Access to Personal Information Procedure
|
|
- Bruce Park
- 6 years ago
- Views:
Transcription
1 Purpose of The sixth principle of the Data Protection Act 1998 gives rights to individuals in respect of the personal data that organisations hold about them. The Act says that: Personal data shall be processed in accordance with the rights of the data subject under this act. The purpose of this procedure is to provide guidance to staff on how to manage any requests in relation to these rights in line with the Data Protection Act, and company policy. For the purpose of clarity, these rights include: A right of access to a copy of the information held in their personal data commonly known as a Subject Access Request A right to object to any data processing that is likely to cause or is causing damage or distress A right to prevent data processing for direct marketing A right to object to decisions being taken by automated means A right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed, and A right to claim compensation for damages caused by a breach of the Act. NB. Key definitions of terms used within this procedure are provided in Appendix 1. Action Points Subject Access Requests Under Section 7 of the Data Protection Act, a Data Subject 1 can make a written request (includes ) to see a copy of the information Great Places as a data controller holds about them. A request must be made directly by the Data Subject unless there is clear evidence that a third party (i.e. an advocate or legal representative) is acting on behalf of that individual. Steps must be taken to verify that the request has come directly from the Data Subject as outlined in the Information Security before a response to the Subject Access Request is provided. This may include asking the requestor to provide proof of their identity. Under the Terms of the Data Protection Act, Great Places charge a 10 fee to cover the administrative costs of producing a Subject Access request, and this fee must be paid in full before the data is provided to the Data Subject. This fee may be waived in certain circumstances at the discretion of the Data Management Advisory Group. 1 For point of reference, a Data Subject includes anyone receiving a service from Great Places including (but not exclusively) tenants and residents, floating support clients, employees, and applicants for employment. Version date: January
2 After receipt of the request, we have 40 calendar days to supply a permanent copy of the information to the data subject in a form agreed with the individual. All Subject Access Requests should be directed to the Head of Business Assurance who will oversee the process and liaise with appropriate teams and 3 rd parties. Individuals are only entitled to their own personal data, and Great Places have a duty to protect the personal data of any other individuals who may be referred to within documents, etc. We will endeavour to provide as much information as possible by making use of redaction. Our contractors may hold personal information about our customers via their role as a data processor. In the course of compiling information for a Subject Access Request, we should contact any data processors who may hold data about the individual. Such data processors may include repairs contractors, out of hours call handlers, etc. When compiling a Subject Access Request, the data controller must take into account any exemptions that mean certain types of data do not have to be supplied to the data subject. Examples of exemption include, but are not exclusive to: Personal data processed for crime and taxation purposes including: o The prevention of detection of crime o The capture or prosecution of offenders o The assessment or collection of tax or duty Legal advice and proceedings Confidential references given in connection with education, training or employment Personal data processed for management forecasting or management planning Data consisting of our intentions in negotiating with an individual re: compensation, etc. Personal data relating to an individuals physical or mental health if granting access would be likely to cause serious harm to the individual or someone else Under section 42 of the Data Protection Act, individuals have the right to make a complaint to the Information Commissioners Office (ICO) if: We do not respond to a request satisfactorily within the 40 day time limit We are holding personal data unfairly for a different reason to that which it was originally collected for, or without appropriate security We are holding data that is inadequate, inaccurate or for longer than is necessary We fail to disclose information to the data subject outside of an accepted exemption Requests to share information with 3 rd parties Requests to share personal information can come from a variety of sources but most commonly come from the police, local authority departments, other housing providers and support agencies. We may also use the legitimate interest clause within the Data Protection Act in the following circumstances: To disclose a tenant s information to debt collection agencies if Great Places as the landlord are owed monies To pass tenant details to a utility company if the tenant has left the property with an unpaid debt on their account Version date: January
3 Where a request is made with the data subjects permission, staff should provide the information required whilst taking care not to breach the data rights of any 3 rd parties, and taking into account the exemptions within the Act. When a request is made to share data without the data subjects consent, staff should always consider whether there is a justifiable reason to share the data. If staff receive any queries that they are unsure about, they should contact the Data Management Advice Group who will consider the request. Where a request is made outside of office hours (8am 6pm) the individual dealing with the request should take a common sense approach to sharing the required information particularly in the case of a serious police or safeguarding incident and seek retrospective permission from the Data Management Advice Group at the earliest opportunity. Any decisions to share, or withhold, information should be recorded on the Data Protection Incident Log to enable us to defend any decisions accurately if the need arises. Requests for information about other individuals or general information The Data Protection Act does not grant individuals access to information about other people, or to general information about the company, our decision making processes, financial status, etc. Any requests of this nature should be directed to the Head of Business Assurance who will provide the required response. Data Breaches A data breach can occur where any of the 8 principles of the Data Protection Act are not complied with. The Information Commissioners Office can fine organisations for breaching the Act, and many of the fines to date have been in relation to breaches of the 7 th principle keeping personal information secure. With this in mind, staff must appreciate the importance of protecting the data we hold and ensuring its security at all times. Great Places has information security procedures in place to minimise the risk of data breaches. If a member of staff thinks that a data breach has occurred either directly or by a colleague or partner organisation they must notify the Data Management Advice Group within 1 working day to enable a thorough investigation to be carried out and a decision made on whether the breach is reportable to the Information Commissioners Office (based on its severity). All near misses should also be reported to ensure that appropriate preventative or corrective action can be taken to minimise any future risk. Staff should note that a data breach, or a near miss, may lead to action under the company Disciplinary Policy if the investigation indicates that the individual acted with malice or in direct contravention of information security procedures. Version date: January
4 Freedom of Information Requests Great Places Housing Group are not currently classified as a public body under the terms of the Freedom of Information Act 2000 and, as such, are not required to comply with any direct requests under this legislation. However, our local authority partners are covered by the Act and any information we have shared with them, i.e. s, joint working documents, etc. by be subject to disclosure. Any requests relating to the Freedom of Information Act should be directed to the Head of Business Assurance who will respond appropriately. Responsibilities All Great Places employees and partners have a responsibility to act in accordance with the Data Protection Act 1998, however, the following roles have a direct responsibility: Director of Business Intelligence named Data Controller with the Information Commissioners Office Head of Business Assurance delegated responsibility for compliance with the Act Members of Data Management Advice Group nominated points of contact for staff advice Links to Related Strategies, Policies, s and Forms Data Protection Policy Privacy Policy Information Security Version date: January
5 Appendix 1 Key Definitions Term Data Personal Data Sensitive Personal Data Data Processing Data Processor Data Subject Data Controller Definition Information which: a) Is being processed by means of equipment operating automatically in response to instructions given for that purpose b) Is recorded with the intention that it should be processed by means of such equipment c) Is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system d) Does not fall within points a-c above, but forms part of an accessible record e) Is recorded information held by a public authority and does not fall within points a-d above. Data which relates to a living individual who can be identified: a) From that data b) From that data and other information which is in the possession of, or is likely to come into the possession of, the data controller And includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Personal data consisting of information as to: a) The racial or ethnic origin of the data subject b) Their political opinions c) Their religious beliefs or other beliefs of a similar nature d) Whether they are a member of a trade union e) Their physical or mental health or condition f) Their sexual life g) The commission or alleged commission by them of any offence h) Any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or sentencing Obtaining, recording or holding information or data or carrying out any operation of set of operations on the data including: a) Organisation, adaptation or alteration of the information or data b) Retrieval, consultation or use of the information or data c) Disclosure of the information od data by transmission, dissemination or otherwise making available, or d) Alignment, combination, blocking, erasure or destruction of the information or data Any person (other than an employee of the data controller) who processes the data on behalf of the data controller An individual who is the subject of personal data A person who (either alone or jointly or in common with other persons) determined the purposes for which, and the manner in which, any personal data is to be processed Version date: January
6 Equality Impact Assessment Is this a key strategic document, major policy or procedure or service change? Examples may include: Homeless Strategy/ Customer Involvement Strategy YES NO What impact will your document or service delivery change have on the public or staff, giving particular regard to potential impacts on minority groups? Issues to consider include race, disability, gender, sexual orientation, religion, age, carers and other socio-economic factors Please explain your answer: Provide a narrative explaining why you gave the impact rating above. HIGH MEDIUM LOW DON T KNOW Approval Date: 5th January 2017 Equality Impact Assessment Date: January 2017 Safeguarding impact: Review Date: Lead Team: Level of Authorisation Required: Not applicable By 30th April 2018 prior to introduction of GDPR Business Assurance Service Delivery Leadership Team Version date: January
Data Protection Act 1998 Policy
Data Protection Act 1998 Policy Responsibility for Policy: Relevant to: University Secretary All Staff, Students and Academic Partnerships Approved by: SMT in September 2016 Responsibility for Document
More informationData Protection Act 1998
Data Protection Act 1998 1998 CHAPTER 29 ARRANGEMENT OF SECTIONS Part I Preliminary 1. Basic interpretative provisions. 2. Sensitive personal data. 3. The special purposes. 4. The data protection principles.
More informationSchools Subject Access Request Procedures
Schools Subject Access Request Procedures Policy reviewed by Academy Transformation Trust on June 2018 This policy links to: Located: Data Protection Policy Freedom of Information Policy Review Date May
More informationEuropean College of Business and Management Data Protection Policy
European College of Business and Management Data Protection Policy 1. INTRODUCTION 1.1 The European College of Business and Management (ECBM) is committed to full compliance with the Data Protection Act
More informationConsolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE
PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE This consolidated version of the enactment incorporates all amendments listed in the footnote below.
More informationPROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016
1.0 Summary of Changes 1.1 This procedure/sop has had an additional paragraph added at 3.8.6 relating to data processing of information by direct access to Athena. 2.0 What this Procedure/SOP is About
More informationDATA PROTECTION (JERSEY) LAW 2005
DATA PROTECTION (JERSEY) LAW 2005 Revised Edition Showing the law as at 1 January 2017 This is a revised edition of the law Data Protection (Jersey) Law 2005 Arrangement DATA PROTECTION (JERSEY) LAW 2005
More informationData Protection Bill [HL]
[AS AMENDED IN COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE AND DEFINITIONS 3 Processing to which this
More informationConsolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE
PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE This consolidated version of the enactment incorporates all amendments listed in the footnote below.
More informationData Protection Bill [HL]
[AS AMENDED IN PUBLIC BILL COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Protection of personal data 3 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE
More informationCharities & Not-for-Profits Overview of Data Protection Law
Charities & Not-for-Profits Overview of Data Protection Law The Data Protection Law provides a framework for the processing of data relating to individuals that serves to balance the needs of organisations
More informationGENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE
GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE 2008 CONTENTS 1. INTRODUCTION Purpose of this document 1-6 2. KEY LEGISLATION AND GUIDANCE
More informationMannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy
Mannofield Parish Church Registered Scottish Charity No: SC 001680 (the Congregation ) Data Protection Policy December 2018 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special
More informationData protection. Guide to the Law Enforcement Provisions
Data protection Guide to the Law Enforcement Provisions Introduction What is it? Who does Part 3 of the DP Bill apply to? How can we comply? 3 4 6 9 07 December 2017-1.0.6 2 Introduction The Guide to the
More informationPort Glasgow St Andrew s Data Protection Policy
Port Glasgow St Andrew s Data Protection Policy CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data should be processed 7. Privacy
More informationData Protection Policy
Data Protection Policy Perth: Craigie and Moncreiffe CHARITY NO. SC001330 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data
More informationDATA PROTECTION POLICY STATUTORY
DATA PROTECTION POLICY MAIDEN ERLEGH TRUST STATUTORY INITIAL APPROVAL July 2017 REVIEW FREQUENCY At least every two years REVIEWED CONTENTS PART ONE: POLICY STATEMENT & OBJECTIVES PART TWO: STATUS OF THE
More informationIndividual Rights (Data Privacy) Policy
October 2017 Please see the cover sheet to the Information Policies on the Staff Intranet and Board Intelligence. Individual Rights (Data Privacy) Policy 1. Introduction 1.1 UK data protection law gives
More informationGeneral Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...
DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 General Rules on the Processing of Personal Data... 1 Rights of Data Subjects... 6 Notifications to the Registrar... 7 The Registrar...
More informationTHE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS
THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS Short title. 1. This Law may be cited as the Processing of Personal Data (Protection of Individuals)
More informationPROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY
PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Object of this Law. 2. Application. 3. Extent. 4. Exception for personal, family
More informationEuropean Data Protection Supervisor Your personal information and the EU administration: What are your rights?
European Data Protection Supervisor Your personal information and the EU administration: What are your rights? EDPS factsheet 1 Everyday, personal information - also known as personal data - is processed
More informationCCTV Code of Practice
CCTV Code of Practice Belfast Trust CCTV Code of Practice Introduction Closed Circuit Television (CCTV) systems are in place across the Belfast trust. These systems comprise of cameras installed at strategic
More informationTerms and Conditions GDPR Ready Data
Terms and Conditions GDPR Ready Data 1. DEFINITIONS (1) Corpdata means Corpdata Limited, registered in England and Wales No. 02690712. (2) controller means the natural or legal person, public authority,
More informationDATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6
DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 2 DATA PROTECTION (JERSEY) LAW 2005: CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV PART 1: CODE OF PRACTICE Introduction
More informationSUBJECT ACCESS REQUEST
DATA PROTECTION ACT 1998 SUBJECT ACCESS REQUEST Procedure Manual Page 1 of 22 Invest NI 1. Introduction 1.1 What is a Subject Access Request? 1.2 Routine Requests 1.3 What is an individual entitled to?
More informationIntroduction. The highly anticipated text of the Irish Data Protection Bill 2018 has been published.
Key points of the recently published Data Protection Bill February 2018 00 Introduction The highly anticipated text of the Irish Data Protection Bill 2018 has been published. The Bill supplements and gives
More informationSCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16
DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 Part 1 General Rules on the Processing of Personal Data... 1 Part 2 Rights of Data Subjects... 7 Part 3 Notifications to the Registrar...
More informationTelekom Austria Group Standard Data Processing Agreement
Telekom Austria Group Standard Data Processing Agreement This Agreement is entered into by and between: I. [TAG Company NAME], a company duly established and existing under the laws of [COUNTRY] with its
More information- and - OPINION. Reasons
IN THE MATTER OF THE DATA PROTECTION ACT 1998 AND IN THE MATTER OF A PROPOSED CONTRACT B E T W E E N: Cambridge Analytica Inc - and - Claimant United Kingdom Independence Party Defendant OPINION 1. We
More informationLaw Enforcement processing (Part 3 of the DPA 2018)
Law Enforcement processing (Part 3 of the DPA 2018) Introduction This part of the Act transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK law. The Directive
More informationThe Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight
The Rental Exchange Contribution Agreement for Rental Exchange Database A world of insight Contribution Agreement for Rental Exchange Database. Contribution Agreement for Rental Exchange Database. This
More informationSUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS
DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) [S.L.440.05 1 SUBSIDIARY LEGISLATION 440.05 DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS 30th September,
More informationOTrack Data Processing Terms
BACKGROUND These Personal Data Processing Terms (the Agreement ) are entered into between Optimum Records Limited ( Optimum ) and the school using the services provided by Optimum (the School ) whose details
More informationPrivacy. Purpose. Scope. Policy. Appendix A
Privacy NZQA Quality Management System Policy Appendix A Purpose To ensure NZQA and personnel meet the legal obligations under the Privacy Act 1993 and in relation to its functions under section 246A of
More informationA Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner
A Legal Overview of the Data Protection Act 2017 By: Mrs D. Madhub Data Protection Commissioner 06.02.2018 Overview The Data Protection Act 2017 Aim of the Act Major changes brought in the new Act Key
More informationBACKGROUND INFORMATION
Data Protection 1. BACKGROUND INFORMATION The law governing Data Protection is covered by the Data Protection Act 1998. It implements the EC Data Protection Directive (95/46/EC) in the UK. The Act came
More informationData Protection. Guidance for Schools
Data Protection Guidance for Schools Please Note: This booklet is intended to act as a general guide for school staff to follow when dealing with personal information during their daily work. It is not
More informationInformation exempt from the subject access right (section 40(4) and
ICO lo Information exempt from the subject access right (section 40(4) and Freedom of Information Act Environmental Information Regulations Contents Introduction... 2 Overview... 3 What FOIA says... 4
More informationSubject Access and Other Information Rights: Information Governance ( IG ) Policy
Subject Access and Other Information Rights: Information Governance ( IG ) Policy FINAL 1.0 July 2017 SUMMARY This Policy: Ensures that all managers and staff are aware of and comply with the Trust s statutory
More informationDIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995
DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
More informationGeneral Data Protection Regulation
General Data Protection Regulation Bar Council Guide for Barristers and Chambers Purpose: Scope of application: Issued by: To assist barristers and sets of chambers in their compliance with the GDPR All
More informationStaff Data Protection Policy
Staff Data Protection Policy Version: 9.0 Approval Status: Approved Document Owner: Graham Feek Classification: External Review Date: 02/11/2016 Effective from: 1 July 2015 Table of Contents 1. The Data
More informationFreedom of Information Act 2000 (Section 50) Decision Notice
Freedom of Information Act 2000 (Section 50) Decision Notice Date: 9 December 2010 Public Authority: Middlesbrough Council Address: PO Box 99 Town Hall Middlesbrough TS1 2QQ Summary The complainant requested
More informationDATA SHARING AND PROCESSING
DATA SHARING AND PROCESSING Capita Business Services Limited March 2016 Version 1.3 TABLE OF CONTENTS: Item Heading Page 1 Data Processing Agreement 2 2 Data Protection Act 1998 2 3 Data Protection Act
More informationAnnex - Summary of GDPR derogations in the Data Protection Bill
Annex - Summary of GDPR derogations in the Data Protection Bill The majority of the provisions in the General Data Protection Regulation (GDPR) will automatically become UK law on 25 May 2018. However,
More informationPurpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2
Document Information Summary Partners ISA Ref: As Part 1 An agreement to formalise the information sharing arrangements for the purpose of specific Information sharing pursuant to Crime and Disorder reduction
More informationto the Government Gazette of Mauritius No. 14 of 14 February 2009
LEGAL Government SUPPLEMENT Notices 2009 45 45 to the Government Gazette of Mauritius No. 14 of 14 February 2009 Government Notice No. 22 of 2009 THE DATA PROTECTION ACT Regulations made by the Prime Minister
More informationThe position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales).
DECLARATION FORM A Guidance for applicants The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales). When South Central Ambulance Service
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 11580/03/EN WP 82 Opinion 6/2003 on the level of protection of personal data in the Isle of Man Adopted on 21 November 2003 This Working Party was set up under
More informationthe Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States
Agreement between the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States on the Transfer of Certain Personal Data The Public
More informationPublished in terms of Section 51of the Promotion of Access to Information Act, 2 of 2000
INFORMATION Published in terms of Section 51of the Promotion of Access to Information Act, 2 of 2000 Table of Contents 1 INTRODUCTION... 2 2 DEFINITIONS... 3 3 AVAILABILITY OF THIS... 6 4 RECORDS HELD
More informationFederal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
More informationData Protection Policy
Data Protection Policy Durrington High School as part of the Durrington Multi Academy Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact
More informationNorth Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998
North Yorkshire County Council Subject Access Request Guidance and Procedure Data Protection Act 1998 The Data Protection Act 1998 (the Act), section 7 (1) gives individuals certain rights with regards
More informationPROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013
PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013 [ASSENTED TO 19 NOVEMBER, 2013] [DATE OF COMMENCEMENT TO BE PROCLAIMED] (Unless otherwise indicated) (The English text signed by the President) This
More informationAct CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.
Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information 1 In order to ensure the right of informational self-determination and the freedom of information, and to
More informationD I R E C T I O N S AND N O T E S
Surname, first name of applicant D I R E C T I O N S AND N O T E S Verwaltung des Klinikums Geschäftsbereich Personal Abteilung Personalbetreuung 1. DIRECTIONS CONCERNING THE OBLIGATION OF LOYALTY TO THE
More informationThe Act on Processing of Personal Data
The Act on Processing of Personal Data Act No. 429 of 31 May 2000 as amended by section 7 of Act No. 280 of 25 April 2001, section 6 of Act No. 552 of 24 June 2005 and section 2 of Act No. 519 of 6 June
More informationSubject Access Request Procedure
Standard Operating Procedure 3 (SOP 3) Why we have a procedure? Subject Access Request Procedure Individuals have a legal right to see information that the Trust holds about them, subject to certain exemptions
More informationData Protection REFERENCE NUMBER. IMPLEMENTATION DATE June 2014 NEXT REVIEW DATE: September 2020 RISK RATING
POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Data Protection REFERENCE NUMBER A031 Version 1.1 POLICY OWNERSHIP DIRECTORATE BUSINESS AREA CHIEF OFFICERS
More informationHow we use Personal Information
How we use Personal Information Introduction This document explains how Essex Police obtains, holds, uses and discloses information about people - their personal information 1 -, the steps we take to ensure
More informationData Protection Policy
Data Protection Policy St Barnabas & St Philip s Church of England Primary School P:\Policies and Documents\Data Protection Policy.docx 1 Responsibility: Contents: It is the responsibility of the Governors
More informationELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan
ELECTRONIC DATA PROTECTION ACT 2005 An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan Whereas it is expedient to provide for the processing
More informationGreater London Darts Organisation Handbook & Rules (County Section Only)
The index to the contents of the G.L.D.O. Handbook (County Section) is listed below, by Sections and page numbers, in the order in which they appear in the Handbook. INDEX OF CONTENTS PAGES Section 1 GENERAL
More informationSTATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT
STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT The purpose of this Statoil Binding Corporate Rules Public Document is to explain the content of the Binding Corporate Rules (BCR) and help ensure that
More informationCommittee Servicing: the Implications of Freedom of Information and Data Protection
Committee Servicing: the Implications of Freedom of Information and Data Protection What data protection and freedom of information implications do I need to consider for committee servicing? People have
More informationTHE PERSONAL DATA (PROTECTION) BILL, 2013
THE PERSONAL DATA (PROTECTION) BILL, 2013 [Long Title] [Preamble] CHAPTER I PRELIMINARY 1. Short title, extent and commencement. (1) This Act may be called the Personal Data (Protection) Act, 2013. (2)
More informationDATA PROTECTION AND FREEDOM OF INFORMATION POLICY
DATA PROTECTION AND FREEDOM OF INFORMATION POLICY Version 1.0 Date 11/11/2016 Approved by Board of Directors 09/02/2017 Version Date Description Revision author 1.0 11/11/2016 Trust Version Created FMW
More informationChild sex offenders disclosure scheme (CSODS)
Contents Child sex offenders disclosure scheme (CSODS) Part one Policy... 2 Chapter 1 Legislation... 2 Chapter 2 Cross border applications... 4 Receiving force... 5 Coordinating force... 5 Responding forces...
More informationSIMON READHEAD Q.C. PRIVACY NOTICE
SIMON READHEAD Q.C. PRIVACY NOTICE Introduction 1. I am committed to handling your personal information fairly, lawfully and securely in accordance with current data protection laws. This privacy notice
More informationData Protection. Standard Operating Procedure
Data Protection Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised as
More informationcloser look at Rights & remedies
A closer look at Rights & remedies November 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute legal advice or legal analysis.
More informationChild Protection Legislation Amendment (Children s Guardian) Act 2013 No 31
New South Wales Child Protection Legislation Amendment (Children s Guardian) Act 2013 Contents Page 1 Name of Act 2 2 Commencement 2 Schedule 1 Amendment of Child Protection (Working with Children) Act
More informationData Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink
Between And The National Message Broker Service known as Healthlink THIS AGREEMENT is dated and made between: (1) , which has its principle administrative
More informationMANITOBA FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY RESOURCE MANUAL
Chapter 6 TABLE OF CONTENTS TABLE OF CONTENTS... 1 PROTECTION OF PRIVACY... 7 Overview... 7 Preliminary Privacy Considerations Necessary, Effective and Proportional... 11 The Ombudsman's three part test...
More informationAnti-Fraud, Bribery and Corruption Response Policy. Telford and Wrekin Clinical Commissioning Group
Anti-Fraud, Bribery and Corruption Response Policy 2018 Telford and Wrekin Clinical Commissioning Group The Anti-Fraud, Bribery and Corruption Policy for Telford and Wrekin Clinical Commissioning Group
More informationWASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT
General Administration Policy #1300 - Manual WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT Manual #1300 Adopted by the Washington County Board of Commissioners
More informationFreedom of Information
Freedom of Information Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised
More informationVersion No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI)
PURPOSE PARTNERS The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief Police Officers and relevant agencies
More informationAnyComms Plus. End User Licence Agreement. Agreement for the provision of data exchange software licence for end users
AnyComms Plus End User Licence Agreement Agreement for the provision of data exchange software licence for end users i March 2018 V4 Terms & Conditions Definitions and Interpretation Commencement Date
More informationDATA PROTECTION (AMENDMENT) REGULATIONS Amendments to the Data Protection Regulations Insertion of new sections...
DATA PROTECTION (AMENDMENT) REGULATIONS 2018 DATA PROTECTION (AMENDMENT) REGULATIONS 2018 1. Amendments to the Data Protection Regulations 2015... 2 2. Insertion of new sections... 9 3. Short title, extent
More informationAIA Australia Limited
AIA Australia Limited Privacy policies & procedures May 2010 The Power of We AIA.COM.AU AIA Australia Limited Privacy policies & procedures Contents Purpose 3 Policy 3 National Privacy Principles Policy
More informationMemorandum of Understanding. between. Solicitors Regulation Authority. and. The Claims Management Regulation Unit (CMR)
Memorandum of Understanding between Solicitors Regulation Authority and The Claims Management Regulation Unit (CMR) Introduction 1. The Claims Management Regulation Unit (CMR) and the Solicitors Regulation
More informationBJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures
BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures Version History and Document Approval Version History: Version Date Author Reason 1.0 31 st December 2017 Barry Wilson Document
More informationHealth Information Privacy Code 1994
Health Information Privacy Code 1994 Incorporating amendments Privacy Commissioner Te Mana Matapono Matatapu New Zealand The Code of Practice comprises clauses 1-7 and rules 1-12. To assist with the use
More informationPERSONAL DATA PROCESSING AGREEMENT
PERSONAL DATA PROCESSING AGREEMENT between the following parties: 1. Name:............... Registration number / VAT ID:... Address:... Signed by:... Signature:... (hereinafter as Controller ) and 2. Name:
More informationTHE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum
THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum The object of this Bill is to repeal the Data Protection Act and replace it by a new and more appropriate legislation which will strengthen
More informationBASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)
BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR) The undersigned: Basecone N.V., a corporation established under Dutch law, with its corporate domicile at Eemweg 8, 3742 LB Baarn, the Netherlands
More informationCODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS
CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS 1 INTRODUCTION This Code of Practice sets out the basic conditions of use for Community-Based CCTV systems by applicants for the Department of Justice,
More informationGreat Leighs Primary School. Data Protection and Freedom of Information Policy. Adopted: April Review Date: April 2018.
Great Leighs Primary School Data Protection and Freedom of Information Policy Adopted: April 2015 Review Date: April 2018 Contents 1. Introduction... 1 2. Purpose... 1 3. What is Personal Information?...
More informationMemorandum of Understanding. between. The Legal Aid Agency (LAA) and. Solicitors Regulation Authority (SRA)
Memorandum of Understanding between The Legal Aid Agency (LAA) and Solicitors Regulation Authority (SRA) 1 Introduction 1. The Legal Aid Agency (LAA) and the Solicitors Regulation Authority (SRA) ( the
More informationGuidelines on the Safe use of the Internet and Social Media by Police Officers and Police Staff
RM Guidelines on the Safe use of the Internet and Social Media by Police Officers and Police Staff The Association of Chief Police Officers has agreed to these guidelines being circulated to, and adopted
More informationData Protection Bill, House of Lords second reading Information Commissioner s briefing
Data Protection Bill, House of Lords second reading Information Commissioner s briefing Introduction... 2 Overview... 2 Derogations... 4 Commissioner s part-by- part commentary on the Bill... 5 Part one:
More informationFreedom of Information Policy
Audience Named person responsible for monitoring Freedom of Information Policy All Staff & Governors Head Agreed by Personnel Committee June 2015 Agreed by Governing Body July 2015 Date to be Reviewed
More informationDISCLOSURE & BARRING CHECKS POLICY
Westcountry Schools Trust (WeST) DISCLOSURE & BARRING CHECKS POLICY Mission Statement WeST holds a deep seated belief in education and lifelong learning. Effective collaboration, mutual support and professional
More informationDBS and Recruitment of Ex-Offenders Policy
DBS and Recruitment of Ex-Offenders Policy Introduction The code of practice published under section 122 of the Police Act 1997 advises that it is a requirement that all registered bodies must treat DBS
More informationThe Privacy Policy links to the following Objective contained within the City Plan
Privacy Policy Privacy Policy City Plan Reference The Privacy Policy links to the following Objective contained within the City Plan 2013-2017. Performance is about managing our resources wisely, providing
More informationDBS Policy Agreed: September 2016 Signed: (HT) Signed: (CofG) Review Date: September 2017
DBS Policy Agreed: September 2016 Signed: (HT) Signed: (CofG) Review Date: September 2017 Goldthorpe Primary School: DBS Policy Aim At Goldthorpe Primary School the safety of our staff, pupils and visitors
More informationData Protection Policy. Revisions and Editions Log
Data Protection Policy Revisions and Editions Log Data Protection Policy adopted February 2015 Review Resources Comm February 2016 Reviewed Feb 2017 FGB Next review Feb 2018 School Data Protection Policy
More information