PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016

Size: px
Start display at page:

Download "PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016"

Transcription

1 1.0 Summary of Changes 1.1 This procedure/sop has had an additional paragraph added at relating to data processing of information by direct access to Athena. 2.0 What this Procedure/SOP is About 2.1 Section 4 of the Data Protection Act 1998 (DPA) requires Data Controllers to ensure all their processing of personal data is in compliance with the DPA, including its eight Data Protection Principles. 2.2 The Chief Constables of Essex Police and Kent Police are the respective Data Controllers of the two police forces. They determine the purposes for which personal data are processed by the two police forces (as per the forces notification to the Information Commissioner) and the manner in which that processing takes place, as documented in policy, procedure, SOPs and standard working practices. 2.3 This procedure/sop provides considerations for complying with the eight principles of the DPA to ensure lawful processing of personal information, including how individuals can require a Chief Constable to inform them of any personal data, relating to them, that a force may be processing. 2.4 The forces approach to Data Protection compliance is to follow the College of Policing s Data Protection Authorised Professional Practice (APP). The Essex Police leads on Data Protection are the Senior Information Officers within Information Management, and the Kent Police lead is the Head of Legal Services. Compliance with this procedure/sop and any governing policy is mandatory. 3.0 Detail the Procedure/SOP 3.1 The Principles All processing of personal data by the two police forces must be in compliance with the eight data protection principles (Schedule 1 DPA) set out below; though exemptions within the DPA mean that in some circumstances there may be no requirement to comply with all aspects of all of the principles. The first principle: personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless: At least one of the conditions in Schedule 2 is met; and In the case of sensitive personal information, at least one of the conditions in Schedule 3 of the Act is also met. Page 1 of 12

2 3.1.2 The second principle: personal data shall be obtained for specified, lawful purposes and shall not be further processed in any manner incompatible with that purpose or purposes The third principle: personal data shall be adequate, relevant and not excessive for the purpose for which they are processed The fourth principle: personal data shall be accurate and where necessary kept up to date The fifth principle: personal data processed for any purpose or purposes shall not be kept for longer than necessary for that purpose or purposes The sixth principle: personal data shall be processed in accordance with the rights of data subjects under the Act The seventh principle: appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data The eighth principle: personal data shall not be transferred to a country outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. 3.2 Access and Disclosure Information held on police systems is confidential to authorised individuals whose duties require them officially to be in possession of such information Where it is deemed necessary to disclose information to another organisation (a third party) the force needs to make a decision as to see how this is accommodated within the first and second principles. Further guidance is available within SOP W Information Sharing Agreement. 3.3 Data Subject Rights - Subject Access The DPA s sixth data protection principle requires that the forces process personal data in accordance with the rights of data subjects. Under Section 7 of the DPA, a right, commonly referred to as subject access, allows an individual to apply for a copy of the information that the force holds about them. The individual is also entitled to further information about the processing of the data, but various exemptions to the right of subject access apply in certain circumstances or to certain types of personal data. Page 2 of 12

3 3.3.2 Individuals may exercise this right by making a written subject access request (SAR). This must to be accompanied by payment of the forces fee for dealing with the request (this is the maximum charge of 10) Potential applicants may be advised that the right applies only to information relating to the person making the request. It does not extend to information about other people and it does not give an absolute right to access to documents. The right is limited in its application. Information will not be made available if: a) The release of the information could lead to the identification of another person to whom Essex Police or Kent Police have a duty of confidence (this may be an offender or a victim); b) The information being processed is used for the prevention or detection of crime; or the arrest or prosecution of offenders and disclosure would prejudice those purposes; c) The information is contained in non-automated records (unstructured paper files for example) and the cost to Essex Police or Kent Police of retrieving it is likely to exceed The forces cannot insist on the use of a particular form for making a SAR, but the forces will make forms available to assist the requester to provide the information that is needed to deal with their request (Form A95 for Essex Police; Form 2902B for Kent Police) Applicants should be advised that application forms may be downloaded from the forces web sites. Telephone applications will be sent out within 2 working days of request, by second-class post As well as a signed application form, applicants will need to provide two copies of proof of identity, showing their name and date of birth. Approved identity documents include: passport, driving licence, utility bill or similar. At least one of the documents must bear their signature, and a different one must contain their current home address For nationally held information, the NPCC (formally ACPO) Criminal Records Office (ACRO) process application forms on behalf of all forces within England and Wales. Enquiries relating to such applications should be directed to ACRO (SAR), PO Box 662, Fareham, Hampshire, PO14 9LQ, subjectaccess@acro.pnn.police.uk or telephone. A fee and appropriate identification will be required to make a valid request For locally held information, Essex Police and Kent Police will provide acknowledgments for all applications and a reference number will be provided to assist tracking. Page 3 of 12

4 3.3.9 Correspondence received by Divisions or Departments asking for subject access under the Act will be acknowledged and the correspondence will be forwarded to forces respective Data Protection teams for a response. However, where the request is for specific disclosure of information such as; details of crime, accident reports or custody records, these will be dealt with locally in accordance with the relevant policy/sop. Where there is any doubt, contact the Senior Information Officer, Information Management (Essex Police) or Legal Services (Kent Police), for guidance Processing of requests can take up to 40 calendar days. Requests for an urgent response will only be considered for extreme emergencies e.g. Visa required to visit a gravely ill relative An employer should not require potential or current employees to submit themselves through the subject access procedure in order to provide such information to their employer, a process known as enforced subject access. Section 56 DPA makes enforced subject access a criminal offence. Allegations of offences under Section 56 DPA should be reported to the Information Commissioner An employer is entitled to seek information regarding an individual s criminal past, due to the applicant being likely to come in to close contact with children or vulnerable adults. The police do not carry out these checks and any applicant should be advised to contact the Disclosure and Barring Service (DBS). The DBS can be contacted by telephone on or on the internet The two police forces may receive single hybrid requests for both recorded information and personal data under the statutory provisions of the Freedom of Information (FOI) and Data Protection Acts. For example, a subject access request may also contain a valid FOI request or vice-versa. On such occasions, the respective Data Protection/FOI teams will coordinate responses under both Acts. 3.4 Obtaining Personal Data from Outside Organisations Section 29(3) DPA gives Data Controllers, in other organisations, the legal authority to release personal data to the police, without fear of contravening the DPA, provided certain criteria are met. Failure to meet these criteria could mean that the Data Controller, the requesting officer or both, commit a criminal offence. For these reasons, it is imperative that a Data Protection Disclosure form (Essex Police Form A101 and, Kent Police Form 3560) is used and properly completed. The use of this form does not exempt either party from the provisions of other relevant legislation. The form may be used by police officers and police staff The legislation provides the grounds to release personal data to the police, provided that data are required for one or more of the following purposes; the prevention or detection of crime or the apprehension or prosecution of an offender. Page 4 of 12

5 3.4.3 In practice, Section 29(3) assists the police where personal data are required from a Data Controller (e.g. a commercial company, a public institution or Internet Service Provider), for one or more of the purposes mentioned in paragraph above. Organisations will normally require requests to be made in writing The Act only allows release of information without the knowledge or consent of the data subject where both the information is required for one of the purposes at and where a failure to disclose the data would be likely to prejudice the investigation or enquiry. For this reason the form must not be used where the only purpose is to confirm known facts, for general intelligence or for administrative purposes A Data Controller can always refuse a request for data made by the police. It is therefore important that officers and staff using such forms recognise that they are making a request for information, not a demand. Unless a specific statutory power exists to demand information, non-compliance with a request will need to be overcome by a court order and guidance should be sought from Legal Services (Essex Police) or the Civil Court Orders Team (within PPU at Kent Police) in relation to material filed in family proceedings or Legal Services (Kent Police) otherwise There is no obligation imposed by the two police forces for such requests to be authorised by a superior officer or member of police staff of any particular rank. However, should the Data Controller subject of the request require such authorisation an officer, of at least the rank of Inspector, may authorise any request. This level of authority is designed to give a Data Controller confidence that an appropriate validation process has been observed prior to any request On occasion it may not be possible to disclose the reasons why such information is deemed necessary e.g. national security investigations. Where no reason can be provided, for operational reasons, and the Data Controller subject of the request requires such authorisation then the authorising signatory should be an officer of at least the rank of Superintendent The requestor and those authorising must be aware that they are each making a statement that the conditions are true, and that obtaining personal data under false pretences may be a criminal offence Audits may be undertaken to ensure that requests for information are lawful and in accordance with this policy. 3.5 Non-Disclosure Exemptions There is also the ability for other organisations to request the release of information from Essex Police or Kent Police. As this invariably breaches the duty of confidence in the handling of personal information it is necessary to seek a legal gateway and the legislation provides a series of exemptions to cover such situations: Page 5 of 12

6 a) Disclosure is for the purpose of safeguarding National Security [Section 28]; b) Disclosure is required for the purposes of: prevention or detection of crime, the apprehension or prosecution of offenders, or the assessment or collection of any tax or duty, and the application of those provisions in relation to the disclosure would be likely to prejudice any of these purposes [Section 29]; c) Disclosure is required by or under any enactment, by any rule of law or by the order of a court [Section 35]. This may require the individual to be advised that such a disclosure is being considered before any decision is made (policy W01n - Information Sharing Agreements Kent, W 2024 Procedure Information Sharing - Essex); d) Disclosure for the purpose of or in connection with any legal proceedings (including prospective legal proceedings) or for the purpose of obtaining legal advice or is otherwise necessary for the purposes of establishing, exercising or defending legal rights [Section 35]. This will invariably require the individual to be advised that such a disclosure is being considered before any decision is made (policy W01n - Information Sharing Agreements); e) Disclosure is to the Data subject; or f) Disclosure is at the request of or with the consent of the data subject, which can be evidenced A written record of the circumstances and the exemption used should be retained in the event that the disclosure is challenged. 3.6 Consent to Process Requirements under the DPA Section 17 of the DPA requires that the purpose(s) for the processing of personal data by the two police forces must be included within the notification to the Information Commissioner. Processing must not take place unless it is validated as being within the Chief Constable s notification in the Information Commissioner s register or is required by or under any rule of law Any new system processing personal data, whether in physical or digital format, requires a preliminary risk assessment which is assessed and recorded by either the Information Security Unit (form 3915 for Kent Police) or the Information Security Officer (for Essex Police) Development of the system should not commence until the legitimacy of the process has been approved and a Privacy Impact Assessment conducted where required. Page 6 of 12

7 3.7 Data Subject Rights Other Rights Other than the right of access as described above the DPA also entitles an individual to other rights. Rights exist in relation to the following: Right to prevent processing likely to cause damage or distress; o An individual is entitled to write to either police force requiring that they do not process their personal data in a manner that is causing or is likely to cause unwarranted substantial damage or substantial distress to themselves or another person. Such applications will be forwarded as soon possible, in the case of Essex Police to the Senior Information Officer, Information Management; or Legal Services for Kent Police. Rights in relation to automated decision taking; o Subject to certain exemptions, an individual has the right to require that either police force ensures no decision that would significantly affect them is taken by the police force or on its behalf purely using automated decisionmaking software. Such applications will be forwarded as soon possible, in the case of Essex Police to the Senior Information Officer, Information Management; or Legal Services for Kent Police. Right to Prevent Processing for the Purposes of Direct Marketing o Subject to certain exemptions, an individual has the right to request that either force stops using their personal data for direct marketing purposes. This includes the communication by any means (for example by use of ) or any advertising or marketing directed at particular individuals. Such a right is unlikely to be needed to be applied within the police service. In the event that such a request is received, upon receipt it will be forwarded to either the Senior Information Officer, Information Management (Essex Police) or Legal Services (Kent Police) to co-ordinate the response. Statutory timescales are imposed for responses therefore it is imperative that the request is forwarded immediately. Right to take action for compensation if the individual suffers damage by any contravention of the Act by Data Controllers. o Any individual who believes they have suffered damage and/or distress as a result of any contravention of the requirements of the Act may be entitled to compensation where the Data Controller is unable to prove that it had taken such care as was reasonable in all the circumstances to comply with the relevant requirement. Right to take action to rectify, block, erase or destroy inaccurate data; o An individual has the right to seek a court order for the rectification, blocking, erasure or destruction of inaccurate personal data processed by either Police Force. Page 7 of 12

8 Right to request the Information Commissioner to assess a Data Controller s processing. o An individual can request the Information Commissioner to make an assessment if they believe that they are affected by the processing of personal data by either force. In such circumstances, the Information Commissioner will liaise with either force as necessary. 3.8 Data Processing Contracts Anyone other than officers and staff of either police force who processes personal data on behalf of the force is known as a Data Processor. Where a Data Processor is used paragraphs 9 to 12 of Part II of Schedule 1 to the DPA require that the processing must be carried out under a written contract directing the Data Processor to act only on instructions from the police force and requiring it to comply with obligations equivalent to those on the police force by the seventh data protection principle Contracts created for this purpose are known as data processing contracts and both forces will use the template data processing contract contained in the Data Protection APP if existing contracts do not meet the requirements described in Examples of data processing include I.T. maintenance companies, confidential waste contractors and volunteers working within a police force It is the responsibility of the head of any business area (for example, the Information Asset Owner) within the two police forces arranging or sponsoring data processing in their business area to develop data processing contracts to cover that data processing A copy of any data processing contract will be provided to the Senior Information Officer, Information Management (Essex Police) or Legal Services (Kent Police) Where the data processing involves processing of information by direct access to Athena there is a requirement from section 6.3 of the Athena Information Management Code of Connection that the draft Data Processing Contract is passed to the Business Manager at the Athena Management Organisation for approval prior to the data processing commencing. Page 8 of 12

9 3.9 Data Complaints/Disputes Resolution Both forces receive complaints and disputes concerning the manner in which personal data are processed. Such complaints should be put in writing and dealt with as follows: Applications for the Early Disposal of Information Essex Police applications will be made in accordance with W 2021 Procedure Applications for the Early Disposal of Information. Excessive retention of personal data. Essex Police to be reported to the Senior Information Officer, Information Management who will liaise with the Records Manager, Information Asset Owner and others as necessary to resolve the dispute. Kent Police to be reported to Legal Services, who will liaise with the Records Manager, Information Asset Owner and others as necessary to resolve the dispute. Inappropriate access to or use of personal data. Essex Police to be reported to Professional Standards who will liaise with Senior Information Officer, Information Security Officer and Information Asset Owner and others as necessary to resolve the dispute. Kent Police to be reported to Legal Services, who will liaise with the Records Manager, Information Asset Owner and others as necessary to resolve the dispute. Inaccurate personal data Essex Police to be reported to the Senior Data Quality & Compliance Officer who will liaise with the Senior Information Officer, Information Asset Owner and others as necessary to resolve the dispute. Kent Police to be reported to Legal Services, who will liaise with the Records Manager, Information Asset Owner and others as necessary to resolve the dispute. Failure to apply data subject rights appropriately Essex Police to be reported to the Senior Information Officer who will liaise with others as necessary. Kent Police to be reported to Legal Services, who will liaise with the Records Manager, Information Asset Owner and others as necessary to resolve the dispute. Disclosure & Barring Service (DBS) disclosures Essex Police & Kent Police to be reported directly to the DBS complaints procedure. Page 9 of 12

10 Non-compliance with Protection of Freedoms Act (POFA) Essex Police & Kent Police Any request for the deletion of nationally held records of biometric material (DNA Sample), fingerprints, DNA Profiles and scanned fingerprints (held on IDENT1), should go to ACRO in the first instance 3.10 Compliance and Enforcement All officers and staff and others working or volunteering for, or on behalf of, either force are responsible for ensuring that the forces obligations under the DPA are met Information Management (Essex Police) and Information Security Unit (Kent Police) audit systems and processes for compliance with the appropriate legislation and force policy. The findings of such audits, along recommendations, may be reported to the relevant Information Asset Owner (IAO) and to the forces Senior Information Risk Owners (SIROs). (See W 1009 Procedure/SOP Protective Monitoring.) In addition to any official action by Professional Standards Department for breaches of policy, the DPA FOI Acts create specific criminal offences which can be committed by any individual: a) Unauthorised access to or disclosure of personal information (Section 55 DPA); b) Destruction, alteration, concealment of any information with a view to preventing disclosure (Section 77 FOI Act). 4.0 Equality Impact Assessment 4.1 This procedure/sop has been assessed with regard to an Equality Impact Assessment. As a result of this assessment it has been graded as having a low potential impact as the proposals in this procedure/sop would have no potential or actual differential impact on grounds of race, ethnicity, nationality, gender, transgender, disability, age, religion or belief or sexual orientation. 5.0 Risk Assessment 5.1 There is an overall risk concerning the use and management of Essex and Kent Police information. Advice and guidance relating to the assessment of risk is contained within the individual procedures. The Corporate Risk Register will contain any risks in relation to Information Security. Page 10 of 12

11 6.0 Consultation 6.1 The following were included in the consultation during the formulation of this document: Unison / Federation Diversity / H&S PSD The Information Management Boards (IMB s) for Essex and Kent. Business Services 7.0 Monitoring and Review 7.1 The forces partnership lead departments will be responsible for ensuring that the procedure/sop will remain current in line with HMG and NPCC policy. 7.2 This procedure/sop will be reviewed by or on behalf of the forces SIROs every year. 8.0 Governing force policy. Related force policies or related procedures (Essex) / linked standard operating procedures (Kent) Joint Essex Police and Kent Police W 1000 Policy Information Management and Assurance W 1001 Procedure /SOP ICT Acceptable Use W 1002 Procedure/SOP - User Account Management W 1003 Procedure/SOP - Information Classification & Handling W 1004 Procedure/SOP - Incident Reporting & Management W 1005 Procedure/SOP - Information Asset Owners W 1007 Procedure/SOP - Accreditation of Information Assets W 1008 Procedure/SOP - Physical Security W 1009 Procedure/SOP Protective Monitoring W 1010 Procedure/SOP - Records Management (Physical and Digital) W 1011 Procedure/SOP - Data Protection W 1012 Procedure/SOP - Records Review, Retention and Disposal W 1014 Procedure/SOP - Information Sharing Agreements W 1017 Procedure/SOP Sanitisation and Disposal W 1019 Procedure/SOP Freedom of Information Page 11 of 12

12 Essex Police Only W 2006 Procedure Cryptographic Security W 2011 Procedure Transaction Monitoring and Audit W 2013 Procedure Appropriate Access and Use of Police Information W 2020 Procedure Data Quality W 2021 Procedure Applications for the Early Disposal of Information W 2040 Procedure Records and Evidence Centre 9.0 Other source documents, e.g. Legislation, APP, Force forms, partnership agreements (if applicable) Athena Information Management Code of Connection Page 12 of 12

Charities & Not-for-Profits Overview of Data Protection Law

Charities & Not-for-Profits Overview of Data Protection Law Charities & Not-for-Profits Overview of Data Protection Law The Data Protection Law provides a framework for the processing of data relating to individuals that serves to balance the needs of organisations

More information

How we use Personal Information

How we use Personal Information How we use Personal Information Introduction This document explains how Essex Police obtains, holds, uses and discloses information about people - their personal information 1 -, the steps we take to ensure

More information

European College of Business and Management Data Protection Policy

European College of Business and Management Data Protection Policy European College of Business and Management Data Protection Policy 1. INTRODUCTION 1.1 The European College of Business and Management (ECBM) is committed to full compliance with the Data Protection Act

More information

Data Protection Policy and Procedure

Data Protection Policy and Procedure Data Protection Policy and Procedure Reference No. P09:2007 Implementation date 12022008 Version Number Version 2.0 Reference No: Name. Linked documents Policy Section Procedure Section Yes Yes Suitable

More information

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE 2008 CONTENTS 1. INTRODUCTION Purpose of this document 1-6 2. KEY LEGISLATION AND GUIDANCE

More information

Access to Personal Information Procedure

Access to Personal Information Procedure Purpose of The sixth principle of the Data Protection Act 1998 gives rights to individuals in respect of the personal data that organisations hold about them. The Act says that: Personal data shall be

More information

Data Protection Act 1998 Policy

Data Protection Act 1998 Policy Data Protection Act 1998 Policy Responsibility for Policy: Relevant to: University Secretary All Staff, Students and Academic Partnerships Approved by: SMT in September 2016 Responsibility for Document

More information

Data Protection REFERENCE NUMBER. IMPLEMENTATION DATE June 2014 NEXT REVIEW DATE: September 2020 RISK RATING

Data Protection REFERENCE NUMBER. IMPLEMENTATION DATE June 2014 NEXT REVIEW DATE: September 2020 RISK RATING POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Data Protection REFERENCE NUMBER A031 Version 1.1 POLICY OWNERSHIP DIRECTORATE BUSINESS AREA CHIEF OFFICERS

More information

How we use Personal Information

How we use Personal Information How we use Personal Information Introduction This document explains how British Transport Police obtains, holds, uses and discloses information about people - their personal information 1 -, the steps

More information

Data Protection Bill [HL]

Data Protection Bill [HL] [AS AMENDED IN PUBLIC BILL COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Protection of personal data 3 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE

More information

SCHEDULE Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

SCHEDULE Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. SCHEDULE 1 THE DATA PROTECTION PRINCIPLES PART I THE PRINCIPLES 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless- (a) at least one of the conditions

More information

DATA SHARING AND PROCESSING

DATA SHARING AND PROCESSING DATA SHARING AND PROCESSING Capita Business Services Limited March 2016 Version 1.3 TABLE OF CONTENTS: Item Heading Page 1 Data Processing Agreement 2 2 Data Protection Act 1998 2 3 Data Protection Act

More information

Data Protection Act 1998

Data Protection Act 1998 Data Protection Act 1998 1998 CHAPTER 29 ARRANGEMENT OF SECTIONS Part I Preliminary 1. Basic interpretative provisions. 2. Sensitive personal data. 3. The special purposes. 4. The data protection principles.

More information

ARTICLE 29 Data Protection Working Party

ARTICLE 29 Data Protection Working Party ARTICLE 29 Data Protection Working Party 11580/03/EN WP 82 Opinion 6/2003 on the level of protection of personal data in the Isle of Man Adopted on 21 November 2003 This Working Party was set up under

More information

Law Enforcement processing (Part 3 of the DPA 2018)

Law Enforcement processing (Part 3 of the DPA 2018) Law Enforcement processing (Part 3 of the DPA 2018) Introduction This part of the Act transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK law. The Directive

More information

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE This consolidated version of the enactment incorporates all amendments listed in the footnote below.

More information

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2 Document Information Summary Partners ISA Ref: As Part 1 An agreement to formalise the information sharing arrangements for the purpose of specific Information sharing pursuant to Crime and Disorder reduction

More information

DATA PROTECTION (JERSEY) LAW 2005

DATA PROTECTION (JERSEY) LAW 2005 DATA PROTECTION (JERSEY) LAW 2005 Revised Edition Showing the law as at 1 January 2017 This is a revised edition of the law Data Protection (Jersey) Law 2005 Arrangement DATA PROTECTION (JERSEY) LAW 2005

More information

DATA PROTECTION POLICY STATUTORY

DATA PROTECTION POLICY STATUTORY DATA PROTECTION POLICY MAIDEN ERLEGH TRUST STATUTORY INITIAL APPROVAL July 2017 REVIEW FREQUENCY At least every two years REVIEWED CONTENTS PART ONE: POLICY STATEMENT & OBJECTIVES PART TWO: STATUS OF THE

More information

INFORMATION SHARING AGREEMENT This document is NOT PROTECTIVELY MARKED

INFORMATION SHARING AGREEMENT This document is NOT PROTECTIVELY MARKED PURPOSE PARTNERS The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief Police Officers and relevant agencies

More information

Data Protection. Policy & Procedure. Greater Manchester Police

Data Protection. Policy & Procedure. Greater Manchester Police Data Protection Policy & Procedure Greater Manchester Police October 2014 Table of Contents 1. Policy Statement... 1 1.1 Aims... 1 2. Scope... 1 3. Roles & Responsibilities... 2 4. Terms and Definitions...

More information

Data Protection Bill [HL]

Data Protection Bill [HL] [AS AMENDED IN COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE AND DEFINITIONS 3 Processing to which this

More information

Data Protection. Standard Operating Procedure

Data Protection. Standard Operating Procedure Data Protection Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised as

More information

Staff Data Protection Policy

Staff Data Protection Policy Staff Data Protection Policy Version: 9.0 Approval Status: Approved Document Owner: Graham Feek Classification: External Review Date: 02/11/2016 Effective from: 1 July 2015 Table of Contents 1. The Data

More information

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 General Rules on the Processing of Personal Data... 1 Rights of Data Subjects... 6 Notifications to the Registrar... 7 The Registrar...

More information

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 2 DATA PROTECTION (JERSEY) LAW 2005: CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV PART 1: CODE OF PRACTICE Introduction

More information

THE DATA PROTECTION PRINCIPLES

THE DATA PROTECTION PRINCIPLES DATA PROTECTION (JERSEY) LAW 2005 THE DATA PROTECTION PRINCIPLES GD1 DATA PROTECTION (JERSEY) LAW 2005 THE DATA PROTECTION PRINCIPLES Introduction 1 The Data Protection Principles 2 First Principle 3

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Co-ordinator Will Taylor Date of Completion June 2017 Date of adoption by Governors June 2017 Date to be reviewed June 2019 Introduction The new Data Protection Act 1998 (EU Directive

More information

INFORMATION SHARING AGREEMENT WEST YORKSHIRE POLICE. and LEEDS AND YORK PARTNERSHIP NHS FOUNDATION TRUST

INFORMATION SHARING AGREEMENT WEST YORKSHIRE POLICE. and LEEDS AND YORK PARTNERSHIP NHS FOUNDATION TRUST INFORMATION SHARING AGREEMENT WEST YORKSHIRE POLICE and LEEDS AND YORK PARTNERSHIP NHS FOUNDATION TRUST Version 4.0 1 of 14 CONTENTS SUMMARY SHEET 1. INTRODUCTION 2. PURPOSE 3. PARTNER(S) 4. POWER(S) 5.

More information

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE This consolidated version of the enactment incorporates all amendments listed in the footnote below.

More information

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16 DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 Part 1 General Rules on the Processing of Personal Data... 1 Part 2 Rights of Data Subjects... 7 Part 3 Notifications to the Registrar...

More information

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI)

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI) PURPOSE PARTNERS The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief Police Officers and relevant agencies

More information

BACKGROUND INFORMATION

BACKGROUND INFORMATION Data Protection 1. BACKGROUND INFORMATION The law governing Data Protection is covered by the Data Protection Act 1998. It implements the EC Data Protection Directive (95/46/EC) in the UK. The Act came

More information

Protection of Freedoms Act 2012

Protection of Freedoms Act 2012 Protection of Freedoms Act 2012 Draft statutory guidance on the making or renewing of national security determinations allowing the retention of biometric data March 2013 Issued Pursuant to Section 22

More information

Merseyside Police and Probation Area. Working together to. Protect the Public of Merseyside MULTI AGENCY PUBLIC PROTECTION ARRANGEMENTS

Merseyside Police and Probation Area. Working together to. Protect the Public of Merseyside MULTI AGENCY PUBLIC PROTECTION ARRANGEMENTS Merseyside Police and Probation Area Working together to Protect the Public of Merseyside MULTI AGENCY PUBLIC PROTECTION ARRANGEMENTS A PROTOCOL FOR MERSEYSIDE POLICE AND THE PROBATION SERVICE IN MERSEYSIDE.

More information

SUBJECT ACCESS REQUEST

SUBJECT ACCESS REQUEST DATA PROTECTION ACT 1998 SUBJECT ACCESS REQUEST Procedure Manual Page 1 of 22 Invest NI 1. Introduction 1.1 What is a Subject Access Request? 1.2 Routine Requests 1.3 What is an individual entitled to?

More information

- and - OPINION. Reasons

- and - OPINION. Reasons IN THE MATTER OF THE DATA PROTECTION ACT 1998 AND IN THE MATTER OF A PROPOSED CONTRACT B E T W E E N: Cambridge Analytica Inc - and - Claimant United Kingdom Independence Party Defendant OPINION 1. We

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Durrington High School as part of the Durrington Multi Academy Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact

More information

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) [S.L.440.05 1 SUBSIDIARY LEGISLATION 440.05 DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS 30th September,

More information

Human Resources People and Organisational Development. Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees

Human Resources People and Organisational Development. Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees Human Resources People and Organisational Development Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees 1 Contents What is the DBS?... 3 Assessing the need to conduct a

More information

CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS

CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS 1 INTRODUCTION This Code of Practice sets out the basic conditions of use for Community-Based CCTV systems by applicants for the Department of Justice,

More information

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner A Legal Overview of the Data Protection Act 2017 By: Mrs D. Madhub Data Protection Commissioner 06.02.2018 Overview The Data Protection Act 2017 Aim of the Act Major changes brought in the new Act Key

More information

Merrydale Infant School Freedom of Information Act

Merrydale Infant School Freedom of Information Act Merrydale Infant School Freedom of Information Act Chair s signature Head s signature Date Review date. 1 Explanatory Notes Governing bodies are responsible for ensuring that schools comply with the Freedom

More information

Schools Subject Access Request Procedures

Schools Subject Access Request Procedures Schools Subject Access Request Procedures Policy reviewed by Academy Transformation Trust on June 2018 This policy links to: Located: Data Protection Policy Freedom of Information Policy Review Date May

More information

MEMORANDUM OF UNDERSTANDING

MEMORANDUM OF UNDERSTANDING MEMORANDUM OF UNDERSTANDING between Risk and Intelligence Service Gateway Exchange Team and NHS Protect (England) and NHS Counter Fraud Services (Wales) The Parties (1) Gateway Exchange Team, CEI Cardiff,

More information

The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales).

The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales). DECLARATION FORM A Guidance for applicants The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales). When South Central Ambulance Service

More information

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013 PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013 [ASSENTED TO 19 NOVEMBER, 2013] [DATE OF COMMENCEMENT TO BE PROCLAIMED] (Unless otherwise indicated) (The English text signed by the President) This

More information

DOCUMENT DETAILS DOCUMENT CONTROL. Version history. Issued by. update 1 First draft DOCUMENT APPROVAL. Date Approved. applicable)

DOCUMENT DETAILS DOCUMENT CONTROL. Version history. Issued by. update 1 First draft DOCUMENT APPROVAL. Date Approved. applicable) DOCUMENT DETAILS Document Name: Nottingham College DBS and recruitment of ex-offenders Policy Document reference HR/MAP/300418 Version 1.0 Issue Date: Review Date: Document Author D Duggan Document Owner

More information

OTrack Data Processing Terms

OTrack Data Processing Terms BACKGROUND These Personal Data Processing Terms (the Agreement ) are entered into between Optimum Records Limited ( Optimum ) and the school using the services provided by Optimum (the School ) whose details

More information

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way. Page 1 of 10 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way. MEGT will fulfil its obligations under the Privacy Amendment (Enhancing

More information

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan ELECTRONIC DATA PROTECTION ACT 2005 An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan Whereas it is expedient to provide for the processing

More information

APPLICATION FOR COMMUNICATIONS DATA (UNDER THE DATA PROTECTION ACT 1998) RESTRICTED

APPLICATION FOR COMMUNICATIONS DATA (UNDER THE DATA PROTECTION ACT 1998) RESTRICTED Page 1 of 6 Notes to Applicant: The request is subject to the provisions of the Data Protection Act 1998. Unlawful disclosure to any person not entitled to receive it may result in prosecution. The Single

More information

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Object of this Law. 2. Application. 3. Extent. 4. Exception for personal, family

More information

DISCLOSURE & BARRING SERVICE (DBS) PROCEDURE

DISCLOSURE & BARRING SERVICE (DBS) PROCEDURE DISCLOSURE & BARRING SERVICE (DBS) PROCEDURE Authorised Professional Practice (APP) APP is developed and owned by the College of Policing (the professional body for policing) and can be accessed online.

More information

Data Protection Policy

Data Protection Policy Data Protection Policy The school collects and uses certain types of personal information about staff, pupils, parents and other individuals who come into contact with the school in order provide education

More information

CCTV POLICY. Document Type Corporate Policy. Unique Identifier HS-103

CCTV POLICY. Document Type Corporate Policy. Unique Identifier HS-103 CCTV POLICY Document Type Corporate Policy Unique Identifier HS-103 Document Purpose This policy covers the internal and external use of close circuit television in and around buildings owned by, or leased

More information

A closed circuit television system is used at the Memorial Hall by the Parish Council.

A closed circuit television system is used at the Memorial Hall by the Parish Council. BREADSALL PARISH COUNCIL CCTV CODE OF PRACTICE A closed circuit television system is used at the Memorial Hall by the Parish Council. The safety of residents using the car park and visitors to the buildings

More information

Disclosure and Barring Service (DBS) Checks Policy

Disclosure and Barring Service (DBS) Checks Policy Disclosure and Barring Service (DBS) Checks Policy For the attention of: All Staff Produced by: Director of Human Resources Approved by: SMT Date of publication: April 2013 Date of review: April 2015 Our

More information

Data Protection Policy

Data Protection Policy Complaints Procedure If anyone in the school community feels that this policy is not being followed then they should raise the matter first with the Headteacher and, if concerns persists, with the Chair

More information

AnyComms Plus. End User Licence Agreement. Agreement for the provision of data exchange software licence for end users

AnyComms Plus. End User Licence Agreement. Agreement for the provision of data exchange software licence for end users AnyComms Plus End User Licence Agreement Agreement for the provision of data exchange software licence for end users i March 2018 V4 Terms & Conditions Definitions and Interpretation Commencement Date

More information

Proper Handling of Data Correction Request by Data Users 1

Proper Handling of Data Correction Request by Data Users 1 Guidance Note Proper Handling of Data Correction Request by Data Users Introduction Under the Personal Data (Privacy) Ordinance (Chapter 486) (the Ordinance ), a data user is required to ensure that the

More information

DECLARATION FORM. Page1

DECLARATION FORM. Page1 DECLARATION FORM Guidance Notes for applicants The position you have applied for has been identified as providing a regulated activity within the terms of the Protection of Freedoms Act 2012 and is eligible

More information

Freedom of Information Act 2000 (Section 50) Decision Notice

Freedom of Information Act 2000 (Section 50) Decision Notice Freedom of Information Act 2000 (Section 50) Decision Notice Date: 9 December 2010 Public Authority: Middlesbrough Council Address: PO Box 99 Town Hall Middlesbrough TS1 2QQ Summary The complainant requested

More information

Great Leighs Primary School. Data Protection and Freedom of Information Policy. Adopted: April Review Date: April 2018.

Great Leighs Primary School. Data Protection and Freedom of Information Policy. Adopted: April Review Date: April 2018. Great Leighs Primary School Data Protection and Freedom of Information Policy Adopted: April 2015 Review Date: April 2018 Contents 1. Introduction... 1 2. Purpose... 1 3. What is Personal Information?...

More information

CCTV CODE OF PRACTICE

CCTV CODE OF PRACTICE EDINBURGH NAPIER UNIVERSITY CCTV CODE OF PRACTICE Introduction The monitoring, recording, holding and processing of images of identifiable individuals constitutes personal data as defined by the Data Protection

More information

The installation of CCTV can provide information on activities at the Water,

The installation of CCTV can provide information on activities at the Water, ST CHAD S WATER LNR CCTV CODE OF PRACTICE St Chad s Fishing Club A closed circuit television system is used at St Chad s Water LNR, Church Wilne (known in the Code as the Water) by the St Chad s Fishing

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Perth: Craigie and Moncreiffe CHARITY NO. SC001330 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data

More information

RESTRICTED (when complete)

RESTRICTED (when complete) Form 2902B: Application for access to your personal data held by Kent Police Section 7(1)(a) & 7(1)(b)(i) & 7(1)(c)(i) of the Data Protection Act 1998 (Subject Access) Your Subject Access Rights Subject

More information

CCTV Code of Practice

CCTV Code of Practice CCTV Code of Practice Belfast Trust CCTV Code of Practice Introduction Closed Circuit Television (CCTV) systems are in place across the Belfast trust. These systems comprise of cameras installed at strategic

More information

Child sex offenders disclosure scheme (CSODS)

Child sex offenders disclosure scheme (CSODS) Contents Child sex offenders disclosure scheme (CSODS) Part one Policy... 2 Chapter 1 Legislation... 2 Chapter 2 Cross border applications... 4 Receiving force... 5 Coordinating force... 5 Responding forces...

More information

Data Protection Policy

Data Protection Policy Data Protection Policy St Barnabas & St Philip s Church of England Primary School P:\Policies and Documents\Data Protection Policy.docx 1 Responsibility: Contents: It is the responsibility of the Governors

More information

Privacy. Purpose. Scope. Policy. Appendix A

Privacy. Purpose. Scope. Policy. Appendix A Privacy NZQA Quality Management System Policy Appendix A Purpose To ensure NZQA and personnel meet the legal obligations under the Privacy Act 1993 and in relation to its functions under section 246A of

More information

Thank you for your request for information regarding NDNAD which has now been considered.

Thank you for your request for information regarding NDNAD which has now been considered. c/o PO BOX 481 Fareham Hampshire PO14 9FS Tel: 02380 478922 Email: acpo.request@foi.pnn.police.uk FREEDOM OF INFORMATION REQUEST REFERENCE NUMBER: 000145/15 Thank you for your request for information regarding

More information

DATA PROTECTION AND FREEDOM OF INFORMATION POLICY

DATA PROTECTION AND FREEDOM OF INFORMATION POLICY DATA PROTECTION AND FREEDOM OF INFORMATION POLICY Version 1.0 Date 11/11/2016 Approved by Board of Directors 09/02/2017 Version Date Description Revision author 1.0 11/11/2016 Trust Version Created FMW

More information

Port Glasgow St Andrew s Data Protection Policy

Port Glasgow St Andrew s Data Protection Policy Port Glasgow St Andrew s Data Protection Policy CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data should be processed 7. Privacy

More information

Clare County Council Data Access Requests Policy

Clare County Council Data Access Requests Policy Clare County Council Data Access Requests Policy Data Subject A Data Subject is the individual who is the subject of the personal data. Only a Data Subject is entitled to make a Data Access Request. Section

More information

Complaints Policy. Director of Operations August 2017

Complaints Policy. Director of Operations August 2017 Complaints Policy Director of Operations August 2017 Contents 1. Introduction... 2 2. Types of Complaints... 2 3. Persons Eligible to make a Complaint... 2 4. Complaints against the Chief Constable...

More information

The London Borough of Barnet. The Metropolitan Police Barnet Borough Division

The London Borough of Barnet. The Metropolitan Police Barnet Borough Division The London Borough of Barnet in partnership with The Metropolitan Police Barnet Borough Division Code of Practice for the operation of Closed Circuit Television October 2014 Change Control Item Reason

More information

closer look at Rights & remedies

closer look at Rights & remedies A closer look at Rights & remedies November 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute legal advice or legal analysis.

More information

Data Protection. Guidance for Schools

Data Protection. Guidance for Schools Data Protection Guidance for Schools Please Note: This booklet is intended to act as a general guide for school staff to follow when dealing with personal information during their daily work. It is not

More information

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy Mannofield Parish Church Registered Scottish Charity No: SC 001680 (the Congregation ) Data Protection Policy December 2018 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special

More information

PRIVACY Policy. 1. Policy Statement. 2. Purpose. 3. Policy

PRIVACY Policy. 1. Policy Statement. 2. Purpose. 3. Policy 1. Statement Irabina Autism Services (hereafter referred to as Irabina) is required to comply with the Australian Privacy Principles (APP) in the Privacy Act 1988 (Cth) and the Health Privacy Principles

More information

against Members of Staff

against Members of Staff Procedural Guidance Security Marking: Police Misconduct and Complaints against Members of Staff Not Protectively Marked Please click on the hyperlink for related Policy Statements 1. Introduction 1.1 This

More information

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC CODE OF PRACTICE Preliminary draft code: This document is circulated by the Home Office in advance of enactment of the RIP Bill as an indication

More information

The Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight

The Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight The Rental Exchange Contribution Agreement for Rental Exchange Database A world of insight Contribution Agreement for Rental Exchange Database. Contribution Agreement for Rental Exchange Database. This

More information

St. Paul s C of E Primary School

St. Paul s C of E Primary School St. Paul s C of E Primary School Data Protection Policy Reviewed January 2016 Next Review Date January 2019 St. Paul s C. of E. Primary School DATA PROTECTION POLICY School Aim Statement Everyone working

More information

Saturday, 7 November 15

Saturday, 7 November 15 CSCU9Q5 Data Protection and Freedom of Information Acts 1 The Data Protection Legislation As an individual you should know about your rights with respect to data held about you As an information professional

More information

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS Short title. 1. This Law may be cited as the Processing of Personal Data (Protection of Individuals)

More information

Privacy Policy. This Privacy Policy sets out the Law Society's policies in relation to the management of Personal Information.

Privacy Policy. This Privacy Policy sets out the Law Society's policies in relation to the management of Personal Information. Privacy Policy Law Society of South Australia Privacy Policy The Law Society of South Australia (Law Society or we, us or our) deals with information privacy in accordance with the Privacy Act 1988 (Cth)

More information

CSCU9Q5. Data Protection and Freedom of Information Acts

CSCU9Q5. Data Protection and Freedom of Information Acts CSCU9Q5 Data Protection and Freedom of Information Acts 1 The Data Protection Legislation As an individual you should know about your rights with respect to data held about you As an information professional

More information

Individual Rights (Data Privacy) Policy

Individual Rights (Data Privacy) Policy October 2017 Please see the cover sheet to the Information Policies on the Staff Intranet and Board Intelligence. Individual Rights (Data Privacy) Policy 1. Introduction 1.1 UK data protection law gives

More information

New Scotland Yard, Victoria Embankment, London, SWlA 2JL

New Scotland Yard, Victoria Embankment, London, SWlA 2JL DATA PROTECTION ACT 1998 SUPERVISORY POWERS OF THE INFORMATION COMMISSIONER ENFORCEMENT NOTICE To: The Commissioner of Police of the Metropolis Of: New Scotland Yard, Victoria Embankment, London, SWlA

More information

SERVICE LEVEL AGREEMENT

SERVICE LEVEL AGREEMENT SERVICE LEVEL AGREEMENT between the ASSOCIATION OF CHIEF POLICE OFFICERS CRIMINAL RECORDS OFFICE And US EMBASSY For ACCESSING INFORMATION HELD ON THE POLICE NATIONAL COMPUTER TO SUPPORT THE INVESTIGATION

More information

Data Protection Policy. Revisions and Editions Log

Data Protection Policy. Revisions and Editions Log Data Protection Policy Revisions and Editions Log Data Protection Policy adopted February 2015 Review Resources Comm February 2016 Reviewed Feb 2017 FGB Next review Feb 2018 School Data Protection Policy

More information

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998 North Yorkshire County Council Subject Access Request Guidance and Procedure Data Protection Act 1998 The Data Protection Act 1998 (the Act), section 7 (1) gives individuals certain rights with regards

More information

Terms and Conditions GDPR Ready Data

Terms and Conditions GDPR Ready Data Terms and Conditions GDPR Ready Data 1. DEFINITIONS (1) Corpdata means Corpdata Limited, registered in England and Wales No. 02690712. (2) controller means the natural or legal person, public authority,

More information

Health Information Privacy Code 1994

Health Information Privacy Code 1994 Health Information Privacy Code 1994 Incorporating amendments Privacy Commissioner Te Mana Matapono Matatapu New Zealand The Code of Practice comprises clauses 1-7 and rules 1-12. To assist with the use

More information

INFORMATION SHARING AGREEMENT (ISA) BETWEEN

INFORMATION SHARING AGREEMENT (ISA) BETWEEN P.698 (07/12) INFORMATION SHARING AGREEMENT (ISA) BETWEEN Lincolnshire County Council The National Probation Service The Humberside, Lincolnshire and North Yorkshire Community Rehabilitation Company (HLNY

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy & Procedure Number: 73 Date of Board of Trustees Review: Summer 2017 Next Review Due: Summer 2019 Trust Link: Mr I Kirkham Revision Number: v1 A Commitment to Excellence 1

More information

General Data Protection Regulation

General Data Protection Regulation General Data Protection Regulation Bar Council Guide for Barristers and Chambers Purpose: Scope of application: Issued by: To assist barristers and sets of chambers in their compliance with the GDPR All

More information