Policy on the Recruitment of Ex-Offenders... 3 DBS Checks for COBIS Schools Contents COBIS Policy on Disclosure & Barring Service Checks for Member Schools... 2 COBIS Policy on the Recruitment of Ex-Offenders... 3 COBIS Policy on the Secure Storage,

More information

Privacy. Purpose. Scope. Policy. Appendix A

Privacy. Purpose. Scope. Policy. Appendix A Privacy NZQA Quality Management System Policy Appendix A Purpose To ensure NZQA and personnel meet the legal obligations under the Privacy Act 1993 and in relation to its functions under section 246A of

More information

Recruitment, Selection and Disclosures Policy and Procedure

Recruitment, Selection and Disclosures Policy and Procedure Recruitment, Selection and Disclosures Policy and Procedure References: ISI Commentary on the Regulatory Requirements September 2016 DfE Statutory Guidance 'Keeping Children Safe in Education', September

More information

Dauntsey s School Recruitment Policy

Dauntsey s School Recruitment Policy Dauntsey s School Recruitment Policy General 1. Dauntsey s School ("the School") is committed to ensuring the best possible environment for the children and young people in its care. Safeguarding and promoting

More information

Disclosure and Barring Scheme Policy and Procedure

Disclosure and Barring Scheme Policy and Procedure Disclosure and Barring Scheme Policy and Procedure Author HR Manager Date September 2013 (Policy Statement) Person Responsible HR Manager Approval/ review body (ies) SLT/ JNC/ Corporate Board Frequency

More information

Guidelines on Disclosure & Barring Service (DBS) Checks

Guidelines on Disclosure & Barring Service (DBS) Checks Guidelines on Disclosure & Barring Service (DBS) Checks What is DBS? Requirement for DBS checks at Southampton Solent University (SSU) Information for new applicants Information for existing employees

More information

DATED DISCIPLINARY RULES AND PROCEDURE AND GRIEVANCE PROCEDURE

DATED DISCIPLINARY RULES AND PROCEDURE AND GRIEVANCE PROCEDURE DATED ------------ DISCIPLINARY RULES AND PROCEDURE AND GRIEVANCE PROCEDURE 1 CONTENTS DISCIPLINARY RULES AND PROCEDURE 1. Policy statement...3 2. Who is covered by the procedure?...3 3. What is covered

More information

- and - OPINION. Reasons

- and - OPINION. Reasons IN THE MATTER OF THE DATA PROTECTION ACT 1998 AND IN THE MATTER OF A PROPOSED CONTRACT B E T W E E N: Cambridge Analytica Inc - and - Claimant United Kingdom Independence Party Defendant OPINION 1. We

More information

EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY

EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY Document Reference Number CORP 22 Policy Author Rosie Sergison Policy Implementation date 18 September 2013 Leadership Team

More information

DBS and Safeguarding Policy

DBS and Safeguarding Policy Code: HR16 Start Date: September 2014 Review Date: September 2015 Please read this policy in conjunction with the policies listed below: HR4 Recruitment and Selection. HR9 Positive Handling. HR12 Staff

More information

September RECRUITMENT, SELECTION AND DISCLOSURES POLICY AND PROCEDURES GENERAL

September RECRUITMENT, SELECTION AND DISCLOSURES POLICY AND PROCEDURES GENERAL RECRUITMENT, SELECTION AND DISCLOSURES POLICY AND PROCEDURES GENERAL 1. Willington School is committed to ensuring the best possible environment for the children and young people in its care. Safeguarding

More information

Merrydale Infant School Freedom of Information Act

Merrydale Infant School Freedom of Information Act Merrydale Infant School Freedom of Information Act Chair s signature Head s signature Date Review date. 1 Explanatory Notes Governing bodies are responsible for ensuring that schools comply with the Freedom

More information

Data Protection Policy and Procedure

Data Protection Policy and Procedure Data Protection Policy and Procedure Reference No. P09:2007 Implementation date 12022008 Version Number Version 2.0 Reference No: Name. Linked documents Policy Section Procedure Section Yes Yes Suitable

More information

Education Workforce Council

Education Workforce Council Education Workforce Council Registration Rules 2017 1 April 2017 Introduction Citation and transitional provisions 1- (1) Under Regulations 18 and 19 of the Education Workforce Council (Main Functions)

More information

Disciplinary Policy and Procedure

Disciplinary Policy and Procedure Disciplinary Policy and Procedure November 2017 Signed (Chair of Trustees): Date: November 2017 Date of Review: November 2018 The Arbor Academy Trust reviews this policy annually. The Trustees may, however,

More information

Health Information Privacy Code 1994

Health Information Privacy Code 1994 Health Information Privacy Code 1994 Incorporating amendments Privacy Commissioner Te Mana Matapono Matatapu New Zealand The Code of Practice comprises clauses 1-7 and rules 1-12. To assist with the use

More information

Page1. Employment of Ex- Offenders. Issue Date 01/01/2017 Issue 1 Document No: 105 Uncontrolled when copied

Page1. Employment of Ex- Offenders. Issue Date 01/01/2017 Issue 1 Document No: 105 Uncontrolled when copied Page1 Employment of Ex- Offenders Page2 1. Policy Statement 1.1 Under this policy, the first priority of the company is to maintain the safety and welfare of children and vulnerable adults in our care,

More information

Holy Trinity Catholic School. Whistle Blowing Policy 2017 BIRMINGHAM CITY COUNCIL WHISTLEBLOWING POLICY 2015 ADOPTED BY HOLY TRINITY CATHOLIC SCHOOL

Holy Trinity Catholic School. Whistle Blowing Policy 2017 BIRMINGHAM CITY COUNCIL WHISTLEBLOWING POLICY 2015 ADOPTED BY HOLY TRINITY CATHOLIC SCHOOL Holy Trinity Catholic School Whistle Blowing Policy 2017 BIRMINGHAM CITY COUNCIL WHISTLEBLOWING POLICY 2015 ADOPTED BY HOLY TRINITY CATHOLIC SCHOOL Introduction 1.1 Birmingham City Council is committed

More information

INFORMATION SHARING AGREEMENT This document is NOT PROTECTIVELY MARKED

INFORMATION SHARING AGREEMENT This document is NOT PROTECTIVELY MARKED PURPOSE PARTNERS The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief Police Officers and relevant agencies

More information

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2 Document Information Summary Partners ISA Ref: As Part 1 An agreement to formalise the information sharing arrangements for the purpose of specific Information sharing pursuant to Crime and Disorder reduction

More information

CONCERNS & COMPLAINTS POLICY. November 2017

CONCERNS & COMPLAINTS POLICY. November 2017 CONCERNS & COMPLAINTS POLICY November 2017 1 Contents Page Policy for Academies in Surrey : Introduction and general principles 3-5 Complaints Procedure 7 Stage 1 8 Stage 2 9 Stage 3 10 Stage 4 11 Further

More information

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI)

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI) PURPOSE PARTNERS The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief Police Officers and relevant agencies

More information

Disclosure and Barring Service (DBS) Checks Policy

Disclosure and Barring Service (DBS) Checks Policy Disclosure and Barring Service (DBS) Checks Policy For the attention of: All Staff Produced by: Director of Human Resources Approved by: SMT Date of publication: April 2013 Date of review: April 2015 Our

More information

Criminal Records Checks

Criminal Records Checks 1 Sir Christopher Hatton Academy Criminal Records Checks Policy for the use of Criminal Records Checks and vetting adults with access to Sir Christopher Hatton Academy and its pupils. Statement on the

More information

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995 DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

More information

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way. Page 1 of 10 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way. MEGT will fulfil its obligations under the Privacy Amendment (Enhancing

More information

Policy Statement on processing applications from applicants declaring a criminal conviction. Approved by the Admissions Policy Group (APG)

Policy Statement on processing applications from applicants declaring a criminal conviction. Approved by the Admissions Policy Group (APG) Policy Statement on processing applications from applicants declaring a criminal conviction Version: Approval: Final Approved by the Admissions Policy Group (APG) Date: June 2014 Review: Annual review

More information

Durants School Disclosure and Barring POLICY

Durants School Disclosure and Barring POLICY Durants School Disclosure and Barring POLICY 1. POLICY 1.1 Durants School is committed to safeguarding and promoting the welfare of children and young people and expects all staff and volunteers to share

More information

DISCLOSURE & BARRING CHECKS POLICY

DISCLOSURE & BARRING CHECKS POLICY Westcountry Schools Trust (WeST) DISCLOSURE & BARRING CHECKS POLICY Mission Statement WeST holds a deep seated belief in education and lifelong learning. Effective collaboration, mutual support and professional

More information

Last review: January 2018 ESF Approved: February 2018 Next review: September 2020 Version 2 DISCLOSURE AND BARRING SERVICE POLICY

Last review: January 2018 ESF Approved: February 2018 Next review: September 2020 Version 2 DISCLOSURE AND BARRING SERVICE POLICY Last review: January 2018 ESF Approved: February 2018 Next review: September 2020 Version 2 DISCLOSURE AND BARRING SERVICE POLICY DISCLOSURE AND BARRING SERVICE POLICY Contents 1. Introduction... 3 2.

More information

DISCIPLINARY PROCEDURE FOR TEACHERS NOTES OF GUIDANCE FOR RELEVANT BODIES

DISCIPLINARY PROCEDURE FOR TEACHERS NOTES OF GUIDANCE FOR RELEVANT BODIES DISCIPLINARY PROCEDURE FOR TEACHERS NOTES OF GUIDANCE FOR RELEVANT BODIES 1. Advice and Guidance 1.1 It is strongly recommended that the advice and guidance of the Employing Authority be sought when any

More information

PRIVACY MANAGEMENT PLAN

PRIVACY MANAGEMENT PLAN PRIVACY MANAGEMENT PLAN September 2015 Contents 1. Introduction... 3 1.2 Purpose... 3 1.3 Scope... 3 1.3 Section 41 Directions... 3 1.4 Complaints... 4 2. Definitions... 4 2.1 Personal Information... 4

More information

Data Protection Bill [HL]

Data Protection Bill [HL] [AS AMENDED IN COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE AND DEFINITIONS 3 Processing to which this

More information

Law Enforcement processing (Part 3 of the DPA 2018)

Law Enforcement processing (Part 3 of the DPA 2018) Law Enforcement processing (Part 3 of the DPA 2018) Introduction This part of the Act transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK law. The Directive

More information

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC CODE OF PRACTICE Preliminary draft code: This document is circulated by the Home Office in advance of enactment of the RIP Bill as an indication

More information

Policies and Procedures

Policies and Procedures Policies and Procedures QMS3: POL5 Privacy Policy Policy Details Responsible area General Endorsed by CEO Date 22 November 2017 Review date 22 November 2018 Policy Statement At Linx Institute, we are committed

More information

DATA PROTECTION (JERSEY) LAW 2005

DATA PROTECTION (JERSEY) LAW 2005 DATA PROTECTION (JERSEY) LAW 2005 Revised Edition Showing the law as at 1 January 2017 This is a revised edition of the law Data Protection (Jersey) Law 2005 Arrangement DATA PROTECTION (JERSEY) LAW 2005

More information

ORMISTON HORIZON ACADEMY. Disclosure and Barring Checks Policy

ORMISTON HORIZON ACADEMY. Disclosure and Barring Checks Policy ORMISTON HORIZON ACADEMY Disclosure and Barring Checks Policy Ormiston Academies Trust Date adopted: 1 st November 2016 Next review date: 1 st November 2017 Policy Version Control Policy prepared by Responsible

More information

DISCIPLINARY PROCEDURE FOR TEACHERS NOTES OF GUIDANCE FOR RELEVANT BODIES

DISCIPLINARY PROCEDURE FOR TEACHERS NOTES OF GUIDANCE FOR RELEVANT BODIES DISCIPLINARY PROCEDURE FOR TEACHERS NOTES OF GUIDANCE FOR RELEVANT BODIES 1. Advice and Guidance 1.1 It is strongly recommended that the advice and guidance of the Employing Authority be sought when any

More information

WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT

WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT General Administration Policy #1300 - Manual WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT Manual #1300 Adopted by the Washington County Board of Commissioners

More information

Park View Primary School

Park View Primary School Policy on the Freedom of Information Act Responsibility: Contents: It is the responsibility of the Governors to ensure procedures are in place to ensure that the school handles information requests covered

More information

The installation of CCTV can provide information on activities at the Water,

The installation of CCTV can provide information on activities at the Water, ST CHAD S WATER LNR CCTV CODE OF PRACTICE St Chad s Fishing Club A closed circuit television system is used at St Chad s Water LNR, Church Wilne (known in the Code as the Water) by the St Chad s Fishing

More information

DISCLOSURE AND BARRING SERVICE (DBS) CHECKS POLICY AND PROCEDURE FOR SALISBURY PLAIN ACADEMIES

DISCLOSURE AND BARRING SERVICE (DBS) CHECKS POLICY AND PROCEDURE FOR SALISBURY PLAIN ACADEMIES DISCLOSURE AND BARRING SERVICE (DBS) CHECKS POLICY AND PROCEDURE FOR SALISBURY PLAIN ACADEMIES Page 1 of 12 June 2016 Index Section Page Introduction 3 Who is included in these arrangements? 3 Who is excluded?

More information

A closed circuit television system is used at the Memorial Hall by the Parish Council.

A closed circuit television system is used at the Memorial Hall by the Parish Council. BREADSALL PARISH COUNCIL CCTV CODE OF PRACTICE A closed circuit television system is used at the Memorial Hall by the Parish Council. The safety of residents using the car park and visitors to the buildings

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Durrington High School as part of the Durrington Multi Academy Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact

More information

Brussels, 16 May 2006 (Case ) 1. Procedure

Brussels, 16 May 2006 (Case ) 1. Procedure Opinion on the notification for prior checking received from the Data Protection Officer (DPO) of the Council of the European Union regarding the "Decision on the conduct of and procedure for administrative

More information

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998 North Yorkshire County Council Subject Access Request Guidance and Procedure Data Protection Act 1998 The Data Protection Act 1998 (the Act), section 7 (1) gives individuals certain rights with regards

More information

Great Leighs Primary School. Data Protection and Freedom of Information Policy. Adopted: April Review Date: April 2018.

Great Leighs Primary School. Data Protection and Freedom of Information Policy. Adopted: April Review Date: April 2018. Great Leighs Primary School Data Protection and Freedom of Information Policy Adopted: April 2015 Review Date: April 2018 Contents 1. Introduction... 1 2. Purpose... 1 3. What is Personal Information?...

More information

The Act on Processing of Personal Data

The Act on Processing of Personal Data The Act on Processing of Personal Data Act No. 429 of 31 May 2000 as amended by section 7 of Act No. 280 of 25 April 2001, section 6 of Act No. 552 of 24 June 2005 and section 2 of Act No. 519 of 6 June

More information

16 March Purpose & Introduction

16 March Purpose & Introduction Factsheet on the key issues relating to the relationship between the proposed eprivacy Regulation (epr) and the General Data Protection Regulation (GDPR) 1. Purpose & Introduction As the eprivacy Regulation

More information

The Privacy Policy links to the following Objective contained within the City Plan

The Privacy Policy links to the following Objective contained within the City Plan Privacy Policy Privacy Policy City Plan Reference The Privacy Policy links to the following Objective contained within the City Plan 2013-2017. Performance is about managing our resources wisely, providing

More information

As approved by the Office of Communications for the purposes of Sections 120 and 121 of the Communications Act 2003 on 21 June 2016

As approved by the Office of Communications for the purposes of Sections 120 and 121 of the Communications Act 2003 on 21 June 2016 Code of Practice Code for Premium rate services Approved under Section 121 of the Communications Act 2003 Code of Practice 2016 (Fourteenth Edition) Phone-paid Services Authority As approved by the Office

More information

SELF-DECLARATION FORM FOR A CHILD CARE POSITION

SELF-DECLARATION FORM FOR A CHILD CARE POSITION SELF-DECLARATION FORM FOR A CHILD CARE POSITION As required in Clydesdale Cricket Club s Child Protection Policy and Procedures this form must be completed by all members for positions Clydesdale Cricket

More information

Regulations for the consideration of criminal convictions for students on courses leading to professional registration

Regulations for the consideration of criminal convictions for students on courses leading to professional registration Regulations for the consideration of criminal convictions for students on courses leading to professional registration Responsibility of: University Secretary Initial Approval date: 27 April 2016 Reviewed:

More information