Staff Data Protection Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Staff Data Protection Policy"

Transcription

1 Staff Data Protection Policy Version: 9.0 Approval Status: Approved Document Owner: Graham Feek Classification: External Review Date: 02/11/2016 Effective from: 1 July 2015

2 Table of Contents 1. The Data Protection Act Principles of Data Protection Responsibilities Access to Information Disclosure of Personal Data Third Party Disclosures General Guidance for Staff Monitoring and Review Information held about Pupils Sensitive Personal Data Introduction This document sets out the Trust s and it s Academies responsibilities under the Data Protection Act 1998 ( the Act ) and provides guidance on the maintenance of and access to data, including employment and educational records in accordance with the provisions of the Act. Title: Staff Data Protection Policy Page 2 of 17

3 1. The Data Protection Act The Data Protection Act 1998 came into force on 1 March It introduced into UK law the provisions of the European Commission Data Protection Directive (95/46/EC). It applies to anyone who processes, stores or is the subject of personal data. The Act works in two ways and provides that: anyone who records and uses personal information (data controllers) must be open about how the information is used and must follow the eight principles of good information handling. all individuals (data subjects) have the right to see information that is held about them and the right to have information corrected if it is wrong. the Act applies to all electronic records that contain information about living and identifiable individuals and extends data protection to manual files where the personal data of a data subject is readily accessible (a structured filing system). The main aim of the Act is to protect data from unnecessary, unauthorised or harmful use and to provide individuals with some control over the use of their personal data. Individuals have the right to take action for compensation caused by inaccurate, lost or destroyed data or unauthorised disclosure of information. They also have the right to complain to the Information Commissioner who may serve an enforcement notice and, in some circumstances, impose a financial penalty. 1.2 Notification Notification is the process by which a data controller's details are added to a public register along with information about the types of personal data that are processed and the purposes and nature of that processing. The register is maintained by the Information Commissioner and can be consulted by individuals to find out what processing of personal data is being carried out by a particular data controller. The Greenwood Academies Trust is registered as data controller for all Trust and Academy data. All Academy Data Protection Officers must advise the Trust Data Controller if there are any changes to the use of personal data that are not covered by the Trust registration. 2. Principles of Data Protection In collecting, using, storing and disposing of data, the Trust or Academy will comply with the requirements of the Act that govern the processing of personal data. Under these requirements, the information will be collected and used fairly, stored safely and not disclosed to any other person where to do so would be in breach of those requirements or would otherwise be unlawful. The Academy and its staff who process or use personal information will ensure they comply with the following eight data protection principles which are laid out in the Act. 2.1 Principle 1: Fairness Personal data will be processed fairly and lawfully. The collection and disclosure of data is subject to scrutiny and is only lawful if it meets at least one of the following criteria (as specified in Schedule 2 to the Act): With the consent of the data subject, e.g. pupil, parent/guardian or employee. The current legal requirements are that the Trust is not obliged to share education records with pupils or parents/guardians. All requests for pupil records must be cleared by the Regional Education Director before being released Title: Staff Data Protection Policy Page 3 of 17

4 In performance of a contract, for example to process an application as part of the admissions process, or, If there is a legal obligation, for example under prevention of terrorism legislation, or, For the protection of the vital interests of the individual, for example to prevent injury or other damage to the health of the data subject, or, In the legitimate interest of any party, unless it is prejudicial to the interests of the individual. The processing of personal data must meet all of the following criteria in order to be processed fairly : Data will only be collected from persons who have the authority to disclose it. If personal information is collected from a third party, the data subject will be informed of the use of the information When personal data is collected then a Privacy Notice is required that states: - the identity of the organisation in control of the processing - the purpose, or purposes, for which the information will be processed - any further information necessary, in the specific circumstances, to enable the processing in respect of the individual to be fair In addition to the requirements outlined above, Sensitive Personal Data may only be processed if the processing also meets at least one of the following criteria, as specified in Schedule 3 to the Act: The data subject has given explicit consent It is necessary to meet requirements of employment law It is necessary to protect the vital interests (i.e. if the situation is a matter of life or death) of the subject or another person The data subject has already made the information public It is necessary for legal proceedings, obtaining legal advice or defending legal rights It is necessary for the carrying out of statutory functions It is necessary for medical purposes It is necessary for equal opportunities It is necessary in order to comply with legislation from the Secretary of State 2.2 Principle 2: Purpose Personal data will be obtained only for one or more specified and lawful purpose. Data will not be further processed in any manner incompatible with the initial specified purpose or those purposes for which it was obtained as specified in the Privacy Notice. 2.3 Principle 3: Quality Data must be adequate, relevant and not excessive. Personal information which is not necessary for the intended processing must not be acquired i.e. personal information cannot be collected just because it may be useful. Only the minimum information required for the purposes for which it is obtained should be held. Title: Staff Data Protection Policy Page 4 of 17

5 2.4 Principle 4: Accuracy Data must be accurate and up to date. The Trust or Academy must ensure that there is a system in place to review data for accuracy and to ensure it is up to date. Procedures must be in place to make any amendments requested by a data subject or a record kept if the amendment is not considered appropriate. 2.5 Principle 5: Storage Data must not be kept for longer than required for the purpose for which it was obtained. Refer to the Greenwood Academies Trust Data Retention and Disposal Policy for further information. Information should not be kept any longer than the time period indicated to the data subject. The Trust or Academy must regularly review data held in order to assess whether information is still required in accordance with the Greenwood Academies Trust Data Retention and Disposal Policy. Before disposing of any data (physical or electronic), the Data Manager responsible for the data must ensure he/she has consulted the Greenwood Academies Trust Data Retention and Disposal Policy to ensure the data is disposed of in the correct manner. Before disposing of any data in accordance with Section Principle 7: Data must be processed in a secure manner, the Trust or Academy will consider the following key points: Any legal requirements (e.g. possible negligence action). The length of any appeals procedure relating to the information. The number of times in the last two or three years that a particular type of record has been accessed. 2.6 Principle 6: Individual s Rights Data must be processed in line with the rights of data subjects. This is linked to the first principle of fair and lawful processing and the rights afforded to data subjects by the Act. Data subjects have the right to know details of the processing of their personal data and have the right of access to personal information. A data subject (including a member of staff) has the right to object to data processing relating to them which is likely to cause substantial and unwarranted damage or distress to that data subject or another person. There are a number of provisos to this right. Data subjects must make such a request in writing and, where their request is refused, can apply to the Court for an order. All requests and Court orders must be managed by the Trust Infrastructure Manager and, where applicable, the Academy Data Manager. In addition, the Act gives data subjects the right to object to processing used for the purpose of direct marketing and/or wholly automated decision making. Data subjects have the right to request that the data controller rectifies or erases inaccurate data and to block future processing in cases of unlawful/unfair processing. Data subjects must make such a request in writing and, where their request is refused, can apply to the Court for an order for rectification/erasure. All requests will be managed by the Trust Infrastructure Manager. Title: Staff Data Protection Policy Page 5 of 17

6 2.7 Principle 7: Data must be processed in a secure manner The Trust and the Academy must guard against unauthorised and unlawful processing (e.g. access, alteration, disclosure or disposal). Appropriate security records must be kept in order to provide an audit trail of any disposal of personal data. Personal information will, so far as possible, be: kept in a locked filing cabinet, or in a locked drawer; or if it is computerised, be password protected, or kept only on disk or other media which is encrypted. When personal data is to be destroyed, paper or microfilm records will be disposed of by shredding or incineration. Data on computer hard disks or other magnetic media will be destroyed using a recognised supplier and destruction certificates obtained and retained. Optical media is to be shredded. 2.8 Principle 8: Outside the European Economic Area (EAA) Personal data shall not be transferred outside of the EAA unless that country or territory ensures an adequate level of protection. Certain countries/territories, such as Australia, have been certified as providing an adequate level of protection. Where it is proposed to transfer to a country/territory that has not been so certified, the data controller must satisfy itself that the country/territory affords an adequate level of protection. If the data is to be transferred to a country or territory that does not have adequate protection, then the Trust Infrastructure Manager must approve the transfer and at least one of the following conditions must be met: The data subject has given consent to the transfer. It is necessary for the performance of a contract between the data subject and the data controller or with a view to entering into such a contract. The transfer is necessary for reasons of substantial public interest. The personal data is already on a public register. The transfer is necessary for the purposes of legal proceedings, legal advice or defending legal rights The transfer is necessary to protect the vital interests of the data subject 3. Responsibilities All staff have a duty to observe the principles of the Data Protection Act. These guidelines are intended to assist staff to understand the aims and principles of the Act and to set out the main areas in which staff are likely to be affected by data protection issues in the course of their work. 3.1 The Trust Board The Trust Board has responsibility for: Approving and reviewing this policy Ensuring the implementation of the Act Title: Staff Data Protection Policy Page 6 of 17

7 Ensuring that Trust or Academy policies, procedures and practices are consistent with the objectives of the Act Ensuring that complaints about the handling of personal data are investigated and dealt with effectively Ensuring that appropriate training takes place for all staff. 3.2 The Trust Infrastructure Manager The Trust Infrastructure Manager will act as the Trust Data Protection Officer and is responsible to the Trust to ensure that: the Trust and its Academies are appropriately registered with the Information Commissioner s Office. It is the responsibility of the Academy s Data Manager to affect the registration and ensure that any changes required to the registration are implemented. this policy is implemented in the Trust and Academies procedures and practices. the Trust Board is appropriately advised of all relevant information relating to the Act including any changes to the Act and any effect on the Trust and Academies. the processes for managing complaints, Subject Access Requests and Freedom of Information requests are properly managed. this policy is brought to the attention of all employees, data subjects and that all staff, including temporary, volunteer, supply and agency personnel, receive appropriate training. achieving compliance with this policy is sought at a practical level through action in recruitment and selection, training and development and general management. good practice is encouraged by all staff and any breaches of the Act and this policy are dealt with appropriately. Refer to the Greenwood Academies Trust Data Breach Management Procedure for further information. advice and guidance on the aspects of current data protection legislation are provided. 3.3 The Academy Data Controller The Academy Data Controller is responsible for: ensuring that the Academy is appropriately registered with the Information Commissioner s Office. seeking to ensure that this policy is implemented in Academy procedures and practices and monitoring staff and other data subjects when processing data. ensuring that this policy is brought to the attention of all employees and data subjects and all staff, including temporary, volunteer, supply and agency personnel, receive appropriate training in line with the training standards. seeking to achieve compliance with this policy at a practical level through action in recruitment and selection, training and development and general management within their Academy. providing advice on the current data protection legislation to the Academy. reporting to the Trust Infrastructure Manager any breaches of the Act and policy according to the Greenwood Academies Trust Data Breach Management Procedure. Title: Staff Data Protection Policy Page 7 of 17

8 determining the purposes for which and the manner in which any personal data is or is to be processed. ensuring the associated Greenwood Academies Trust policies and procedures governing the use, storage and disposal of data are adhered to and reporting any variances to the Trust Infrastructure Manager. 3.4 All Staff Staff must ensure they understand how their work is affected by the Act and abide by the principles of the Act when processing personal data. All staff must assess the information used in the course of their work and their responsibility for any personal data. All personal data collected should be factually accurate and relevant. Staff must respect that all sensitive data must be kept confidential and that any breaches of that confidentiality may result in legal action. It is a condition of employment that employees will abide by the rules and policies made by the Trust from time to time. All staff must be aware of and ensure that they comply with this Policy. Non-compliance may result in appropriate disciplinary or legal action being taken against the Trust, the Academy and/or the member of staff. All contractors and volunteers employed by the Greenwood Academies Trust that have access to personal data are required to comply with this policy and its supporting policies as specified in the Data Protection schedule of their contract. 4. Access to Information The Act gives all individuals about whom the Trust or Academy holds personal information the right to access information that relates to them, whether it is held electronically or in manual form. Although the Act refers to a structured manual filing system, access to information held in an unstructured filing system may also be requested but further information may be required from the data subject to help the Trust or Academy retrieve the data. Each Academy has a legal responsibility to respond to Subject Access Requests and Freedom of Information requests and must inform the individuals making the request that the request has been received. All Subject Access Requests or Freedom of Information Requests received by Academies must then be passed to the Trust Infrastructure Manager for processing. The Trust will only allow access once a request has been received in writing (or by ) and the Trust is satisfied as to the identity of the person making the request. Proof of identity, confirming name and address, will be requested for this purpose. A pupil s parent or legal guardian may make requests for access to their child s educational records only if they have the pupil s permission or the pupil is unable to act on their own behalf. Proof of this relationship will be required before access is granted. On receipt of a subject access request, the Trust will inform the data subject of: the personal data of which that individual is the data subject, the purpose or purposes for which the information is or are to be processed, and the recipients or classes of recipients to whom the information may be disclosed. The data subject is however entitled to request a copy of the information related to her/him which will be supplied by the Trust or Academy unless the supply is not possible or would involve disproportionate effort. Dealing with the request will be subject to a fee as per the Information Commissioners Office current fee rates. That fee must be paid before the request is dealt with. Title: Staff Data Protection Policy Page 8 of 17

9 The right of access extends to children and young people who understand what it means to exercise that right. Where a pupil under 14 years makes a request for access to her/his records, the Trust or Academy or a relevant authority (e.g. doctor or educational psychologist) will decide whether or not he/she has sufficient understanding to do so. If the request is from a Parent/Legal Guardian, then children over the age of 14 years have the right to refuse access to the data providing they are considered competent to exercise that right. 4.1 Dealing with Requests The Trust/Academy will comply with Freedom of Information Requests as defined in the Greenwood Academies Trust Freedom of Information Policy. For Subject Access Requests for personal information, the Trust/Academy will ensure that requests for access are dealt with within the timescale specified by legislation. The Trust s Data Subject Access Request procedure provides detailed guidance about how requests should be dealt with. Request for copies of educational records, once cleared by the Regional Education Director, will be dealt with within fifteen (15) school days. The Trust or Academy will process requests for all other information received from data subjects within forty (40) calendar days. An initial response will be sent to the requestor within twenty-one (21) days of receiving an access request. The response will confirm the request has been complied with, indicate the intention to comply or give the reasons for not complying with the request. If for any reason these timescales cannot be met, the reason will be explained, in writing, to the individual making the request. Any person wishing to exercise their right of access should obtain a copy of the Trust s Freedom of Information Policy or Subject Access Request Policy by writing to the Trust or Academy. 5. Disclosure of Personal Data The following attempts to illustrate when personal data can be disclosed. This list is not exhaustive and, if further guidance is required, staff should contact the Trust Data Protection Officer. 5.1 Staff Who Need to Know Access to personal data will be provided to members of staff who need to know it in order to carry out their normal duties. However, only access to the data that is required will be provided. 5.2 Purposes Specified Data will only be disclosed for use for the purposes specified when it was collected and any additional purpose of which the data subject has been notified. Any other use amounts to unlawful processing. For example, if information has been collected in order to pay school uniform grants in previous years, the Academy will not be allowed to use that information as a mailing list for a library service without having first notified the data subjects of the intention to do so and given data subjects the opportunity to opt out of such processing. Title: Staff Data Protection Policy Page 9 of 17

10 5.3 Specific Agreement of Data Subject Data subjects should be made aware, via the relevant privacy notice, that their personal data may be disclosed to various third parties, without needing specific consent, during the normal course of business activities. Data may be used for other purposes such as Ofsted Inspections or other governmental/regulatory activity, accounting and statistical analysis, Internal and External Audit and also to prevent or detect fraud or other crimes for example. In all other cases data will only be disclosed to a third party if the data subject has given specific consent, ideally in writing. 5.4 Telephone Enquiries/ Home Addresses and Telephone Numbers Requests from third parties are often made by telephone, giving the added problem of verifying the identity of the caller. Even when the call appears to be genuine, personal data must not be disclosed (save where necessary for one of the purposes mentioned above and where the identity of the caller, purpose of the enquiry and proposed use of the information have been verified). Where appropriate, the caller will be asked to put their request in writing or an offer will be made to contact the data subject concerned, on behalf of the caller and pass on any message. Home addresses or personal telephone numbers of staff or other data subjects must not be given out to third parties unless the individual has given permission to do so. Alternative approaches include taking the caller's contact details and advising that a message will be passed on requesting that the caller is contacted, or offering to forward correspondence to a pupil or a member of staff on behalf of the caller. It is important to take care when handling such requests. An individual's pupil/staff status is personal data. The Trust or Academy should be careful to neither confirm nor deny that the person is a pupil or member of staff at the Academy or that the person is otherwise known to the Trust or Academy. 5.5 The Police Disclosures to the Police are not compulsory except in cases where the Trust or Academy is served with a Court Order requiring information. Requests from the Police for access to information must be made, in writing, from one of the Constabulary s Data Protection officers. In cases where the Trust or Academy has not been served with a Court Order but receives a request, consideration must be given to the implications of disclosure before any action is taken and to the nature of the information sought and the reasons for the request. The Trust or Academy may be required to provide an explanation for any disclosure of the data subject s personal information at a later date and must be able to provide justifiable reasons for doing so, for example where the Trust or Academy believes that failure to release the information would prejudice a criminal investigation. In such cases the Trust Infrastructure Manager or Academy Data Manager who receives the request must make a clear and accurate record of the circumstances, the advice sought and the decision making process followed so that there is clear evidence of the reasoning and the prevailing circumstances. Section 29 (3) of the Act allows organisations to disclose personal data where necessary for the prevention and detection of crime. At least one of the conditions of Schedule 2, and in the case of sensitive personal data, Schedule 3, must be satisfied in relation to the processing. Title: Staff Data Protection Policy Page 10 of 17

11 6. Third Party Disclosures There are a number of circumstances under which data can be disclosed to a third party without the consent of the data subject. The circumstances are set out in the Act as follows: Data required by law for example data supplied to statutory bodies. Data that is in the vital interests of the data subject for example in a life or death situation. Data that would prevent harm to a third party. Data that would prevent a crime. Data that would be in the interests of national security. Even in these circumstances, proof of identity, confirming name and address and a request in writing, will be required where practicable and only the minimum information necessary to achieve the relevant purpose should be disclosed. 7. General Guidance for Staff The Trust or Academy needs to collect and use data (information) about its staff and other individuals for a variety of purposes. The purposes of processing data include the recruitment and payment of staff, organisation and administration of courses, monitoring of health and safety arrangements, monitoring of performance and achievements and in connection with the statutory functions of the Local Authority, government agencies and other regulatory bodies. Included below is a list of general areas where the issue of data protection may arise. These guidelines do not attempt to cover every situation. 7.1 Recruitment and Selection It is important to ensure that applicants who are responding to job advertisements or completing application forms know exactly to whom or where they are supplying their information and for what purposes their information will be used. Only information relevant to the recruitment decision should be requested. Applicants should have explained to them as early as possible what verification checks may be undertaken. This is currently covered in the application form where the individual is requested to sign a declaration of consent. Personal information is also used in less obvious ways such as for Accounting and Statistical Analysis, Internal and External Audit purposes Ofsted Inspections and the prevention and detection of fraud and other crimes. Before attempting to obtain any information from a third party, for example for the purpose of confirming qualifications or employment history, it is necessary to obtain a signed consent form or some similar form of consent from applicants (this is currently covered in the declaration of consent on the application form). Information should not be sought from applicants unless it can be justified as being necessary to enable the recruitment decision to be made or for a related purpose such as equal opportunities monitoring. For example, there is no obvious reason why the Trust or Academy should ask applicants for information about their membership of a trade union. It is important to ensure that the processing of personal data during and retained after the interview process is relevant and necessary. The Trust or Academy may be asked to prove that the non-selection of a candidate was on the basis of something other than a discriminatory attitude held by the interviewer. Applicants will have subject access rights in relation to any interview notes taken. It is for this reason that all interview notes must be legible and understandable. It is recommended that interview notes be kept for a period of six (6) months after the date of interview. Title: Staff Data Protection Policy Page 11 of 17

12 7.2 Disclosure and Barring Service Checks The Trust will require all applicants (paid and voluntary) for all posts to declare criminal convictions, which are spent or unspent and including any cautions and pending prosecutions. Such declarations will be made on the relevant application form. This information must only be disclosed to those that are authorised to see it in the course of their duties. For those working in the Early Years Foundation Stage (EYFS), there are also childcare disqualification requirements ; this means further criteria is asked in addition to inclusion of the Children s Barred List for the individual and their household, known as disqualification by association. Details of any convictions/cautions may be explored through the interview process as part of the Trust s safeguarding obligations as outlined in the Keeping Children Safe in Education statutory guidance. Exemptions from the Rehabilitation of Offenders Act apply in this context and following the making of an offer of employment, further details on any convictions may be obtained through the completion of the Disclosure Barring Service (DBS) check. 7.3 Confidential References The Act allows data subjects to access references about themselves received by the Trust or Academy (subject to respecting the confidentiality of third parties), but provides an exemption to the right of subject access in respect of those provided by the Trust or Academy. Although confidential references received by the Trust or Academy are not exempt from the right of access, consideration must be given to the data privacy rights of the referee. Information contained in, or about, a confidential reference need not be provided in response to a subject access request if the release of this information would identify an individual referee unless: the identity of the referee can be protected by anonymising the information the referee has given his/her consent, or it is reasonable in all the circumstances to release the information without consent. The Trust or Academy may not refuse to disclose references received from third parties without providing reasons e.g. the referee may have refused permission for the information to be made available. Opinions expressed by third parties, such as a referee, constitute their personal data and there is a presumption within the Act that such data will not be disclosed without their consent. Consent in cases where a confidential reference discloses the identity of an organisation but not an identifiable individual, as referee, disclosure will not breach data privacy rights. Confidential references written by the Trust or Academy are exempt from subject access requests. When writing a reference it must be kept in mind that the details of the reference may, at a later date, be disclosed to the individual, for example by the new employer. The Trust or Academy must ensure that all information provided is up to date and accurate. Where a reference requests it, the Trust or Academy can disclose information regarding the number of days sickness absence of a data subject. Title: Staff Data Protection Policy Page 12 of 17

13 However, detailed information about the data subject s health or sickness record, including reasons for absence, falls within the definition of sensitive personal data and must only be disclosed with the explicit (i.e. written) consent of the data subject. 7.4 Education Records There is no legal requirement for Trusts or Academies to disclose Education Records. All requests for the data held in Education Records by pupils or parents/legal guardians must be cleared by the Regional Education Director. All requests for data from third parties must conform to the principles of the Act and must be covered with a Data Sharing Agreement. All Data Sharing Agreements taken out by the Trust or Academy must undergo a Privacy Impact Assessment as defined in the Greenwood Academies Trust Privacy Impact Assessment guidance and the results of the assessment to be kept on file with the Data Sharing Agreement. 7.5 Examination Results The Academy must ensure that strict confidentiality and secure office practices are followed while papers, including examination coursework, are being marked and while results are being compiled. The Act does not give pupils the right to access their own examination scripts but it does allow access to comments made upon them by examiners. However, pupils are able, under subject access rights, to see the breakdown of marks awarded for particular questions or sections of examinations. Examination marks should not be shared, either verbally or in writing, with any other person unless the individual pupil has given their permission e.g. the displaying of examination results on a Academy notice board or a list sent around the classroom is prohibited. Exceptions are other Trust or Academy staff relevant to their role, Ofsted and the DfE Addresses Personal addresses must not be disclosed for non-work purposes. If asked to disclose another member of staff's personal address, the caller can be asked to give her/his address and told that it will be passed on to the individual s/he is trying to contact if she/he is a member of the Trust or Academy. It is not appropriate to disclose a colleague's work details to someone who claims she/he wishes to contact her/him regarding a non-work related matter. 7.7 Sickness and Accident Records Sickness and accident records will include information about an employee s physical or mental health. This information constitutes sensitive personal data and is therefore subject to enhanced protection under the Act. There is a distinction between sickness, accident and absence records. Sickness and accident records contain details of the illness, condition or accident suffered by the individual and, as such, contain sensitive personal data. Absence records, however, may explain the reason for the absence as sickness or accident but not include any reference to specific medical conditions and as such contain personal data. The Information Commissioner recommends that sickness and accident records should be separated from absence records and that sickness and accident records should not be accessed where records of absence could be used instead. Title: Staff Data Protection Policy Page 13 of 17

14 In order to process the sickness and accident records, the Trust or Academy has to satisfy at least one of the conditions for processing sensitive personal data. Those conditions that may be most directly relevant to sickness and accident records are: The processing is necessary for the purposes of the exercising or performing of any right or obligation, which is conferred or imposed by law on the Trust or Academy in connection with employment. This could include obligations under Health and Safety legislation or for the purpose of administering statutory sick pay. This condition may also be relevant to the need to maintain sickness records so that the Trust or Academy can ensure that an employee is treated fairly. The processing is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), or is necessary for the purpose of obtaining legal advice, or is otherwise necessary for the purposes of establishing, exercising or defending legal rights. This condition may therefore apply where the Trust or Academy is defending itself against actual or threatened tribunal or court proceedings. The data subject has given his or her explicit consent to the processing. This will only apply where the employee understands what personal data is involved and has given a positive indication of agreement (such as a signature). The consent must also be freely given i.e. the employee must not be made subject to a detriment if he/she withholds their consent. Being known as an employee of the Trust or Academy may mean being asked for information, for instance by parents, about a member of staff who is off sick. Although this can be awkward, parents must be informed that employees are unable to discuss confidential Trust or Academy matters. Persistent enquiries must be referred to the Principal or Trust Infrastructure Manager. 7.8 Payroll, Pension, Occupational Health and Insurance Schemes Payroll, Pension schemes, Occupational Health, private medical and permanent health insurance schemes and other employment related schemes can be administered by the Trust but provided or controlled by third parties. Personal data required to administer such schemes should not be used for other purposes and any data passed to the scheme providers should be limited to that which is necessary to operate the relevant scheme. It should be made clear to employees who join these schemes what data will be passed between the employer and the scheme controller and for what purposes this will be used. 7.9 Photographs, Videos and CCTV Where it is wished for photographs to be taken or video recordings to be made of staff and/or pupils, as individuals, as small groups or organised groups, the individual(s) concerned must give their consent and be informed of the purpose(s) for which the information is to be used. For general photographs or video recordings of the Academy grounds and public places, whereby individuals cannot be identified, consent is not required. If the Academy intends to record an Academy event such as a sports day or Academy play, parents must be informed of the intention and the purpose(s) for which the recording will be used. A parent may choose to withdraw their child from such an event if they object to the recording. The Academy must ensure the recorded images are stored securely, and in a location/on a medium where only authorised persons have access to them. The recorded images must only be retained long enough for any incident to come to light (e.g. for a theft to be noticed). The Academy may disclose recordings to a law enforcement agency in order to help with the prevention or detection of crime but must not release the images to any other third party. Title: Staff Data Protection Policy Page 14 of 17

15 Further guidance on the use of CCTV can be found on the Information Commissioners website under Topic guides for organisations : Equal Opportunities Monitoring The Act specifically allows for processing of data on racial or ethnic origin, religion and disability if it is necessary for keeping under review the existence, or absence, of equality of opportunity. The collection of this information is exclusively used for the statistical evaluation of the Trust s equal opportunities policy within recruitment and employment. The Trust, where possible, will ensure anonymity of information when meaningful monitoring is required. The equal opportunities monitoring form, which collects information for this purpose, must be removed from all applications before any assessment of suitability for the post is considered Discipline, Grievance and Dismissal Employees have the same rights of access to files containing information about disciplinary matters or grievances about themselves as they do to other personal data held. All of the normal data protection and access obligations apply to data created or accessed in the course of dealing with disciplinary and grievance issues. Any information referring to a third party must be removed or anonymised before access is granted. Disciplinary warnings typically expire after a specified period provided that no further warnings have been issued and no disciplinary action has been taken against the employee during that period. In these circumstances, the warnings will generally be disregarded for future disciplinary purposes but not removed from the employee s personal file. Exceptions to the specified expiration limit will apply where child protection issues are raised - refer to the Safeguarding Policy for further information. Details regarding information relating to discipline/grievance issues must not be disclosed to a third party; exceptions are Employment Tribunals and Trust Solicitors. For example, being known as an employee of the Academy may mean being asked, for instance by parents, about the alleged suspension of another member of staff. Under no circumstances should this information be disclosed or confirmed and persistent enquiries must be referred to the Trust Infrastructure Manager or Principal The Internet Data placed on the Trust s or Academy s website and made available via the Internet will be available in countries which do not have a data privacy regime considered adequate by the EU. Where the Trust or Academy wishes to make staff/pupil personal data available in this way, the consent of the staff and/or pupil(s) concerned must be obtained. Consent can be withdrawn at any point. Internet pages are sometimes used to collect personal data such as names and addresses of individuals who request Trust or Academy information e.g. from those who are registering to attend an open day. The relevant web page should indicate the purpose or purposes for which the data is collected, the recipients to whom it may be disclosed and an indication of the time period for which it will be kept (e.g. "while we process your application", rather than a specific date). All sites that collect information from site visitors must provide a Privacy Statement. The purpose of this statement is to help individuals to decide whether they want to visit Title: Staff Data Protection Policy Page 15 of 17

16 the site and, if so, whether to provide any personal information. Privacy Statements must be prominently displayed. The following is an example of a privacy statement: This Website aims to provide on-line information about all of the Trust s or Academy s services. We do not use cookies for collecting user information from the site and we will not collect any information about you via this website without your consent. The above does cover all requirements and consideration must be given to the intended audience and the use their data may be put to deliver Trust obligations. All Privacy Statements need to be reviewed by the Trust Infrastructure Manager before they are published. Individuals must be given the opportunity to opt out of parts of the collection or use of the data not directly relevant to the specific purpose Collecting Personal Information Before collecting or processing personal information, the Trust or Academy must consider whether the personal data collected about staff and other data subjects is necessary in the context of the relationship and is covered by a privacy notice. For example, information concerning an employee s life outside work is unlikely to be necessary unless it is to determine potential or actual conflicts of interest and connected or related party transactions. However, it might be legitimate to request information about an employee s other jobs where there is a justifiable need, for example, in connection with the Working Time Regulations, or to request information about her/his children in connection with an application for parental leave. Information collected for a particular purpose should not be used for any other, incompatible purposes. 8. Monitoring and Review The Trust s or Academy s Data Controller will report on the policy to the Chief Executive, Deputy Chief Executive or Principal as appropriate. The Chief Executive, Deputy Chief Executive or Principal will report to the Trust Board or Advisory Councils on any relevant aspects of the working of this policy (including non-compliance) as appropriate. The Trust will review this policy every two (2) years. 9. Information held about Pupils A pupil, or someone acting on their behalf, may make a SAR in respect of personal data held about the pupil by a school. If the school is in England, Wales or Northern Ireland, the SAR should be dealt with by the school. If the school is in Scotland, the SAR should be dealt with by the relevant education authority or the proprietor of an independent school. There are two distinct rights to information held about pupils by schools. They are: the pupil s right of subject access under the DPA; and the parent s right of access to their child s educational record (in England, Wales and Northern Ireland this right of access is only relevant to maintained schools not independent schools, English academies or free schools. However in Scotland the right extends to independent schools). Although this code is only concerned with the right of subject access, it is important to understand what is meant by a pupil s educational record. This is because there is an Title: Staff Data Protection Policy Page 16 of 17

17 overlap between the two rights mentioned above and also because educational record is relevant when ascertaining the fee you may charge for responding to a SAR. The statutory definition of educational record differs between England and Wales, Scotland and Northern Ireland. Broadly speaking, however, the expression has a wide meaning and includes most information about current and past pupils that is processed by or on behalf of a school. However, information kept by a teacher solely for their own use does not form part of the educational record. It is likely that most of the personal information a school holds about a particular pupil will form part of the pupil s educational record. However, it is possible that some of the information could fall outside the educational record; e.g. information about the pupil provided by the parent of another child is not part of the educational record. Unlike the distinct right of access to the educational record, the right to make a SAR is the pupil s right. Parents are only entitled to access information about their child by making a SAR if the child is unable to act on their own behalf or has given their consent. If it is not clear whether a requester has parental responsibility for the child or is acting on their behalf, you should clarify this before responding to the SAR. In deciding what information to supply in response to a SAR, you need to have regard to the general principles about exemptions from subject access described elsewhere in this code. Examples of information which (depending on the circumstances) it might be appropriate to withhold include: information that might cause serious harm to the physical or mental health of the pupil or another individual; information that would reveal that the child is at risk of abuse, where disclosure of that information would not be in the child s best interests; information contained in adoption and parental order records; and certain information given to a court in proceedings concerning the child. 10. Sensitive Personal Data 'Sensitive personal data means personal data consisting of information as to: a) the racial or ethnic origin of the data subject b) their political opinions c) their religious beliefs or other beliefs of a similar nature d) whether they are a member of a trade union e) their physical or mental health or condition f) their sexual life g) the commission or alleged commission by them of any offence, or h) any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings. Title: Staff Data Protection Policy Page 17 of 17

DATA PROTECTION POLICY STATUTORY

DATA PROTECTION POLICY STATUTORY DATA PROTECTION POLICY MAIDEN ERLEGH TRUST STATUTORY INITIAL APPROVAL July 2017 REVIEW FREQUENCY At least every two years REVIEWED CONTENTS PART ONE: POLICY STATEMENT & OBJECTIVES PART TWO: STATUS OF THE

More information

European College of Business and Management Data Protection Policy

European College of Business and Management Data Protection Policy European College of Business and Management Data Protection Policy 1. INTRODUCTION 1.1 The European College of Business and Management (ECBM) is committed to full compliance with the Data Protection Act

More information

Data Protection Policy

Data Protection Policy Data Protection Policy St Barnabas & St Philip s Church of England Primary School P:\Policies and Documents\Data Protection Policy.docx 1 Responsibility: Contents: It is the responsibility of the Governors

More information

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016 1.0 Summary of Changes 1.1 This procedure/sop has had an additional paragraph added at 3.8.6 relating to data processing of information by direct access to Athena. 2.0 What this Procedure/SOP is About

More information

Data Protection Act 1998 Policy

Data Protection Act 1998 Policy Data Protection Act 1998 Policy Responsibility for Policy: Relevant to: University Secretary All Staff, Students and Academic Partnerships Approved by: SMT in September 2016 Responsibility for Document

More information

Data Protection Act 1998

Data Protection Act 1998 Data Protection Act 1998 1998 CHAPTER 29 ARRANGEMENT OF SECTIONS Part I Preliminary 1. Basic interpretative provisions. 2. Sensitive personal data. 3. The special purposes. 4. The data protection principles.

More information

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE 2008 CONTENTS 1. INTRODUCTION Purpose of this document 1-6 2. KEY LEGISLATION AND GUIDANCE

More information

Recruitment Policy and Procedures

Recruitment Policy and Procedures Recruitment Policy and Procedures Date of Last Review: 25.01.17 Review Period: Every 2 years Date of Next Review: 25.01.19 Owner: JAI Type of Policy: Compliance Governors Approval 1. Introduction St Michael

More information

Access to Personal Information Procedure

Access to Personal Information Procedure Purpose of The sixth principle of the Data Protection Act 1998 gives rights to individuals in respect of the personal data that organisations hold about them. The Act says that: Personal data shall be

More information

DISCLOSURE AND BARRING SERVICE (DBS) POLICY

DISCLOSURE AND BARRING SERVICE (DBS) POLICY DISCLOSURE AND BARRING SERVICE (DBS) POLICY Article 19 (protection from violence, abuse and neglect) Governments must do all they can to ensure that children are protected from all forms of violence, abuse,

More information

Recruitment, selection and disclosure policy and procedure

Recruitment, selection and disclosure policy and procedure Recruitment, selection and disclosure policy and procedure 1 Introduction Eton College (the College) is committed to providing the best possible care and education to its pupils and to safeguarding and

More information

As approved by the Office of Communications for the purposes of Sections 120 and 121 of the Communications Act 2003 on 21 June 2016

As approved by the Office of Communications for the purposes of Sections 120 and 121 of the Communications Act 2003 on 21 June 2016 Code of Practice Code for Premium rate services Approved under Section 121 of the Communications Act 2003 Code of Practice 2016 (Fourteenth Edition) Phone-paid Services Authority As approved by the Office

More information

CRIMINAL RECORDS CHECK (DBS) POLICY. Author/Reviewer: Date Approved: Jan 2006

CRIMINAL RECORDS CHECK (DBS) POLICY. Author/Reviewer: Date Approved: Jan 2006 CRIMINAL RECORDS CHECK (DBS) POLICY Author/Reviewer: DHR Date Approved: Jan 2006 Where Approved: Corporation Date of Issue: Nov 2008 Impact Assessment: Jan 2008 Date Reviewed: August 2010 Date Reviewed

More information

September RECRUITMENT, SELECTION AND DISCLOSURES POLICY AND PROCEDURES GENERAL

September RECRUITMENT, SELECTION AND DISCLOSURES POLICY AND PROCEDURES GENERAL RECRUITMENT, SELECTION AND DISCLOSURES POLICY AND PROCEDURES GENERAL 1. Willington School is committed to ensuring the best possible environment for the children and young people in its care. Safeguarding

More information

Durants School Disclosure and Barring POLICY

Durants School Disclosure and Barring POLICY Durants School Disclosure and Barring POLICY 1. POLICY 1.1 Durants School is committed to safeguarding and promoting the welfare of children and young people and expects all staff and volunteers to share

More information

King Edward s School RECRUITMENT, SELECTION AND DISCLOSURE POLICY AND PROCEDURE

King Edward s School RECRUITMENT, SELECTION AND DISCLOSURE POLICY AND PROCEDURE RECRUITMENT, SELECTION AND DISCLOSURE POLICY AND PROCEDURE Recruitment, selection and disclosure policy and procedure 1 Introduction King Edward s School is committed to providing the best possible care

More information

Criminal Records Checks

Criminal Records Checks 1 Sir Christopher Hatton Academy Criminal Records Checks Policy for the use of Criminal Records Checks and vetting adults with access to Sir Christopher Hatton Academy and its pupils. Statement on the

More information

Education Workforce Council

Education Workforce Council Education Workforce Council Registration Rules 2017 1 April 2017 Introduction Citation and transitional provisions 1- (1) Under Regulations 18 and 19 of the Education Workforce Council (Main Functions)

More information

CONCERNS & COMPLAINTS POLICY. November 2017

CONCERNS & COMPLAINTS POLICY. November 2017 CONCERNS & COMPLAINTS POLICY November 2017 1 Contents Page Policy for Academies in Surrey : Introduction and general principles 3-5 Complaints Procedure 7 Stage 1 8 Stage 2 9 Stage 3 10 Stage 4 11 Further

More information

Disclosure and Barring Service (DBS) Checks Policy

Disclosure and Barring Service (DBS) Checks Policy Disclosure and Barring Service (DBS) Checks Policy For the attention of: All Staff Produced by: Director of Human Resources Approved by: SMT Date of publication: April 2013 Date of review: April 2015 Our

More information

ORMISTON HORIZON ACADEMY. Disclosure and Barring Checks Policy

ORMISTON HORIZON ACADEMY. Disclosure and Barring Checks Policy ORMISTON HORIZON ACADEMY Disclosure and Barring Checks Policy Ormiston Academies Trust Date adopted: 1 st November 2016 Next review date: 1 st November 2017 Policy Version Control Policy prepared by Responsible

More information

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998 North Yorkshire County Council Subject Access Request Guidance and Procedure Data Protection Act 1998 The Data Protection Act 1998 (the Act), section 7 (1) gives individuals certain rights with regards

More information

Disclosure and Barring Scheme Policy and Procedure

Disclosure and Barring Scheme Policy and Procedure Disclosure and Barring Scheme Policy and Procedure Author HR Manager Date September 2013 (Policy Statement) Person Responsible HR Manager Approval/ review body (ies) SLT/ JNC/ Corporate Board Frequency

More information

Holy Trinity Catholic School. Whistle Blowing Policy 2017 BIRMINGHAM CITY COUNCIL WHISTLEBLOWING POLICY 2015 ADOPTED BY HOLY TRINITY CATHOLIC SCHOOL

Holy Trinity Catholic School. Whistle Blowing Policy 2017 BIRMINGHAM CITY COUNCIL WHISTLEBLOWING POLICY 2015 ADOPTED BY HOLY TRINITY CATHOLIC SCHOOL Holy Trinity Catholic School Whistle Blowing Policy 2017 BIRMINGHAM CITY COUNCIL WHISTLEBLOWING POLICY 2015 ADOPTED BY HOLY TRINITY CATHOLIC SCHOOL Introduction 1.1 Birmingham City Council is committed

More information

Whistleblowing & Serious Misconduct Policy

Whistleblowing & Serious Misconduct Policy King s Norton Boys School Whistleblowing & Serious Misconduct Policy We recognise that children cannot be expected to raise concerns in an environment where staff fail to do so. All staff should be aware

More information

DATA PROTECTION (JERSEY) LAW 2005

DATA PROTECTION (JERSEY) LAW 2005 DATA PROTECTION (JERSEY) LAW 2005 Revised Edition Showing the law as at 1 January 2017 This is a revised edition of the law Data Protection (Jersey) Law 2005 Arrangement DATA PROTECTION (JERSEY) LAW 2005

More information

DISCLOSURE & BARRING CHECKS POLICY

DISCLOSURE & BARRING CHECKS POLICY Westcountry Schools Trust (WeST) DISCLOSURE & BARRING CHECKS POLICY Mission Statement WeST holds a deep seated belief in education and lifelong learning. Effective collaboration, mutual support and professional

More information

Human Resources People and Organisational Development. Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees

Human Resources People and Organisational Development. Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees Human Resources People and Organisational Development Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees 1 Contents What is the DBS?... 3 Assessing the need to conduct a

More information

Safeguarding, Disclosure and Barring Policy

Safeguarding, Disclosure and Barring Policy Safeguarding, Disclosure and Barring Policy 11 November 2016 Bolton Council school model policy for safeguarding, disclosure and barring. 11 November 2016 0 Safeguarding, Disclosure and Barring Policy

More information

SELF-DECLARATION FORM FOR A CHILD CARE POSITION

SELF-DECLARATION FORM FOR A CHILD CARE POSITION SELF-DECLARATION FORM FOR A CHILD CARE POSITION As required in Clydesdale Cricket Club s Child Protection Policy and Procedures this form must be completed by all members for positions Clydesdale Cricket

More information

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI)

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI) PURPOSE PARTNERS The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief Police Officers and relevant agencies

More information

INFORMATION SHARING AGREEMENT This document is NOT PROTECTIVELY MARKED

INFORMATION SHARING AGREEMENT This document is NOT PROTECTIVELY MARKED PURPOSE PARTNERS The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief Police Officers and relevant agencies

More information

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 General Rules on the Processing of Personal Data... 1 Rights of Data Subjects... 6 Notifications to the Registrar... 7 The Registrar...

More information

EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY

EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY EDEN HOUSING ASSOCIATION LIMITED DISCLOSURE AND BARRING SERVICE (DBS) POLICY Document Reference Number CORP 22 Policy Author Rosie Sergison Policy Implementation date 18 September 2013 Leadership Team

More information

Education Central Multi Academy Trust Disclosure and Barring Service (DBS) Policy

Education Central Multi Academy Trust Disclosure and Barring Service (DBS) Policy Education Central Multi Academy Trust Disclosure and Barring Service (DBS) Policy Author Revision Number Date of Ratification at Finance & Resources Committee Review Date Shila Malhotra 01 12/09/2016 August

More information

WINSLOW CE COMBINED SCHOOL

WINSLOW CE COMBINED SCHOOL Recruitment Policy Introduction The purpose of this policy is to set out the minimum requirements of a recruitment process that: Attracts the best possible applicants to apply for any vacancies Has safeguarding

More information

King s College School, Cambridge Safer Recruitment, Selection and Disclosure Policy and Procedure

King s College School, Cambridge Safer Recruitment, Selection and Disclosure Policy and Procedure King s College School, Cambridge Safer Recruitment, Selection and Disclosure Policy and Procedure 1. Introduction King s College School, Cambridge ( the School ) is committed to providing the best possible

More information

By the public sector, for the public sector

By the public sector, for the public sector Effective From: 1 st 1. Introduction Disclosure and Barring Policy Northamptonshire County Council (Northamptonshire County Council) is the Registered Body that undertakes criminal record disclosure checks

More information

DISCLOSURE AND BARRING SERVICE (DBS) CHECKS POLICY AND PROCEDURE FOR SALISBURY PLAIN ACADEMIES

DISCLOSURE AND BARRING SERVICE (DBS) CHECKS POLICY AND PROCEDURE FOR SALISBURY PLAIN ACADEMIES DISCLOSURE AND BARRING SERVICE (DBS) CHECKS POLICY AND PROCEDURE FOR SALISBURY PLAIN ACADEMIES Page 1 of 12 June 2016 Index Section Page Introduction 3 Who is included in these arrangements? 3 Who is excluded?

More information

COMP Article 1. Article 1 Subject matter and objectives

COMP Article 1. Article 1 Subject matter and objectives Proposal for a directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention,

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Durrington High School as part of the Durrington Multi Academy Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact

More information

Guidelines on Disclosure & Barring Service (DBS) Checks

Guidelines on Disclosure & Barring Service (DBS) Checks Guidelines on Disclosure & Barring Service (DBS) Checks What is DBS? Requirement for DBS checks at Southampton Solent University (SSU) Information for new applicants Information for existing employees

More information

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 2 DATA PROTECTION (JERSEY) LAW 2005: CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV PART 1: CODE OF PRACTICE Introduction

More information

SUBJECT ACCESS REQUEST

SUBJECT ACCESS REQUEST DATA PROTECTION ACT 1998 SUBJECT ACCESS REQUEST Procedure Manual Page 1 of 22 Invest NI 1. Introduction 1.1 What is a Subject Access Request? 1.2 Routine Requests 1.3 What is an individual entitled to?

More information

CORPORATE / MODEL SCHOOL CRB DISCLOSURE POLICY

CORPORATE / MODEL SCHOOL CRB DISCLOSURE POLICY St Thomas Primary School CRB Disclosure Policy Date adopted 29-Jan-2009 Version Oct08 Last Reviewed 24-Jan-2012 Review Cycle Three Years Revision Ref Author/Owner Personnel Committee CORPORATE / MODEL

More information

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012 Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012 Glossary of Terms... 3 The Privacy Principles at Nestlé Canada... 5 Accountability... 5 Identifying Purpose... 5 Consent... 6 Obtaining

More information

St John s Church of England (Voluntary Aided) Primary School, Croydon. Disclosure and Barring Policy 2017

St John s Church of England (Voluntary Aided) Primary School, Croydon. Disclosure and Barring Policy 2017 St John s Church of England (Voluntary Aided) Primary School, Croydon Disclosure and Barring Policy 2017 Date: January 2017 Frequency of review: Annual Reviewed by: Personnel Committee Background Criminal

More information

Disciplinary Procedure

Disciplinary Procedure Disciplinary Procedure Responsibility: Robin Wilson (Head of Centre) Reviewed: 14 September 2015 Next Review: 14 September 2017 2 P a g e DISCIPLINARY PROCEDURE - STAFF IN SCHOOLS 1. INTRODUCTION The purpose

More information

THE PIGGOTT SCHOOL FREEDOM OF INFORMATION POLICY AND GUIDANCE

THE PIGGOTT SCHOOL FREEDOM OF INFORMATION POLICY AND GUIDANCE THE PIGGOTT SCHOOL...to be a school which inspires and encourages the highest achievement FREEDOM OF INFORMATION POLICY AND GUIDANCE Date last reviewed: Summer term 2017 Responsibility: Headteacher and

More information

FREEDOM OF INFORMATION POLICY

FREEDOM OF INFORMATION POLICY FREEDOM OF INFORMATION POLICY Approved: October 2014 Review due: October 2017 FREEDOM OF INFORMATION POLICY 1. Introduction The Southfield Grange Trust is committed to the Freedom of Information Act (FoI)

More information

Freedom of Information Policy

Freedom of Information Policy Audience Named person responsible for monitoring Freedom of Information Policy All Staff & Governors Head Agreed by Personnel Committee June 2015 Agreed by Governing Body July 2015 Date to be Reviewed

More information

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum The object of this Bill is to repeal the Data Protection Act and replace it by a new and more appropriate legislation which will strengthen

More information

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) [S.L.440.05 1 SUBSIDIARY LEGISLATION 440.05 DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS 30th September,

More information

THE PRIVACY ACT OF 1974 (As Amended) Public Law , as codified at 5 U.S.C. 552a

THE PRIVACY ACT OF 1974 (As Amended) Public Law , as codified at 5 U.S.C. 552a THE PRIVACY ACT OF 1974 (As Amended) Public Law 93-579, as codified at 5 U.S.C. 552a Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, that

More information

The London Borough of Barnet. The Metropolitan Police Barnet Borough Division

The London Borough of Barnet. The Metropolitan Police Barnet Borough Division The London Borough of Barnet in partnership with The Metropolitan Police Barnet Borough Division Code of Practice for the operation of Closed Circuit Television October 2014 Change Control Item Reason

More information

Identity Cards Bill EXPLANATORY NOTES. Explanatory notes to the Bill, prepared by the Home Office, are published separately as Bill 9 EN.

Identity Cards Bill EXPLANATORY NOTES. Explanatory notes to the Bill, prepared by the Home Office, are published separately as Bill 9 EN. Identity Cards Bill EXPLANATORY NOTES Explanatory notes to the Bill, prepared by the Home Office, are published separately as Bill 9 EN. EUROPEAN CONVENTION ON HUMAN RIGHTS Mr Secretary Clarke has made

More information

DBS referral form guidance

DBS referral form guidance DBS referral form guidance The Safeguarding Vulnerable Groups Act 2006 (SVGA) places a legal duty on employers and personnel suppliers to refer any person who has: harmed or poses a risk of harm to a child

More information

Disciplinary procedures for all employees

Disciplinary procedures for all employees Disciplinary procedures for all employees Comprising: A) Disciplinary rules for all employees B) Misconduct Headteacher / Principal C) Misconduct all staff except Headteacher / Principal Approved by: Trustees

More information

DISCIPLINARY PROCEDURE

DISCIPLINARY PROCEDURE DISCIPLINARY PROCEDURE 1 INTRODUCTION The University of Aberdeen expects a professional and consistent standard of conduct and performance from all members of staff. This procedure aims to encourage you

More information

SAFEGUARDING VULNERABLE GROUPS ACT 2006

SAFEGUARDING VULNERABLE GROUPS ACT 2006 SAFEGUARDING VULNERABLE GROUPS ACT 2006 EXPLANATORY NOTES INTRODUCTION 1. These explanatory notes relate to the Safeguarding Vulnerable Groups Act which received Royal Assent on 8 th November 2006. They

More information

32000D0520. Official Journal L 215, 25/08/2000 P

32000D0520. Official Journal L 215, 25/08/2000 P 32000D0520 2000/520/EC: Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy

More information

5418/16 AV/NT/vm DGD 2

5418/16 AV/NT/vm DGD 2 Council of the European Union Brussels, 6 April 2016 (OR. en) Interinstitutional File: 2012/0010 (COD) 5418/16 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: DATAPROTECT 1 JAI 37 DAPIX 8 FREMP 3 COMIX 36

More information

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS Short title. 1. This Law may be cited as the Processing of Personal Data (Protection of Individuals)

More information

Personal Data Protection Act

Personal Data Protection Act Personal Data Protection Act Promulgated State Gazette No. 1/4.01.2002, effective 1.01.2002, supplemented, SG No. 70/10.08.2004, effective 1.01.2005, SG No. 93/19.10.2004, No. 43/20.05.2005, effective

More information

Whistle Blowing Policy

Whistle Blowing Policy Great Bedwyn CE VC Primary School Whistle Blowing Policy Date of Last Review: November 2015 Date to be Reviewed: Will stand until LA changes apply Review Body: Full Governing Body 1 Whistle Blowing Policy

More information

Schools HR Policy & Procedure Handbook

Schools HR Policy & Procedure Handbook Schools HR Policy & Procedure Handbook Keeping Children Safe in Education: Disclosure & Barring Service (DBS) Guidance for Schools Date of Next Review Head teacher/slt November 2017 Governors Premises,

More information

askmid User Agreement

askmid User Agreement This user agreement ("Agreement") is a legally binding agreement between you (the User) and Motor Insurers Bureau (Company Number 00412787) whose registered office is at Linford Wood House, 6-12 Capital

More information

STUDENT DISCIPLINARY PROCEDURE: NON-ACADEMIC MISCONDUCT

STUDENT DISCIPLINARY PROCEDURE: NON-ACADEMIC MISCONDUCT STUDENT DISCIPLINARY PROCEDURE: NON-ACADEMIC MISCONDUCT 1. INTRODUCTION Purpose 1.1 In order to operate effectively, all organisations need to set standards of conduct to which their members are expected

More information

St. Paul s C of E Primary School

St. Paul s C of E Primary School St. Paul s C of E Primary School Data Protection Policy Reviewed January 2016 Next Review Date January 2019 St. Paul s C. of E. Primary School DATA PROTECTION POLICY School Aim Statement Everyone working

More information

CHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PART II

CHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PART II CHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Short Title 2. Interpretation 3. Scope of Application PART II DATA PROTECTION AUTHORITY 4. Establishment

More information

Shrewsbury College. Policy Title. Policy Number Approved By Author. Date Issued January 2013 Policy Owner. Revision History

Shrewsbury College. Policy Title. Policy Number Approved By Author. Date Issued January 2013 Policy Owner. Revision History Shrewsbury College Policy Title Safeguarding Employment Policy Policy Number Approved By Author HRP031 Date Issued January 2013 Policy Owner Donna Lucas Assistant Principal: Human Resource Development

More information

CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS

CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS 1 INTRODUCTION This Code of Practice sets out the basic conditions of use for Community-Based CCTV systems by applicants for the Department of Justice,

More information

Annex 1: Standard Contractual Clauses (processors)

Annex 1: Standard Contractual Clauses (processors) Annex 1: Standard Contractual Clauses (processors) For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure

More information

EUROPEAN PARLIAMENT Committee on the Internal Market and Consumer Protection

EUROPEAN PARLIAMENT Committee on the Internal Market and Consumer Protection EUROPEAN PARLIAMT 2009-2014 Committee on the Internal Market and Consumer Protection 2012/0011(COD) 28.1.2013 OPINION of the Committee on the Internal Market and Consumer Protection for the Committee on

More information

Yr Adran Plant, Addysg, Dysgu Gydol Oes a Sgiliau Department for Children, Education, Lifelong Learning and Skills

Yr Adran Plant, Addysg, Dysgu Gydol Oes a Sgiliau Department for Children, Education, Lifelong Learning and Skills Yr Adran Plant, Addysg, Dysgu Gydol Oes a Sgiliau Department for Children, Education, Lifelong Learning and Skills Guidance for School Governing Bodies on and Model Whistleblowing Policy Guidance Welsh

More information

THE ENGLAND AND WALES CRICKET BOARD CHILD SAFEGUARDING COMPLAINTS AND DISCIPLINARY PROCEDURE

THE ENGLAND AND WALES CRICKET BOARD CHILD SAFEGUARDING COMPLAINTS AND DISCIPLINARY PROCEDURE THE ENGLAND AND WALES CRICKET BOARD CHILD SAFEGUARDING COMPLAINTS AND DISCIPLINARY PROCEDURE INTRODUCTION The ECB is committed to ensuring that all Children (1) 1 who participate in Cricket have a safe

More information

to the Government Gazette of Mauritius No. 14 of 14 February 2009

to the Government Gazette of Mauritius No. 14 of 14 February 2009 LEGAL Government SUPPLEMENT Notices 2009 45 45 to the Government Gazette of Mauritius No. 14 of 14 February 2009 Government Notice No. 22 of 2009 THE DATA PROTECTION ACT Regulations made by the Prime Minister

More information

PERSONAL INFORMATION PROTECTION ACT

PERSONAL INFORMATION PROTECTION ACT Province of Alberta Statutes of Alberta, Current as of December 17, 2014 Office Consolidation Published by Alberta Queen s Printer Alberta Queen s Printer Suite 700, Park Plaza 10611-98 Avenue Edmonton,

More information

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1. Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information 1 In order to ensure the right of informational self-determination and the freedom of information, and to

More information

The Freedom of Information and Protection of Privacy Act

The Freedom of Information and Protection of Privacy Act FREEDOM OF INFORMATION AND 1 The Freedom of Information and Protection of Privacy Act being Chapter of the Statutes of Saskatchewan, 1990-91, as amended by the Statutes of Saskatchewan, 1992, c.62; 1994,

More information

Code of Practice - Conduct of Officers of NAMA

Code of Practice - Conduct of Officers of NAMA Code of Practice - Conduct of Officers of NAMA This Code of Practice was approved by the Minister for Finance on 6 th July 2017 NATIONAL ASSET MANAGEMENT AGENCY Code of Practice and Professional Conduct

More information

BILL NO. 42. Health Information Act

BILL NO. 42. Health Information Act HOUSE USE ONLY CHAIR: WITH / WITHOUT 4th SESSION, 64th GENERAL ASSEMBLY Province of Prince Edward Island 63 ELIZABETH II, 2014 BILL NO. 42 Health Information Act Honourable Doug W. Currie Minister of Health

More information

GENERAL CONDITIONS OF USE OF THE SUPPLIER PORTAL

GENERAL CONDITIONS OF USE OF THE SUPPLIER PORTAL GENERAL CONDITIONS OF USE OF THE SUPPLIER PORTAL 1. Legal warning and information and its acceptance This legal warning and information (hereinafter the "Legal Warning ") regulates the use of the internet

More information

Data Protection Policy. Revisions and Editions Log

Data Protection Policy. Revisions and Editions Log Data Protection Policy Revisions and Editions Log Data Protection Policy adopted February 2015 Review Resources Comm February 2016 Reviewed Feb 2017 FGB Next review Feb 2018 School Data Protection Policy

More information

INFORMATION SHARING AGREEMENT (ISA) BETWEEN

INFORMATION SHARING AGREEMENT (ISA) BETWEEN P.698 (07/12) INFORMATION SHARING AGREEMENT (ISA) BETWEEN Lincolnshire County Council The National Probation Service The Humberside, Lincolnshire and North Yorkshire Community Rehabilitation Company (HLNY

More information

Memorandum of Understanding. between. Solicitors Regulation Authority. and. The Claims Management Regulation Unit (CMR)

Memorandum of Understanding. between. Solicitors Regulation Authority. and. The Claims Management Regulation Unit (CMR) Memorandum of Understanding between Solicitors Regulation Authority and The Claims Management Regulation Unit (CMR) Introduction 1. The Claims Management Regulation Unit (CMR) and the Solicitors Regulation

More information

Financial Advisory and intermediary Service ACT 37 of (English text signed by the President)

Financial Advisory and intermediary Service ACT 37 of (English text signed by the President) Financial Advisory and intermediary Service ACT 37 of 2002 [ASSENTED TO 15 NOVEMBER 2002] [DATE OF COMMENCEMENT: 15 NOVEMBER 2002] (Unless otherwise indicated) (English text signed by the President) Regulations

More information

RECRUITMENT, SELECTION AND DISCLOSURE POLICY AND PROCEDURE

RECRUITMENT, SELECTION AND DISCLOSURE POLICY AND PROCEDURE RECRUITMENT, SELECTION AND DISCLOSURE POLICY AND PROCEDURE Document Details Information Sharing Category Acting Principal, HR, Head of Boarding, Head of Academics Version 1 Date Published November 2017

More information

NDORS Trainer Licence Agreement

NDORS Trainer Licence Agreement NDORS Trainer Licence Agreement Table of Contents 1 Interpretation... 3 2 Licence Process... 8 3 Licence... 10 4 Services and Trainer's Responsibilities... 13 5 Updates... 16 6 Intellectual Property Rights...

More information

Application of Policy. All applicants for general student employment in a security sensitive position.

Application of Policy. All applicants for general student employment in a security sensitive position. Policies of the University of North Texas 05.007 Criminal History Background Checks for Student Employment Applicants Chapter 5 Human Resources Policy Statement. The University of North Texas is committed

More information

The General Teaching Council for Scotland Fitness to Teach Rules 2017 These Rules are available in alternative formats on request

The General Teaching Council for Scotland Fitness to Teach Rules 2017 These Rules are available in alternative formats on request DRIVING FORWARD PROFESSIONAL STANDARDS FOR TEACHERS The General Teaching Council for Scotland Fitness to Teach Rules 2017 These Rules are available in alternative formats on request Table of Contents

More information

The Labour Relations Agency Arbitration Scheme. Guide to the Scheme

The Labour Relations Agency Arbitration Scheme. Guide to the Scheme The Labour Relations Agency Arbitration Scheme Guide to the Scheme Labour Relations Agency The Labour Relations Agency is an independent, publicly funded organisation. Our job is to promote good employment

More information

POLICE AND CRIMINAL EVIDENCE ACT 1984 (PACE) CODE B

POLICE AND CRIMINAL EVIDENCE ACT 1984 (PACE) CODE B POLICE AND CRIMINAL EVIDENCE ACT 1984 (PACE) CODE CODE OF PRACTICE FOR SEARCHES OF PREMISES Y POLICE OFFICERS AND THE SEIZURE OF PROPERTY FOUND Y POLICE OFFICERS ON PERSONS OR PREMISES Commencement - Transitional

More information

Kent County Council. A Guide to Managing Allegations against Members of Staff

Kent County Council. A Guide to Managing Allegations against Members of Staff Kent County Council A Guide to Managing Allegations against Members of Staff 1 Kent County Council Managing Allegations Against Staff Practice Guidance Title Managing Allegations Against Staff Practice

More information

Covert Human Intelligence Sources Code of Practice

Covert Human Intelligence Sources Code of Practice Covert Human Intelligence Sources Code of Practice Presented to Parliament pursuant to section 71(4) of the Regulation of Investigatory Powers Act 2000. 2 Covert Human Intelligence Sources Code of Practice

More information

Data protection and journalism: a guide for the media

Data protection and journalism: a guide for the media Data protection Data protection and journalism Data protection and journalism: a guide for the media Contents * About this guide 3 2 Technical guidance 18 1 Practical guidance 6 Data protection basics

More information

Legal Aid Ontario. Privacy policy

Legal Aid Ontario. Privacy policy Legal Aid Ontario Privacy policy Legal Aid Ontario Privacy policy Title: Privacy policy Author: Legal Aid Ontario, General Counsel Last updated: April 16, 2014 Table of Contents 1. Application of FIPPA...

More information

BERMUDA CHARITIES ACT : 2

BERMUDA CHARITIES ACT : 2 QUO FA T A F U E R N T BERMUDA CHARITIES ACT 2014 2014 : 2 TABLE OF CONTENTS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 PART 1 PRELIMINARY Citation Interpretation Meaning of charitable purpose Descriptions

More information

March 2016 INVESTOR TERMS OF SERVICE

March 2016 INVESTOR TERMS OF SERVICE March 2016 INVESTOR TERMS OF SERVICE This Agreement is between you and Financial Pulse Limited and sets out the terms on which Financial Pulse offers you access to and use of certain services via the online

More information

COMPLAINTS AND DISCIPLINARY POLICY

COMPLAINTS AND DISCIPLINARY POLICY COMPLAINTS AND DISCIPLINARY POLICY No: BE524 Issue: 2 Date: February 2016 Author: M. Scott Approved: Sports Sub Committee 27.01.2016 Glossary of terms In this policy the following terms have the meanings

More information