Privacy. Purpose. Scope. Policy. Appendix A
|
|
- Camron Daniel
- 5 years ago
- Views:
Transcription
1 Privacy NZQA Quality Management System Policy Appendix A Purpose To ensure NZQA and personnel meet the legal obligations under the Privacy Act 1993 and in relation to its functions under section 246A of the Education Act. The policy will assist NZQA personnel promote and support the principles of privacy as set out in section 6 of the Privacy Act as detailed below. Particular reference is made to the source, collection, storage and security, access, correction, accuracy, retention, use and disclosure of personal information. Scope All NZQA personnel (includes both employees of NZQA and others, whether individuals or organisations with agreements or arrangements to carry out work or provide services to NZQA - refer to the Definitions section) who are involved with the use of personal information. Compliance with this policy is required under the NZQA Code of Conduct. This policy supports legislative compliance with the Privacy Act 1993 and the Education Act Policy 1 General Introduction The Privacy Act requires NZQA to appoint a Privacy Officer who ensures we comply with the Act. The Act is a comprehensive piece of legislation which sets out rights and obligations relating to the proper source, collection, storage and security, access, correction, accuracy, retention, use and disclosure of personal information. Personal information is information about an identifiable individual (a natural person) and includes information relating to a death maintained by the Registrar of Births, Deaths, Marriages and Relationships. It does not include statistical information that does not identify individuals. If an information request relates to reasons for decisions affecting that individual the request may also be made under the Official Information Act (OIA) (section 23 of the OIA) and must be released unless there is good reason to withhold the information under sections 5-11 of the OIA Act. (See Respond to Official Information Act requests) The office of the Privacy Commissioner is responsible for investigating complaints about interferences with privacy. An interference with privacy involves a breach of privacy law (such as a breach of the privacy principles) and some harm arising from that breach, with harm being: financial loss or other injury adverse effect on a right, benefit, privilege, obligation or interest significant humiliation, significant loss of dignity, or significant injury to the feelings of the individual. NZQA should not wrongfully refuse to give an individual access to their personal information in order to correct that information. A breach can also occur under a code of practice for data matching in accordance with Part 10 of the Act, Information Sharing under Part 9A, or Transfer outside of NZ under Part 11A.
2 2 NZQA shall meet the Principles of the Privacy Act Principles 1-4 regulate the manner in which information is collected by NZQA at all stages of the provision of services. Principle 1: Purpose of collection of personal information Personal information must not be collected by NZQA unless the information is collected for a lawful purpose connected with the functions of NZQA as set out under section 246A of the Education Act 1989 and the collection of the information is necessary for that purpose. Personal information in the context of NZQA s work includes; name, address, date of birth, gender, ethnicity, institution details and exam grades and NSN. As an authorised user in terms of the Act, NZQA personnel may collect the NSN for particular purposes which include: monitoring and ensuring student enrolment and attendance ensuring education providers and students receive appropriate resourcing. statistical purposes. research purposes. ensuring that students educational records are accurately maintained Principle 2:- Source of personal information Personal information should be collected directly from an individual unless NZQA believes it can clearly be shown that the individual concerned has authorised collection of the information from someone else. Permission must be obtained from students for personal information to be disclosed, for a specified purpose between educational institutions and agencies such as NZQA, unless one of the exceptions apply. NZQA practice is to obtain permission from students at enrolment. Information is disclosed for such purposes as facilitating enrolment and transferring and compiling statistics. Exceptions to compliance are:- (a) that the information is publicly available information; or (b) that the individual concerned authorises collection of the information from someone else; or (c) that non-compliance would not prejudice the interests of the individual concerned; or (d) that non-compliance is necessary - i. to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or for the enforcement of a law imposing a pecuniary penalty; or i for the protection of the public revenue; or iv. for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or (e) that compliance would prejudice the purposes of the collection; or (f) that compliance is not reasonably practicable in the circumstances of the particular case; or (g) that the information -
3 i. will not be used in a form in which the individual concerned is identified; or will be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or (h) that the collection of the information is in accordance with an authority granted under section 54. Principle 3:- Collection from the individual When information is being collected, NZQA personnel must take all reasonable steps to ensure that the individual knows and understands: i. why the information is being or is to be collected; and their right to access and correct the information collected. Under section 254A of the Education Act 1989, NZQA may collect personal information from institutions, rather than directly from candidates. However, the information must be gathered for the purposes of performing its functions under the Act. Principal 4:- Manner of collection of personal information Personal information shall not be collected by NZQA by unlawful means, or where in the circumstances of the case, would be unfair and intrude to an unreasonable extent upon the personal affairs of the individual concerned. Principle 5:- Security of personal information NZQA personnel have an obligation to ensure that only appropriate personnel have physical and electronic access and must take all reasonable safeguards to guard against loss, access, use and modification or disclosure except with authorisation by NZQA. For further detail refer to the Code of Conduct, Acceptable Use Guidelines for Computer, Information Security and Information Management policies and the Clear desk for classified information policy. Principle 6:- Right of access to personal information An individual has the right to access their own personal information if it can be readily retrieved. The individual does not need to provide any explanation of why they wish to access their information. An information privacy request, may only be made by an individual or a third party who has been authorised by the individual. NZQA is required to develop procedures that support the process and respond to requests for access within 20 days and also advise the individual of the right to correct their personal information under Principle 7. Where the information requested is not held by NZQA but is believed to be held by another agency, or the information is held by NZQA but believed to be more closely connected to the functions/ activities of another agency NZQA must transfer any request within 10 days. Reasons for refusing requests are set out in sections of the Act and include: disclosure would likely endanger the safety of an individual or would involve the unwarranted disclosure of the affairs of another individual. See processes for responding to requests for personal information. If the request relates to reasons for decisions affecting that individual the request may also be made under section 23 of the Official Information Act (OIA) (see Respond to Official Information Act requests). For NCEA results etc., the information belongs to the individual and parents and guardians do not have automatic access and require the individual s consent to access.
4 Principle 7:- Requests for correction of personal information Individuals have the right to request their information be corrected and if NZQA hold the information, must ensure any factual and demographical information is corrected. Where NZQA is not willing to correct the information, it will take reasonable steps to attach any statement provided by that individual of the correction and inform the individual of the same. Principle 8:- Accuracy of personal information Before using information NZQA personnel must take reasonable steps to ensure that the information is accurate, up to date, complete, relevant and not misleading. This is especially important if the information has been collected from a third party (e.g. unsolicited information) and not directly from the individual. Principle 9:- Retention of personal information NZQA shall not keep that information for longer than is required for the purposes for which the information may lawfully be used. Principle 10:- Limits on use of personal information Information obtained in connection with a purpose(s) may only be used for that purpose in accordance with Principle 3 collection of information, or a directly related purpose. Uses which are directly related to the purpose for which the information was collected will generally include administrative purposes. Other exceptions in relation to use include: (c) that non-compliance is necessary - i. to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or for the enforcement of a law imposing a pecuniary penalty; or i for the protection of the public revenue; or iv. for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or (d) that the use of the information for that other purpose is necessary to prevent or lessen a serious threat (as defined in section 2(1)) to - i. public health or public safety; or the life or health of the individual concerned or another individual; or (f) that the information - i. is used in a form in which the individual concerned is not identified; or is used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or (g) that the use of the information is in accordance with an authority granted under section 54. Further authorisations are available through information sharing agreements, (Part 9A) information matching programmes (Part 10) s and law enforcement (Part 11).
5 Principle 11 Limits on disclosure of personal information NZQA shall only disclose personal information requested to the individual to whom that information relates unless NZQA receives the individual s authority (in accordance with the QMS process) to disclose that information to a Third Party. Exceptions to compliance include: (a) that the disclosure of the information is one of the purposes in connection with which the information was obtained or is directly related to the purposes in connection with which the information was obtained; or (b) that the source of the information is a publicly available publication and that, in the circumstances of the case, it would not be unfair or unreasonable to disclose the information; or (c) that the disclosure is to the individual concerned; or (d) that the disclosure is authorised by the individual concerned; or (e) that non-compliance is necessary - i. to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences; or for the enforcement of a law imposing a pecuniary penalty; or i for the protection of the public revenue; or iv. for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation); or (f) that the disclosure of the information is necessary to prevent or lessen a serious threat (as defined in section 2(1)) to - i. public health or public safety; or the life or health of the individual concerned or another individual; or (g) that the disclosure of the information is necessary to facilitate the sale or other disposition of a business as a going concern; or (h) that the information - i. is to be used in a form in which the individual concerned is not identified; or is to be used for statistical or research purposes and will not be published in a form that could reasonably be expected to identify the individual concerned; or (i) that the disclosure of the information is in accordance with an authority granted under section 54. Principle 12 - Assignment of unique identifiers A unique identifier is defined as an identifier that is assigned to an individual by an agency for the purposes of the operations of the agency and that uniquely identifies that individual in relation to that agency. It does not include the individual s name. Unique identifiers are only to be assigned where it is necessary for the agency to carry out one or more of its functions efficiently. Use and disclosure of some unique identifiers, for example the student NSN number, are regulated under other legislation (Part 30 of the Education Act for NSNs), and override the Privacy Principles for use and disclosure. There are also restrictions on two or more agencies using the same identifiers.
6 3 Complaints relating to the Privacy Act Part 8 of the Act provides a detailed description and process for making a complaint for a breach of the Privacy Principles under the Act. Any person wishing to make a complaint to the Privacy Commissioner must show an interference with privacy i.e. breach of privacy law and harm. The office of the Privacy Commissioner advises that harm can include: Financial loss or injury Adverse effect on a person s rights, benefits, privileges, obligations or interests Significant humiliation, significant loss of dignity, or significant injury to feelings. Responsibilities Position Responsible for NZQA Board Maintaining an overview of Privacy at NZQA Strategic Management Team Approving any amendments required to the NZQA Privacy policy. Approving the NZQA processes for managing personal information and requests for personal information. Privacy Officer Supporting NZQA compliance with the provisions of the Privacy Act. Logging all external requests made to NZQA under the Privacy Act and manage the execution of all Privacy responses as required under the process. Contacting legal services for advice where unsure of resolving an issue. Working with the Privacy Commissioner on complaint investigations in relation to NZQA made pursuant to Part 8 of the Act. Advising and training NZQA Personnel on collection, use, storage, access, disclosure and complaints to NZQA. Manager People and Capability Ensuring confidential employment records are securely held and only made accessible in accordance with the Privacy Act and the Collective Employment Agreement or Individual Employment Agreement. Managing any employee requests for access, disclosure or correction to information held by People and Capability in accordance with the Privacy Act and the Collective Employment Agreement. Managing all employee requests made in relation to People and Capability records to NZQA under the Privacy Act. NZQA Managers Ensuring that confidentiality of personal information is maintained at all times. Ensuring that personal information is collected and stored securely, and the information is used only for those proper purposes for which it was obtained. Ensuring that when they are seeking feedback about an individual from other persons (e.g. referee checking applicants for vacancies, performance feedback on staff during the annual performance review) they obtain the permission of the individual concerned before proceeding.
7 Contacting privacy officer or legal services for advice as required. Otherwise complying with the Privacy Principles. NZQA personnel Ensuring that they are aware of NZQA s privacy obligations as they relate to individuals both internal and external to NZQA, and assisting NZQA to comply with its obligations. Unauthorised disclosure may amount to serious misconduct and may result in a disciplinary process, an investigation of NZQA by the Privacy Commissioner and/ or legal proceedings Ensuring that all (internal and external) requests are forwarded to the Privacy Officer to be logged in the privacy request register and comply with the privacy procedures. Contacting their manager or the Privacy Officer if they are unsure what to do. Ensuring that when they are seeking feedback about an individual from other persons they obtain the permission of the individual concerned before proceeding. References NZQA Code of Conduct NZQA Complaints policy Computer and Information Security policy Clear desk for classified information policy Acceptable Use Guidelines Processes for responding to privacy requests Privacy Act 1993 ( Privacy Act ) Official Information Act 1982 ( OIA ) Harmful Digital Communications Act 2015 Sharing Information Agreement for improving Public Services for Vulnerable Children (25 June 2015) Office of the Privacy Commissioner Definitions For the purposes of this policy, unless otherwise stated, the following definitions apply. NZQA Personnel Personal information (a) employees of NZQA, whether permanent or fixed-term; and (b) others, whether individuals or organizations or both, carrying out work for or on behalf of, or providing services to or on behalf of, NZQA, where the agreement or arrangement for the work or services requires compliance with all or some of NZQA's policies, frameworks, processes, or procedures. Information about an identifiable individual and includes information relating to a death, that is maintained by the Registrar General pursuant to the Births and Deaths Marriages, and Relationships Registration Act 1995, or any former Act. It excludes non identifiable statistical information and evidence given or made in correspondence to Commissions of enquiry or the Privacy commissioner.
8 Interference with privacy Official Information Third Party An interference with privacy involves a breach of privacy law (such as a breach of the privacy principles) and some harm arising from that breach, with harm being: financial loss or other injury adverse effect on a right, benefit, privilege, obligation or interest significant humiliation, significant loss of dignity, or significant injury to the feelings of the individual. Involves refusal to make information available where the Privacy Commissioner is of the opinion that there is no proper basis for the refusal. Is any information held by the government, including information held by NZQA and its contractors, and includes reasons for decisions about a person. Official information must be disclosed unless there is good reason for withholding it (see sections 5 to 11 of the OIA and supporting QMS documents). Is defined as being any person or body of persons, whether corporate or unincorporated, and whether in the public sector or the private sector. It does not include data matching or sharing arrangements which allow for the exchange of information between agreed agencies. (Parts 7, 9A and 11 of the Privacy Act). Measurement Criteria No inappropriate release of personal information about employees, students or other individuals that is held by NZQA. No justifiable complaints from staff members regarding, inappropriate use of, or inaccuracies in, their personal information held by NZQA.
Telecommunications Information Privacy Code 2003
Telecommunications Information Privacy Code 2003 Incorporating Amendments No 3, No 4, No 5 and No 6 Privacy Commissioner Te Mana Matapono Matatapu NEW ZEALAND This version of the code applies from 2 8
More informationHealth Information Privacy Code 1994
Health Information Privacy Code 1994 Incorporating amendments Privacy Commissioner Te Mana Matapono Matatapu New Zealand The Code of Practice comprises clauses 1-7 and rules 1-12. To assist with the use
More informationAIA Australia Limited
AIA Australia Limited Privacy policies & procedures May 2010 The Power of We AIA.COM.AU AIA Australia Limited Privacy policies & procedures Contents Purpose 3 Policy 3 National Privacy Principles Policy
More informationPRIVACY ACT 1993 SECTION ONE INTRODUCTION...3
PRIVACY ACT 1993 SECTION ONE INTRODUCTION...3 1. THE PRIVACY ACT AND THESE GUIDELINES...3 2. KEY ASPECTS OF THE PRIVACY ACT...4 PART II Information privacy principles...4 PART IV Good reasons for refusing
More informationHealth Information Privacy Code 1994
Health Information Privacy Code 1994 Incorporating Amendments No 2, No 3, No 4, No 5, No 6, No 7 and No 8 Privacy Commissioner Te Mana Matapono Matatapu NEW ZEALAND This version of the code applies from
More informationPrivacy Policy. Cabcharge will only collect personal information which is necessary for the operation of its business.
Privacy Policy Cabcharge Australia Limited ( Cabcharge ) is subject to the Australian Privacy Principles pursuant to the Privacy Act 1988 as amended by the Privacy Amendment (Enhancing Privacy Protection)
More informationPolicies and Procedures
Policies and Procedures QMS3: POL5 Privacy Policy Policy Details Responsible area General Endorsed by CEO Date 22 November 2017 Review date 22 November 2018 Policy Statement At Linx Institute, we are committed
More informationPRIVACY Policy. 1. Policy Statement. 2. Purpose. 3. Policy
1. Statement Irabina Autism Services (hereafter referred to as Irabina) is required to comply with the Australian Privacy Principles (APP) in the Privacy Act 1988 (Cth) and the Health Privacy Principles
More informationPRIVACY MANAGEMENT PLAN
PRIVACY MANAGEMENT PLAN September 2015 Contents 1. Introduction... 3 1.2 Purpose... 3 1.3 Scope... 3 1.3 Section 41 Directions... 3 1.4 Complaints... 4 2. Definitions... 4 2.1 Personal Information... 4
More informationPRIVACY POLICY DOT DM Corporation Commonwealth of Dominica cctld (.dm)
PRIVACY POLICY DOT DM Corporation Commonwealth of Dominica cctld (.dm) Modified: 08 May 2018 V1.2 1. 1.1 OBJECTIVES: The objectives of this Privacy Policy are: (1) To disclose to the Registrant, and in
More informationPRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.
Page 1 of 10 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way. MEGT will fulfil its obligations under the Privacy Amendment (Enhancing
More informationPROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013
PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013 [ASSENTED TO 19 NOVEMBER, 2013] [DATE OF COMMENCEMENT TO BE PROCLAIMED] (Unless otherwise indicated) (The English text signed by the President) This
More informationData Protection Act 1998 Policy
Data Protection Act 1998 Policy Responsibility for Policy: Relevant to: University Secretary All Staff, Students and Academic Partnerships Approved by: SMT in September 2016 Responsibility for Document
More informationPrivacy in relation to VET Student Loans
Privacy in relation to VET Student Loans Purpose South Regional TAFE (SRT) recognises the importance that individuals place on the manner in which their personal information is managed and handled. Scope
More informationReleasing personal information to Police and law enforcement agencies: Guidance on health and safety and Maintenance of the law exceptions
Releasing personal information to Police and law enforcement agencies: Guidance on health and safety and Maintenance of the law exceptions October 2017 CONTENTS Purpose of this Guide... 3 Voluntary requests
More informationEuropean College of Business and Management Data Protection Policy
European College of Business and Management Data Protection Policy 1. INTRODUCTION 1.1 The European College of Business and Management (ECBM) is committed to full compliance with the Data Protection Act
More informationUniversity of Wollongong
University of Wollongong Privacy Management Plan September 2004 EXTERNAL USE Management_Plan September 2004 TABLE OF CONTENTS 1. INTRODUCTION...1 1.1 Definitions...1 1.2 Our Commitment to Privacy...1 2.
More informationSUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS
DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) [S.L.440.05 1 SUBSIDIARY LEGISLATION 440.05 DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS 30th September,
More informationAccess to Personal Information Procedure
Purpose of The sixth principle of the Data Protection Act 1998 gives rights to individuals in respect of the personal data that organisations hold about them. The Act says that: Personal data shall be
More informationthe general policy intent of the Privacy Bill and other background policy material;
Departmental Disclosure Statement Privacy Bill This departmental disclosure statement for the Privacy Bill seeks to bring together in one place a range of information to support and enhance the Parliamentary
More informationDATA PROTECTION POLICY STATUTORY
DATA PROTECTION POLICY MAIDEN ERLEGH TRUST STATUTORY INITIAL APPROVAL July 2017 REVIEW FREQUENCY At least every two years REVIEWED CONTENTS PART ONE: POLICY STATEMENT & OBJECTIVES PART TWO: STATUS OF THE
More informationThe Privacy Policy links to the following Objective contained within the City Plan
Privacy Policy Privacy Policy City Plan Reference The Privacy Policy links to the following Objective contained within the City Plan 2013-2017. Performance is about managing our resources wisely, providing
More informationQRME Australian Privacy Principles (APP) Policy
QRME Australian Privacy Principles (APP) Policy Contact Officer Approval Date 07/04/2014 Approval Authority Privacy Officer/Chief Executive Officer QRME CEO Date of Next Review 07/04/2015 Definitions Australian
More informationPrivacy Policy. This Privacy Policy sets out the Law Society's policies in relation to the management of Personal Information.
Privacy Policy Law Society of South Australia Privacy Policy The Law Society of South Australia (Law Society or we, us or our) deals with information privacy in accordance with the Privacy Act 1988 (Cth)
More informationThe Health Information Protection Act
1 The Health Information Protection Act being Chapter H-0.021* of the Statutes of Saskatchewan, 1999 (effective September 1, 2003, except for subsections 17(1), 18(2) and (4) and section 69) as amended
More informationBACKGROUND INFORMATION
Data Protection 1. BACKGROUND INFORMATION The law governing Data Protection is covered by the Data Protection Act 1998. It implements the EC Data Protection Directive (95/46/EC) in the UK. The Act came
More informationPublic Interest Disclosures Procedure
Public Interest Disclosures Procedure Version Approved by Approval date Effective date Next full review 2.4 Deputy Vice-Chancellor Academic 25 July 2017 15 August 2017 October 2015 Procedure Statement
More informationWhistleblowers Protection Act 1994
Queensland Whistleblowers Protection Act 1994 Reprinted as in force on 1 December 2009 Reprint No. 5D This reprint is prepared by the Office of the Queensland Parliamentary Counsel Warning This reprint
More informationStaff Data Protection Policy
Staff Data Protection Policy Version: 9.0 Approval Status: Approved Document Owner: Graham Feek Classification: External Review Date: 02/11/2016 Effective from: 1 July 2015 Table of Contents 1. The Data
More informationFederal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
More informationPrivacy Act of 1974: A Basic Overview. Purpose of the Act. Congress goals. ASAP Conference: Arlington, VA Monday, July 27, 2015, 9:30-10:45am
Privacy Act of 1974: A Basic Overview 1 ASAP Conference: Arlington, VA Monday, July 27, 2015, 9:30-10:45am Presented by: Jonathan Cantor, Deputy CPO, Dep t of Homeland Security (DHS) Alex Tang, Attorney,
More information2. Definitions Bullying: the persistent and ongoing ill treatment of a person that victimises, humiliates, undermines or threatens that person.
PL_AC_014: Student Conduct Policy Policy Category Academic Document Owner Chief Customer Officer Responsible Officer Director, Campus Life Review Date August 2019 Academic Integrity Policy Related Documents
More informationMANITOBA FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY RESOURCE MANUAL
Chapter 6 TABLE OF CONTENTS TABLE OF CONTENTS... 1 PROTECTION OF PRIVACY... 7 Overview... 7 Preliminary Privacy Considerations Necessary, Effective and Proportional... 11 The Ombudsman's three part test...
More informationInformation exempt from the subject access right (section 40(4) and
ICO lo Information exempt from the subject access right (section 40(4) and Freedom of Information Act Environmental Information Regulations Contents Introduction... 2 Overview... 3 What FOIA says... 4
More informationB I L L. No. 30 An Act to amend The Freedom of Information and Protection of Privacy Act
B I L L No. 30 An Act to amend The Freedom of Information and Protection of Privacy Act (Assented to ) HER MAJESTY, by and with the advice and consent of the Legislative Assembly of Saskatchewan, enacts
More informationPROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016
1.0 Summary of Changes 1.1 This procedure/sop has had an additional paragraph added at 3.8.6 relating to data processing of information by direct access to Athena. 2.0 What this Procedure/SOP is About
More informationData Protection Policy
Data Protection Policy St Barnabas & St Philip s Church of England Primary School P:\Policies and Documents\Data Protection Policy.docx 1 Responsibility: Contents: It is the responsibility of the Governors
More informationBJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures
BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures Version History and Document Approval Version History: Version Date Author Reason 1.0 31 st December 2017 Barry Wilson Document
More informationDATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6
DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 2 DATA PROTECTION (JERSEY) LAW 2005: CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV PART 1: CODE OF PRACTICE Introduction
More informationLAW ENFORCEMENT ASSISTANCE VODAFONE GLOBAL POLICY STANDARD
LAW ENFORCEMENT ASSISTANCE VODAFONE GLOBAL POLICY STANDARD Objective/Risk Create the governance and safeguards necessary to ensure we appropriately balance respect for our customers right to privacy and
More informationFREEDOM OF INFORMATION
INTRODUCTION Freedom of information legislation, also described as open records or sunshine laws, are laws which set rules on access to information or records held by government bodies. In general, such
More informationHealth Records and Information Privacy Act 2002 No 71
New South Wales Health Records and Information Privacy Act 2002 No 71 Contents Page Part 1 Part 2 Preliminary 1 Name of Act 2 2 Commencement 2 3 Purpose and objects of Act 2 4 Definitions 2 5 Definition
More informationBILL NO. 42. Health Information Act
HOUSE USE ONLY CHAIR: WITH / WITHOUT 4th SESSION, 64th GENERAL ASSEMBLY Province of Prince Edward Island 63 ELIZABETH II, 2014 BILL NO. 42 Health Information Act Honourable Doug W. Currie Minister of Health
More informationGuidance on Telecommunications Directories Information Covering the Fair Processing of Personal Data
Information Covering the Fair Processing of Personal Data Published: April 2015 Brunel House, Old Street, St.Helier, Jersey, JE2 3RG Tel: (+44) 1534 716530 Email: enquiries@dataci.org Guidance on Telecommunications
More informationNumber 5 of Vehicle Registration Data (Automated Searching and Exchange) Act 2018
Number 5 of 2018 Vehicle Registration Data Number 5 of 2018 VEHICLE REGISTRATION DATA (AUTOMATED SEARCHING AND EXCHANGE) ACT 2018 Section 1. Interpretation CONTENTS 2. National contact point in State
More informationA Basic Overview of The Privacy Act of 1974
A Basic Overview of The Privacy Act of 1974 Denver, CO June 17, 2015 Presented by: Michael E. Reheuser Department of Defense What are today s goals? Gain a basic understanding of: The Privacy Act Compliance
More informationGENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE
GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE 2008 CONTENTS 1. INTRODUCTION Purpose of this document 1-6 2. KEY LEGISLATION AND GUIDANCE
More informationCODE OF CONDUCT FOR EMPLOYEES
CODE OF CONDUCT FOR EMPLOYEES 2 April 2018 non-legislative PURPOSE All City of Adelaide (CoA) employees must comply with the provisions of this Code in carrying out their functions as public officials.
More informationCharities & Not-for-Profits Overview of Data Protection Law
Charities & Not-for-Profits Overview of Data Protection Law The Data Protection Law provides a framework for the processing of data relating to individuals that serves to balance the needs of organisations
More informationELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, ACT NO. 25 OF 2002 [ASSENTED TO 31 JULY 2002] [DATE OF COMMENCEMENT: 30 AUGUST 2002]
REVISION No.: 0 Page 1 of 17 ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT, ACT NO. 25 OF 2002 [ASSENTED TO 31 JULY 2002] [DATE OF COMMENCEMENT: 30 AUGUST 2002] To provide for the facilitation and regulation
More informationDISCIPLINARY PROCEDURE FOR TEACHING STAFF AT LOCALLY MANAGED SCHOOLS
LONDON BOROUGH OF BARKING AND DAGENHAM DEPARTMENT OF EDUCATION, ARTS AND LIBRARIES DISCIPLINARY PROCEDURE FOR TEACHING STAFF AT LOCALLY MANAGED SCHOOLS Department of Education, Arts and Libraries Town
More informationNorth Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998
North Yorkshire County Council Subject Access Request Guidance and Procedure Data Protection Act 1998 The Data Protection Act 1998 (the Act), section 7 (1) gives individuals certain rights with regards
More informationPurpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2
Document Information Summary Partners ISA Ref: As Part 1 An agreement to formalise the information sharing arrangements for the purpose of specific Information sharing pursuant to Crime and Disorder reduction
More informationRFx Process Terms and Conditions (Conditions of Tendering)
RFx Process Terms and Conditions (Conditions of Tendering) 1 Interpretation These RFx Process Terms and Conditions are the process terms and conditions apply to school property related RFx (including Contract
More informationData Protection. Policy & Procedure. Greater Manchester Police
Data Protection Policy & Procedure Greater Manchester Police October 2014 Table of Contents 1. Policy Statement... 1 1.1 Aims... 1 2. Scope... 1 3. Roles & Responsibilities... 2 4. Terms and Definitions...
More informationPrivacy Act; System of Records: Legal Case Management Records, State- to amend an existing system of records, Legal Case Management Records,
This document is scheduled to be published in the Federal Register on 06/22/2016 and available online at http://federalregister.gov/a/2016-14828, and on FDsys.gov Billing Code: 4710-08 DEPARTMENT OF STATE
More informationINFORMATION SHARING AGREEMENT BETWEEN THE MINISTRY OF JUSTICE AND THE CROWN LAW OFFICE JULY 2017
INFORMATION SHARING AGREEMENT BETWEEN THE MINISTRY OF JUSTICE AND THE CROWN LAW OFFICE JULY 2017 2 This Information Sharing Agreement is made under Part 9A of the Privacy Act 1993, to authorise the sharing
More informationMEEKER COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT
MEEKER COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT Adopted by the Meeker County Board of Commissioners November 2010 Implemented: November 2010 MINNESOTA GOVERNMENT DATA
More information- and - OPINION. Reasons
IN THE MATTER OF THE DATA PROTECTION ACT 1998 AND IN THE MATTER OF A PROPOSED CONTRACT B E T W E E N: Cambridge Analytica Inc - and - Claimant United Kingdom Independence Party Defendant OPINION 1. We
More informationInvestigatory Powers Bill
Investigatory Powers Bill [AS AMENDED ON REPORT] CONTENTS PART 1 GENERAL PRIVACY PROTECTIONS Overview and general privacy duties 1 Overview of Act 2 General duties in relation to privacy Prohibitions against
More informationA guide to the new privacy landscape for the Commonwealth Government
A guide to the new privacy landscape for the Commonwealth Government Contents compliance: it s time to get ready compliance: it s time to get ready 3 Overview of the Australian Principles 4 The other requirements
More informationWASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT
General Administration Policy #1300 - Manual WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT Manual #1300 Adopted by the Washington County Board of Commissioners
More informationData Protection Act 1998
Data Protection Act 1998 1998 CHAPTER 29 ARRANGEMENT OF SECTIONS Part I Preliminary 1. Basic interpretative provisions. 2. Sensitive personal data. 3. The special purposes. 4. The data protection principles.
More informationMaking official information requests
Making official information requests A guide for requesters If you are seeking information from a Minister, or central or local government agency, you may be able to ask for it under either the Official
More information.nz REGISTRAR AUTHORISATION AGREEMENT
.nz REGISTRAR AUTHORISATION AGREEMENT V5.0, 22 July 2012 BETWEEN: TRADING AS AND: TRADING AS Domain Name Commission Limited Domain Name Commission [full name of Registrar s legal entity] Background The
More informationTHE PRIVACY ACT OF 1974 (As Amended) Public Law , as codified at 5 U.S.C. 552a
THE PRIVACY ACT OF 1974 (As Amended) Public Law 93-579, as codified at 5 U.S.C. 552a Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, that
More informationGreat Leighs Primary School. Data Protection and Freedom of Information Policy. Adopted: April Review Date: April 2018.
Great Leighs Primary School Data Protection and Freedom of Information Policy Adopted: April 2015 Review Date: April 2018 Contents 1. Introduction... 1 2. Purpose... 1 3. What is Personal Information?...
More informationData Protection Policy. Revisions and Editions Log
Data Protection Policy Revisions and Editions Log Data Protection Policy adopted February 2015 Review Resources Comm February 2016 Reviewed Feb 2017 FGB Next review Feb 2018 School Data Protection Policy
More informationCURTIN UNIVERSITY OF TECHNOLOGY ACT 1966
CURTIN UNIVERSITY OF TECHNOLOGY ACT 1966 STATUTE NO. 10 STUDENT DISCIPLINE CONTENTS 1. Citation... 1 2. Commencement... 1 3. Purpose... 1 4. Interpretation... 1 5. General principles... 4 6. Penalties
More informationData Protection Policy
Complaints Procedure If anyone in the school community feels that this policy is not being followed then they should raise the matter first with the Headteacher and, if concerns persists, with the Chair
More informationDATA SHARING AND PROCESSING
DATA SHARING AND PROCESSING Capita Business Services Limited March 2016 Version 1.3 TABLE OF CONTENTS: Item Heading Page 1 Data Processing Agreement 2 2 Data Protection Act 1998 2 3 Data Protection Act
More informationResponding to Information Requests
Policy Procedure: 1007 Responding to Information Requests Process Owner: Activity: Compliance and Policy Manager This procedure outlines the process and considerations that must be met in responding to
More informationGovernment Information (Public Access) Act 2009
Government Information (Public Access) Act 2009 Does not include amendments by: Sec 132 (5) of this Act (not commenced) Note: Amending provisions are subject to automatic repeal pursuant to sec 30C of
More informationPort Glasgow St Andrew s Data Protection Policy
Port Glasgow St Andrew s Data Protection Policy CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data should be processed 7. Privacy
More informationINVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE
INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC CODE OF PRACTICE Preliminary draft code: This document is circulated by the Home Office in advance of enactment of the RIP Bill as an indication
More informationManual on the Communications (Retention of Data) Act 2011
Manual on the Communications (Retention of Data) Act 2011 Document last updated July 2017 Table of Contents 1. Introduction...3 2. Disclosure Requests: General...4 4. Request Form...5 5. Oversight...8
More informationEUROPEAN UNION. Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COPEN 200 TELECOM 151 CODEC 1206 OC 981
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COP 200 TELECOM 151 CODEC 1206 OC 981 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: DIRECTIVE
More informationMannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy
Mannofield Parish Church Registered Scottish Charity No: SC 001680 (the Congregation ) Data Protection Policy December 2018 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special
More informationstandards for appropriate ethical, responsible and professional behaviours
Code of conduct 1. Policy statement A code of conduct is a central guide to support day to day decision making. It clarifies an organisation s mission, values and principles and sets out the minimum standards
More informationData Protection Policy
Data Protection Policy Durrington High School as part of the Durrington Multi Academy Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact
More informationData Protection Policy
Data Protection Policy Perth: Craigie and Moncreiffe CHARITY NO. SC001330 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data
More informationSaskatoon Zoo Foundation Inc. Ticket Purchase Policies, Donation Policies and Privacy Policies
Saskatoon Zoo Foundation Inc. Ticket Purchase Policies, Donation Policies and Privacy Policies A / Ticket Purchase Policies 1.Ticket Availability All orders are subject to ticket availability. We will
More informationChildren and Young Persons (Care and Protection) Act 1998 No 157
New South Wales Children and Young Persons (Care and Protection) Act 1998 No 157 Status information Currency of version Current version for 10 May 2011 to date (generated 29 June 2011 at 15:21). Legislation
More informationA Guide to Ontario Legislation Covering the Release of Students
A Guide to Ontario Legislation Covering the Release of Students Personal Information Revised: June 2011 Ann Cavoukian, Ph.D. Information and Privacy Commissioner, Ontario, Canada Commissioner, Ontario,
More informationACCESSING GOVERNMENT INFORMATION IN. British Columbia
ACCESSING GOVERNMENT INFORMATION IN British Columbia RESOURCES Freedom of Information and Protection of Privacy Act (FOIPPA) http://www.oipcbc.org/legislation/foi-act%20(2004).pdf British Columbia Information
More informationDATA PROTECTION AND FREEDOM OF INFORMATION POLICY
DATA PROTECTION AND FREEDOM OF INFORMATION POLICY Version 1.0 Date 11/11/2016 Approved by Board of Directors 09/02/2017 Version Date Description Revision author 1.0 11/11/2016 Trust Version Created FMW
More informationData Protection Policy
Data Protection Policy Policy & Procedure Number: 73 Date of Board of Trustees Review: Summer 2017 Next Review Due: Summer 2019 Trust Link: Mr I Kirkham Revision Number: v1 A Commitment to Excellence 1
More informationCCTV, videos and photos in health, aged care and retirement living and disability facilities your rights and obligations
CCTV, videos and photos in health, aged care and retirement living and disability facilities your rights and obligations Presented by: Alison Choy Flannigan Partner (02) 9390 8338 alison.choyflannigan@holmanwebb.com.au
More informationSaturday, 7 November 15
CSCU9Q5 Data Protection and Freedom of Information Acts 1 The Data Protection Legislation As an individual you should know about your rights with respect to data held about you As an information professional
More informationProper Handling of Data Correction Request by Data Users 1
Guidance Note Proper Handling of Data Correction Request by Data Users Introduction Under the Personal Data (Privacy) Ordinance (Chapter 486) (the Ordinance ), a data user is required to ensure that the
More informationTHE PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT
THE PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT Provision PART 1 PURPOSE AND DEFINITIONS Purpose of this Act 1 The purpose of this Act is (a) to facilitate the disclosure and investigation
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 11580/03/EN WP 82 Opinion 6/2003 on the level of protection of personal data in the Isle of Man Adopted on 21 November 2003 This Working Party was set up under
More informationOfficials and Select Committees Guidelines
Officials and Select Committees Guidelines State Services Commission, Wellington August 2007 ISBN 978-0-478-30317-9 Contents Executive Summary 3 Introduction: The Role of Select Committees 4 Application
More informationQueensland FREEDOM OF INFORMATION ACT 1992
Queensland FREEDOM OF INFORMATION ACT 1992 Act No. 42 of 1992 Queensland FREEDOM OF INFORMATION ACT 1992 Section TABLE OF PROVISIONS PART 1 PRELIMINARY Division 1 Introductory Page 1 Short title.....................................................
More informationCSCU9Q5. Data Protection and Freedom of Information Acts
CSCU9Q5 Data Protection and Freedom of Information Acts 1 The Data Protection Legislation As an individual you should know about your rights with respect to data held about you As an information professional
More informationFINANCIAL SERVICES AUTHORITY ACT, (Act 19 of 2013) ARRANGEMENT OF SECTIONS PART I - PRELIMINARY PART II - THE FINANCIAL SERVICES AUTHORITY
[6th January 2014] Supplement to Official Gazette 559 FINANCIAL SERVICES AUTHORITY ACT, 2013 SECTIONS 1. Short title and Commencement 2. Interpretation (Act 19 of 2013) ARRANGEMENT OF SECTIONS PART I -
More informationPROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY
PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Object of this Law. 2. Application. 3. Extent. 4. Exception for personal, family
More informationNATIONAL VETTING BUREAU BILL 2011 PRESENTED BY THE MINISTER FOR JUSTICE, EQUALITY AND DEFENCE
27 July 2011 DRAFT HEADS NATIONAL VETTING BUREAU BILL 2011 PRESENTED BY THE MINISTER FOR JUSTICE, EQUALITY AND DEFENCE ARRANGEMENT OF SECTIONS PART 1 1. Short title and commencement. 2. Interpretation.
More informationWhistleblowing & Serious Misconduct Policy
King s Norton Boys School Whistleblowing & Serious Misconduct Policy We recognise that children cannot be expected to raise concerns in an environment where staff fail to do so. All staff should be aware
More information2.16 Freedom of Information and Protection of Privacy Act
POLICY AND PROCEDURE MANUAL Policy Title: Policy Section: Effective Date: Supersedes: FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT ADMINISTRATION 2016 02 18 2014 09 02 Area of Responsibility: VICE
More information