CSCU9Q5. Data Protection and Freedom of Information Acts
|
|
- Paula Richards
- 5 years ago
- Views:
Transcription
1 CSCU9Q5 Data Protection and Freedom of Information Acts 1
2 The Data Protection Legislation As an individual you should know about your rights with respect to data held about you As an information professional you may have to deal with other people s information, and you may have to advise others on the law The current legislation is the Data Protection Act 1998, which is substantially different from the earlier legislation (1984) The Freedom of Information Act 2000 (UK) and Freedom of Information Act 2002 (Scotland) may also have impact if you work for a public authorities 2
3 The Data Protection Legislation First, some points about the words data is not just computer data Any systematic collection of records is covered, including paper records personal data means.. that the person can be identified and that there is some extra element in the data, e.g. an opinion or intention relating to the subject sensitive personal data includes.. race, politics, religion, trade unionism, health, sex, crime (alleged or actual) data subject is.. any living individual who is the subject of personal data data controller is.. any person making decisions with regard to personal data processing means held, obtained, organised, adapted, retrieved, consulted, disclosed, deleted 3
4 Eight principles (the snappy version) Personal data must be: 1. Fairly and lawfully processed 2. Processed for limited purposes 3. Adequate, relevant (to the declared purpose) and not excessive 4. Accurate and kept up to date 5. Not kept longer than necessary 6. Processed in accordance with the individual s rights 7. Secure 8. Not transferred to countries outside European Economic area unless.. the country has adequate protection for the individual 4
5 The six conditions (aka Schedule 2) Personal data only processed if (at least one of): 1. Subject has given consent 2. Necessary for the performance/agreement of a contract to which the data subject is a party 3. Necessary for compliance with any legal obligation of the data controller, other than an obligation imposed by contract 4. The processing is necessary in order to protect the vital interests of the data subject more... 5
6 Schedule 2, continued 5. The processing is necessary for the administration of justice, the purposes of government, or any other functions of a public nature exercised in the public interest by any person 6. Necessary for the purposes of legitimate interests pursued by the data controller or by third parties to whom the data are disclosed, except where unwarranted by reason of prejudice to the rights and freedoms or legitimate interests of the data subject 6
7 Schedule 3 (Sensitive personal data) At least one of: Subject has given explicit consent Legally necessary for employment When consent cannot reasonably be obtained, to protect vital interests of anyone When consent unreasonably withheld, to protect the vital interests of third parties As part of membership of non-profit groups for political, philosophical, religious or trade-union purposes Already made public by subject Necessary for legal or medical processes Monitoring of equal opportunity of racial/ethnic groups 7
8 The Seven Subject rights The Act gives significant rights to individuals in respect of personal data held about them by data controllers. These include: 1. The right to subject access 2. The right to prevent processing 3. The right to prevent processing for direct marketing 4. Rights in relation to automated decision making 5. The right to compensation 6. The right to rectification, blocking, erasure and destruction 7. The right to ask the Commissioner to assess whether the Act has been contravened 8
9 Data Controllers Not everyone who holds data is a data controller Data controllers must notify the Information Commissioner of their practices (costs 35 each year) Comply with the 8 principles of data protection Offences include Failure to notify Processing in a non-compliant way Procuring or selling information The commissioner issues enforcement notices Offences are punishable by a fine (up to 5000) Individuals may seek compensation for damage 9
10 Durant vs FSA Mr Durant lost a case against Barclay s Bank in 1993, and wanted information to reopen the case the FSA had conducted an investigation into Barclay s handing of his case in response to a DPA subject access request by Mr Durant, the FSA supplied him with some extracts from its computer records, but nothing from its paper records. It said the information was not personal and also not part of a relevant filing system The case ended in front of the Court of Appeal and a decision was given in October 2003 The case is very important, because it clarifies personal and relevant filing system (and changes the interpretation) 10
11 Durant: personal The Court found that Subject access exists to enable a subject to check whether his privacy has been infringed It is not an automatic key to any information... in which he may be named To be personal the information must be biographical in a significant sense... going beyond the recording... of involvement that has no personal connotations and the information should have the... data subject as its focus (Durant s case failed this test) 11
12 Durant: relevant filing system The Court found that a manual filing system is relevant if it has structure so that it is clear from the outset whether it could hold personal data, and in which files information about the applicant would be found (i.e. the system can support computer-like searches) The Commissioner suggests the Temp Test would a temporary admin assistant be able to find specific information on an individual (e.g. John Smith s leave records) without leafing through file(s)? 12
13 Some questions Does the University need to get each student s explicit consent to every detail of their information handling? What happens if a student s parent rings up to enquire about the student s progress? May results be posted on noticeboards? On the WWW? May graded work be returned using a communal pigeonhole? Can a student, making a Subject Access Request see copies of exam board minutes relating to them? see their own exam scripts? ask about how their degree was classified? ask to see every internal that mentions them? Can a student in debt to the University use the Act to get a statement of his/her degree result? 13
14 Eight principles (verbatim) 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless - (a) at least one of the conditions in Schedule 2 [Slides 4-5] is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 [Slide 6] is also met. 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and... kept up to date. 14
15 Eight principles, continued 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. 15
16 The public s right to know Applies to all information Overview of Freedom of Information (Act) Proactive disclosure via a Publication Scheme (demonstration of openness what you already publish, what you regularly get requests for, public interest) Responding to individual enquiries Based on good records management The Freedom of Information Act enables people access to information which is held by/on behalf of public authorities and those bodies carrying out a public function, and which does not fall under the access regime of personal information. 16
17 Your information rights The Freedom of Information Act facilitates access to information held by public authorities in two ways: * By requiring public authorities to adopt and maintain publication schemes, which should have the effect of improving the amount and quality of information routinely made available to the public. * By creating a right to make a request for information (effective from 1 January 2005). Anyone, including people living abroad, non-uk citizens, journalists, political parties, lobby groups and commercial organisations, will have the right to ask public authorities for any information they hold. More about the act can be found at: 17
18 Under the Freedom of Information (Scotland) Act you have the right to get information from any of the following Scottish public authorities or officeholders: Scottish Ministers in charge of all departments of the Scottish Executive and its agencies. The Scottish Parliament. Non-ministerial office holders in the Scottish Administration, including the chief medical and dental officers; the chief inspectors of constabulary, prisons, fire services and school;, rent officers; social work inspectors. Local government, including councils, assessors, fire services, licensing boards and the Strathclyde Passenger Transport Authority. The National Health Service, which includes NHS boards, community health partnerships, hospitals, GPs, dentists, pharmacists, opticians and other health professionals. Educational institutions such as universities and colleges. The police. Other public authorities, including more than 50 types of Scottish public authority not covered in the categories above. They range from the Scottish Arts Council to the Water Industry Commissioner for Scotland. Companies that are wholly owned by one or more public authorities. 18
19 What kind of information do I have a right to see? You can ask to see any kind of recorded information from a Scottish public authority, however old the information is. That includes information recorded on: paper computer files, including s video microfiche 19
20 Examples of information you can find out The number of complaints made about a particular service, for example, street cleaning or refuse collection and whether action was taken as a result. Information showing whether public authority policies are working well e.g for instance, is a Community Policing Initiative reducing crime in the local area? Information that would reveal whether a contract is providing value for money, for instance.. what standards have been agreed with agencies contracted to supply hospital cleaning or catering services. Why decisions affecting local services were made, such as a decision to cut back some services at your local hospital, or to combine local primary schools. How public authorities decide who gets priority on waiting lists for services such as health or housing. 20
21 Information You Cannot Find Using FoI Whether or not somebody has a criminal conviction Who has borrowed that library book that you want Information like this about individuals is protected by DPA How many plastic bottles are collected by the recycling team This information is not kept you cannot ask for research to be done! There is also a limit on how difficult it needs to be to collate information, even it is stored How much money my University spin-out company makes from selling electronic data acquisition boards each year Although the company is fully owned by the University, I can argue that the information is commercially sensitive and not have to disclose it What products Apple is currently developing You cannot use FoI to ask private (non-government) organisations anything Secret military or security related information 21
Saturday, 7 November 15
CSCU9Q5 Data Protection and Freedom of Information Acts 1 The Data Protection Legislation As an individual you should know about your rights with respect to data held about you As an information professional
More informationCharities & Not-for-Profits Overview of Data Protection Law
Charities & Not-for-Profits Overview of Data Protection Law The Data Protection Law provides a framework for the processing of data relating to individuals that serves to balance the needs of organisations
More informationGENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE
GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE 2008 CONTENTS 1. INTRODUCTION Purpose of this document 1-6 2. KEY LEGISLATION AND GUIDANCE
More informationPort Glasgow St Andrew s Data Protection Policy
Port Glasgow St Andrew s Data Protection Policy CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data should be processed 7. Privacy
More informationData Protection Policy
Data Protection Policy Perth: Craigie and Moncreiffe CHARITY NO. SC001330 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data
More informationMannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy
Mannofield Parish Church Registered Scottish Charity No: SC 001680 (the Congregation ) Data Protection Policy December 2018 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special
More informationData Protection Act 1998 Policy
Data Protection Act 1998 Policy Responsibility for Policy: Relevant to: University Secretary All Staff, Students and Academic Partnerships Approved by: SMT in September 2016 Responsibility for Document
More informationTHE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS
THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS Short title. 1. This Law may be cited as the Processing of Personal Data (Protection of Individuals)
More informationEuropean College of Business and Management Data Protection Policy
European College of Business and Management Data Protection Policy 1. INTRODUCTION 1.1 The European College of Business and Management (ECBM) is committed to full compliance with the Data Protection Act
More informationBACKGROUND INFORMATION
Data Protection 1. BACKGROUND INFORMATION The law governing Data Protection is covered by the Data Protection Act 1998. It implements the EC Data Protection Directive (95/46/EC) in the UK. The Act came
More informationData Protection Policy
Data Protection Policy St Barnabas & St Philip s Church of England Primary School P:\Policies and Documents\Data Protection Policy.docx 1 Responsibility: Contents: It is the responsibility of the Governors
More informationSUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS
DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) [S.L.440.05 1 SUBSIDIARY LEGISLATION 440.05 DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS 30th September,
More information- and - OPINION. Reasons
IN THE MATTER OF THE DATA PROTECTION ACT 1998 AND IN THE MATTER OF A PROPOSED CONTRACT B E T W E E N: Cambridge Analytica Inc - and - Claimant United Kingdom Independence Party Defendant OPINION 1. We
More informationELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan
ELECTRONIC DATA PROTECTION ACT 2005 An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan Whereas it is expedient to provide for the processing
More informationData Protection Policy
Data Protection Policy Co-ordinator Will Taylor Date of Completion June 2017 Date of adoption by Governors June 2017 Date to be reviewed June 2019 Introduction The new Data Protection Act 1998 (EU Directive
More informationDecision 192/2006 Mr David Sharpe and the Chief Constable of Strathclyde Police
Decision 192/2006 Mr David Sharpe and the Chief Constable of Strathclyde Police Request for copies of witness statements given by named individuals to Strathclyde Police, and the full written record of
More informationPROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016
1.0 Summary of Changes 1.1 This procedure/sop has had an additional paragraph added at 3.8.6 relating to data processing of information by direct access to Athena. 2.0 What this Procedure/SOP is About
More informationData Protection. Policy & Procedure. Greater Manchester Police
Data Protection Policy & Procedure Greater Manchester Police October 2014 Table of Contents 1. Policy Statement... 1 1.1 Aims... 1 2. Scope... 1 3. Roles & Responsibilities... 2 4. Terms and Definitions...
More informationSCHEDULE Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
SCHEDULE 1 THE DATA PROTECTION PRINCIPLES PART I THE PRINCIPLES 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless- (a) at least one of the conditions
More informationThe Act on Processing of Personal Data
The Act on Processing of Personal Data Act No. 429 of 31 May 2000 as amended by section 7 of Act No. 280 of 25 April 2001, section 6 of Act No. 552 of 24 June 2005 and section 2 of Act No. 519 of 6 June
More informationDecision 120/2007 Mr Russell Findlay and the Chief Constable of Fife Constabulary
Decision 120/2007 Mr Russell Findlay and the Chief Constable of Fife Constabulary Request for copy of investigator s report and expert reports Applicant: Mr Russell Findlay Authority: Chief Constable of
More informationDATA PROTECTION (JERSEY) LAW 2005
DATA PROTECTION (JERSEY) LAW 2005 Revised Edition Showing the law as at 1 January 2017 This is a revised edition of the law Data Protection (Jersey) Law 2005 Arrangement DATA PROTECTION (JERSEY) LAW 2005
More informationDIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995
DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
More informationDATA SHARING AND PROCESSING
DATA SHARING AND PROCESSING Capita Business Services Limited March 2016 Version 1.3 TABLE OF CONTENTS: Item Heading Page 1 Data Processing Agreement 2 2 Data Protection Act 1998 2 3 Data Protection Act
More informationDecision 063/2012 Mr Drew Cochrane of the Largs and Millport News and the Chief Constable of Strathclyde Police
of the Largs and Millport News and the Chief Constable of Strathclyde Police Name of a deceased person Reference No: 201200104 Decision Date: 2 April 2012 Margaret Keyse Acting Scottish Information Commissioner
More informationFreedom of Information Act 2000 (Section 50) Decision Notice
Freedom of Information Act 2000 (Section 50) Decision Notice 1 December 2008 Public Authority: Address: Ofsted (Office for Standards in Education) Alexandra House 33 Kingsway London WC2B 6SE Summary Following
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 11580/03/EN WP 82 Opinion 6/2003 on the level of protection of personal data in the Isle of Man Adopted on 21 November 2003 This Working Party was set up under
More informationLaw Enforcement processing (Part 3 of the DPA 2018)
Law Enforcement processing (Part 3 of the DPA 2018) Introduction This part of the Act transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK law. The Directive
More informationDecision 177/2010 Ms Matilda Gifford and the Chief Constable of Strathclyde Police
and the Chief Constable of Strathclyde Police Commission date of named police officer and employment of other personnel Reference No: 200901680 Decision Date: 12 October 2010 Kevin Dunion Scottish Information
More informationAnnex - Summary of GDPR derogations in the Data Protection Bill
Annex - Summary of GDPR derogations in the Data Protection Bill The majority of the provisions in the General Data Protection Regulation (GDPR) will automatically become UK law on 25 May 2018. However,
More informationGeneral Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...
DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 General Rules on the Processing of Personal Data... 1 Rights of Data Subjects... 6 Notifications to the Registrar... 7 The Registrar...
More informationPrivacy. Purpose. Scope. Policy. Appendix A
Privacy NZQA Quality Management System Policy Appendix A Purpose To ensure NZQA and personnel meet the legal obligations under the Privacy Act 1993 and in relation to its functions under section 246A of
More informationEuropean Data Protection Supervisor Your personal information and the EU administration: What are your rights?
European Data Protection Supervisor Your personal information and the EU administration: What are your rights? EDPS factsheet 1 Everyday, personal information - also known as personal data - is processed
More informationCODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS
CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS 1 INTRODUCTION This Code of Practice sets out the basic conditions of use for Community-Based CCTV systems by applicants for the Department of Justice,
More informationDecision 019/2011 Mr Allan Clark and Glasgow City Council. Names and addresses of Glasgow s Community Councillors
Names and addresses of Glasgow s Community Councillors Reference No: 201000647 Decision Date: 1 February 2011 Kevin Dunion Scottish Information Commissioner Kinburn Castle Doubledykes Road St Andrews KY16
More informationPark View Primary School
Policy on the Freedom of Information Act Responsibility: Contents: It is the responsibility of the Governors to ensure procedures are in place to ensure that the school handles information requests covered
More informationData Protection Bill [HL]
[AS AMENDED IN PUBLIC BILL COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Protection of personal data 3 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE
More informationThe Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017
The Ministry of Technology, Communication and Innovation and The Data Protection Office Workshop On DATA PROTECTION ACT 2017 Tuesday 06 March 2018 from 08.30 hrs 15.30 hrs InterContinental Mauritius Resort,
More informationDecision Notice. Decision 083/2018: Ms L and Edinburgh College
Decision Notice Decision 083/2018: Ms L and Edinburgh College Students on the Sex Offenders Register Reference No: 201800285 Decision Date: 13 June 2018 Summary The College was asked for statistical information
More informationSTATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT
STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT The purpose of this Statoil Binding Corporate Rules Public Document is to explain the content of the Binding Corporate Rules (BCR) and help ensure that
More informationDecision 073/2014 Mr Derek Cooney and the Scottish Court Service
Names of vexatious litigants Reference No: 201400170 Decision Date: 26 March 2014 Rosemary Agnew Scottish Information Commissioner Kinburn Castle Doubledykes Road St Andrews KY16 9DS Tel: 01334 464610
More informationMerrydale Infant School Freedom of Information Act
Merrydale Infant School Freedom of Information Act Chair s signature Head s signature Date Review date. 1 Explanatory Notes Governing bodies are responsible for ensuring that schools comply with the Freedom
More informationA Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner
A Legal Overview of the Data Protection Act 2017 By: Mrs D. Madhub Data Protection Commissioner 06.02.2018 Overview The Data Protection Act 2017 Aim of the Act Major changes brought in the new Act Key
More informationthe Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States
Agreement between the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States on the Transfer of Certain Personal Data The Public
More informationCOMP Article 1. Article 1 Subject matter and objectives
Proposal for a directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention,
More informationSCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16
DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 Part 1 General Rules on the Processing of Personal Data... 1 Part 2 Rights of Data Subjects... 7 Part 3 Notifications to the Registrar...
More informationTHE DATA PROTECTION PRINCIPLES
DATA PROTECTION (JERSEY) LAW 2005 THE DATA PROTECTION PRINCIPLES GD1 DATA PROTECTION (JERSEY) LAW 2005 THE DATA PROTECTION PRINCIPLES Introduction 1 The Data Protection Principles 2 First Principle 3
More informationFreedom of Information Policy
Audience Named person responsible for monitoring Freedom of Information Policy All Staff & Governors Head Agreed by Personnel Committee June 2015 Agreed by Governing Body July 2015 Date to be Reviewed
More informationDATA PROTECTION (JERSEY) LAW 2018
Data Protection (Jersey) Law 2018 Arrangement DATA PROTECTION (JERSEY) LAW 2018 Arrangement Article PART 1 7 INTRODUCTORY 7 1 Interpretation... 7 2 Personal data and data subject... 12 3 Pseudonymization...
More informationData Protection Policy
Data Protection Policy The school collects and uses certain types of personal information about staff, pupils, parents and other individuals who come into contact with the school in order provide education
More informationFreedom of Information and Members correspondence with Public Authorities
Freedom of Information and Members correspondence with Public Authorities Background 1. Some Members have expressed concern about the treatment, under the provisions of the Freedom of Information Act 2000
More informationINVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE
INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC CODE OF PRACTICE Preliminary draft code: This document is circulated by the Home Office in advance of enactment of the RIP Bill as an indication
More informationStaff Data Protection Policy
Staff Data Protection Policy Version: 9.0 Approval Status: Approved Document Owner: Graham Feek Classification: External Review Date: 02/11/2016 Effective from: 1 July 2015 Table of Contents 1. The Data
More informationASSEMBLEIA DA REPÚBLICA [PORTUGUESE PARLIAMENT]
ok Search Rua de São Bento n.º 148-3º 1200-821 Lisboa - Tel: +351 213928400 - Fax: +351 213976832 - e-mail: geral@cnpd.pt ASSEMBLEIA DA REPÚBLICA [PORTUGUESE PARLIAMENT] Act 67/98 of 26 October Act on
More informationBrussels, 16 May 2006 (Case ) 1. Procedure
Opinion on the notification for prior checking received from the Data Protection Officer (DPO) of the Council of the European Union regarding the "Decision on the conduct of and procedure for administrative
More informationFreedom of Information Act Policy
Freedom of Information Act Policy Revision Revision Date Owner Reference Comment 00 9 June 2011 Head of Library EXEC-POL-001 Format & Revised Revision 00 Page 1 Change Ref. Policy and Procedures Contents
More informationDecision 156/2011 Mr Ralph Lucas and the University of Glasgow
Information relating to graduating students Reference No: 201000572 Decision Date: 8 August 2011 Kevin Dunion Scottish Information Commissioner Kinburn Castle Doubledykes Road St Andrews KY16 9DS Tel:
More informationCCTV Code of Practice
CCTV Code of Practice Belfast Trust CCTV Code of Practice Introduction Closed Circuit Television (CCTV) systems are in place across the Belfast trust. These systems comprise of cameras installed at strategic
More informationFreedom of Information Act 2000 (Section 50) Decision Notice
Freedom of Information Act 2000 (Section 50) Decision Notice Date: 9 December 2010 Public Authority: Middlesbrough Council Address: PO Box 99 Town Hall Middlesbrough TS1 2QQ Summary The complainant requested
More informationQueensland FREEDOM OF INFORMATION ACT 1992
Queensland FREEDOM OF INFORMATION ACT 1992 Act No. 42 of 1992 Queensland FREEDOM OF INFORMATION ACT 1992 Section TABLE OF PROVISIONS PART 1 PRELIMINARY Division 1 Introductory Page 1 Short title.....................................................
More informationClare County Council Data Access Requests Policy
Clare County Council Data Access Requests Policy Data Subject A Data Subject is the individual who is the subject of the personal data. Only a Data Subject is entitled to make a Data Access Request. Section
More informationData Protection Policy and Procedure
Data Protection Policy and Procedure Reference No. P09:2007 Implementation date 12022008 Version Number Version 2.0 Reference No: Name. Linked documents Policy Section Procedure Section Yes Yes Suitable
More informationDecision 106/2012 Dr Nick McKerrell and Glasgow Caledonian University
Payment made for marking of exam scripts Reference No: 201102331 Decision Date: 29 June 2012 Rosemary Agnew Scottish Information Commissioner Kinburn Castle Doubledykes Road St Andrews KY16 9DS Tel: 01334
More informationFREEDOM OF INFORMATION POLICY
FREEDOM OF INFORMATION POLICY Approved: October 2014 Review due: October 2017 FREEDOM OF INFORMATION POLICY 1. Introduction The Southfield Grange Trust is committed to the Freedom of Information Act (FoI)
More informationEUROPEAN PARLIAMENT COMMITTEE ON CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS
EUROPEAN PARLIAMENT COMMITTEE ON CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS Data Protection in a : Future EU-US international agreement on the protection of personal data when transferred and processed
More informationTHE PIGGOTT SCHOOL FREEDOM OF INFORMATION POLICY AND GUIDANCE
THE PIGGOTT SCHOOL...to be a school which inspires and encourages the highest achievement FREEDOM OF INFORMATION POLICY AND GUIDANCE Date last reviewed: Summer term 2017 Responsibility: Headteacher and
More informationData Protection. Guidance for Schools
Data Protection Guidance for Schools Please Note: This booklet is intended to act as a general guide for school staff to follow when dealing with personal information during their daily work. It is not
More informationHow we use Personal Information
How we use Personal Information Introduction This document explains how Essex Police obtains, holds, uses and discloses information about people - their personal information 1 -, the steps we take to ensure
More informationFREEDOM OF INFORMATION ACT 2000 SUMMARY GUIDANCE
FREEDOM OF INFORMATION ACT 2000 SUMMARY GUIDANCE This guidance is a short and succinct summary of what you need to know and do about the Freedom of Information Act 2000 (FOIA). This guidance is no substitute
More informationPurpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2
Document Information Summary Partners ISA Ref: As Part 1 An agreement to formalise the information sharing arrangements for the purpose of specific Information sharing pursuant to Crime and Disorder reduction
More informationProfessional Issues. Data Protec1on (Bo4, Ch 13)
Professional Issues Data Protec1on (Bo4, Ch 13) Overview Overview of the 1998 Data Protec1on Act (DPA) Defini1ons Changes since 1984 Act Sensi1ve Personal Data & Consent The eight principles Freedom of
More informationDECISION no. 52 of 31 st May 2012 on the processing of personal data using video surveillance means
DECISION no. 52 of 31 st May 2012 on the processing of personal data using video surveillance means In order to ensure an efficient protection of the fundamental rights and liberties of natural persons,
More informationFreedom of Information Policy, Procedures and Requests
Freedom of Information Policy, Procedures and Requests Last reviewed: February 2017 This document applies to all academies and operations of the Vale Academy Trust. The following related document(s) can
More informationTHE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum
THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum The object of this Bill is to repeal the Data Protection Act and replace it by a new and more appropriate legislation which will strengthen
More informationDATA PROTECTION POLICY STATUTORY
DATA PROTECTION POLICY MAIDEN ERLEGH TRUST STATUTORY INITIAL APPROVAL July 2017 REVIEW FREQUENCY At least every two years REVIEWED CONTENTS PART ONE: POLICY STATEMENT & OBJECTIVES PART TWO: STATUS OF THE
More informationA closed circuit television system is used at the Memorial Hall by the Parish Council.
BREADSALL PARISH COUNCIL CCTV CODE OF PRACTICE A closed circuit television system is used at the Memorial Hall by the Parish Council. The safety of residents using the car park and visitors to the buildings
More informationData Protection Act 1998
Data Protection Act 1998 1998 CHAPTER 29 ARRANGEMENT OF SECTIONS Part I Preliminary 1. Basic interpretative provisions. 2. Sensitive personal data. 3. The special purposes. 4. The data protection principles.
More informationDecision 254/2013 Mr Peter Mortimer and Glasgow City Council
Expenses claimed Reference No: 201301871 Decision Date: 14 November 2013 Rosemary Agnew Scottish Information Commissioner Kinburn Castle Doubledykes Road St Andrews KY16 9DS Tel: 01334 464610 Summary On
More informationForce Communications Centre
Force Communications Centre Welfare Checks Policy Version Version 1.1 Policy Version Date 05 April 2018 Policy Review Date 1 st October 2018 Policy Ownership Head of FCC Portfolio Holder Assistant Chief
More informationData Protection Bill [HL]
[AS AMENDED IN COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE AND DEFINITIONS 3 Processing to which this
More informationApplicant: Ms Suzi Eskandari Authority: Scottish Children s Reporter Administration Case No: and Decision Date: 31 October 2007
Decision 205/2007 Ms Suzi Eskandari and the Scottish Children s Reporter Administration Requests for a copy of documents associated with a Children s Panel Hearing Applicant: Ms Suzi Eskandari Authority:
More informationHow we use Personal Information
How we use Personal Information Introduction This document explains how British Transport Police obtains, holds, uses and discloses information about people - their personal information 1 -, the steps
More informationDATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6
DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 2 DATA PROTECTION (JERSEY) LAW 2005: CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV PART 1: CODE OF PRACTICE Introduction
More informationNumber 5 of Vehicle Registration Data (Automated Searching and Exchange) Act 2018
Number 5 of 2018 Vehicle Registration Data Number 5 of 2018 VEHICLE REGISTRATION DATA (AUTOMATED SEARCHING AND EXCHANGE) ACT 2018 Section 1. Interpretation CONTENTS 2. National contact point in State
More informationPROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013
PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013 [ASSENTED TO 19 NOVEMBER, 2013] [DATE OF COMMENCEMENT TO BE PROCLAIMED] (Unless otherwise indicated) (The English text signed by the President) This
More informationThe installation of CCTV can provide information on activities at the Water,
ST CHAD S WATER LNR CCTV CODE OF PRACTICE St Chad s Fishing Club A closed circuit television system is used at St Chad s Water LNR, Church Wilne (known in the Code as the Water) by the St Chad s Fishing
More informationCode of Practice on the discharge of the obligations of public authorities under the Environmental Information Regulations 2004 (SI 2004 No.
Code of Practice on the discharge of the obligations of public authorities under the Environmental Information Regulations 2004 (SI 2004 No. 3391) Issued under Regulation 16 of the Regulations, Foreword
More informationb) How many outstanding arrest warrants does Suffolk Constabulary currently have?
Freedom of Information Request Reference N o : FOI 004789-17 I write in connection with your request for information received by Suffolk Constabulary on the 2 May 2017 in which you sought access to the
More informationSUBJECT ACCESS REQUEST
DATA PROTECTION ACT 1998 SUBJECT ACCESS REQUEST Procedure Manual Page 1 of 22 Invest NI 1. Introduction 1.1 What is a Subject Access Request? 1.2 Routine Requests 1.3 What is an individual entitled to?
More informationDecision 070/2005 Ms R and the Scottish Tourist Board (operating as VisitScotland)
Decision 070/2005 Ms R and the Scottish Tourist Board (operating as VisitScotland) Request for the response to a complaint made Applicant: Ms R Authority: Scottish Tourist Board (operating as VisitScotland)
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 02072/07/EN WP 141 Opinion 8/2007 on the level of protection of personal data in Jersey Adopted on 9 October 2007 This Working Party was set up under Article 29
More informationPROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY
PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Object of this Law. 2. Application. 3. Extent. 4. Exception for personal, family
More informationData protection and journalism: a guide for the media
Data protection Data protection and journalism Data protection and journalism: a guide for the media Contents * About this guide 3 2 Technical guidance 18 1 Practical guidance 6 Data protection basics
More informationAPPENDIX. 1. The Equipment Interference Regime which is relevant to the activities of GCHQ principally derives from the following statutes:
APPENDIX THE EQUIPMENT INTERFERENCE REGIME 1. The Equipment Interference Regime which is relevant to the activities of GCHQ principally derives from the following statutes: (a) (b) (c) (d) the Intelligence
More informationCCTV CODE OF PRACTICE
EDINBURGH NAPIER UNIVERSITY CCTV CODE OF PRACTICE Introduction The monitoring, recording, holding and processing of images of identifiable individuals constitutes personal data as defined by the Data Protection
More informationData Protection. Standard Operating Procedure
Data Protection Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised as
More informationCHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PART II
CHAPTER [INSERT] DATA PROTECTION BILL Acts [insert] ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Short Title 2. Interpretation 3. Scope of Application PART II DATA PROTECTION AUTHORITY 4. Establishment
More informationChildren and Young People (Information Sharing) (Scotland) Bill. Response to the call for evidence. Alistair Sloan
Children and Young People (Information Sharing) (Scotland) Bill Response to the call for evidence by Alistair Sloan Introduction [1] This is a formal response to the call for evidence by the Education
More informationData Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink
Between And The National Message Broker Service known as Healthlink THIS AGREEMENT is dated and made between: (1) , which has its principle administrative
More informationDecision 076/ Mr David Laing and the Chief Constable of Fife Constabulary
Decision 076/2005 - Mr David Laing and the Chief Constable of Fife Constabulary Information relating to a road traffic accident Applicant: Mr David Laing Authority: The Chief Constable of Fife Constabulary
More information