Data Protection Policy

Similar documents
Great Leighs Primary School. Data Protection and Freedom of Information Policy. Adopted: April Review Date: April 2018.

St. Paul s C of E Primary School

Data Protection Policy. Revisions and Editions Log

Data Protection Policy

Data Protection Policy

Statutory Policy No 7 DATA PROTECTION POLICY

Data Protection Policy

Information Management Unit. Data Protection Policy for Schools BURNT TREE PRIMARY SCHOOL. Date Issued: September 30th 2015

SCHEDULE Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

Data Protection Policy

Data Protection Act 1998 Policy

Subject Access Request Procedure

DATA PROTECTION POLICY STATUTORY

Data Protection Policy

European College of Business and Management Data Protection Policy

Charities & Not-for-Profits Overview of Data Protection Law

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998

DATA SHARING AND PROCESSING

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016

Schools Subject Access Request Procedures

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2

BACKGROUND INFORMATION

The installation of CCTV can provide information on activities at the Water,

Park View Primary School

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

THE DATA PROTECTION PRINCIPLES

FREEDOM OF INFORMATION POLICY

A closed circuit television system is used at the Memorial Hall by the Parish Council.

Data Protection. Policy & Procedure. Greater Manchester Police

The Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017

CCTV CODE OF PRACTICE

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

The Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight

Data Protection REFERENCE NUMBER. IMPLEMENTATION DATE June 2014 NEXT REVIEW DATE: September 2020 RISK RATING

INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

Data Protection. Guidance for Schools

Access to Personal Information Procedure

OFFICE OF THE POLICE AND CRIME COMMISSIONER FREEDOM OF INFORMATION ACT 2000 PUBLICATION SCHEME

Staff Data Protection Policy

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

ASSOCIATION OF PROFESSIONAL ENGINEERS AND GEOSCIENTISTS OF BRITISH COLUMBIA,

Freedom of Information Act Policy

Privacy. Purpose. Scope. Policy. Appendix A

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6

SUBJECT ACCESS REQUEST

Hampshire County Council. Code of Conduct (2006) for Issuing Penalty Notices in Respect of Unauthorised Absence from Schools (update 2013)

Criminal Records Checks

Practical Guidance on the sharing of information and information governance for all NHS organisations specifically for Prevent and the Channel process

Exhibit MC - Standard Contractual Clauses (processors)

Decision 192/2006 Mr David Sharpe and the Chief Constable of Strathclyde Police

CCTV Code of Practice

Beaufort Primary School and Beaufort Nursery

Saturday, 7 November 15

CSCU9Q5. Data Protection and Freedom of Information Acts

- and - OPINION. Reasons

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

Freedom of Information Policy

Ashton St. Peter s Church of England Voluntary Aided Primary School. Complaints Procedure Policy

DBS and Safeguarding Policy

Data Protection Policy and Procedure

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

Child Protection Legislation Amendment (Children s Guardian) Act 2013 No 31

Office of the Chief Electoral Officer

Annex - Summary of GDPR derogations in the Data Protection Bill

OTrack Data Processing Terms

Federal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions

General Data Protection Regulation

Merrydale Infant School Freedom of Information Act

Name: Address: Phone no: Nature of Business:

MINISTRY OF COMMUNICATIONS AND INFORMATION TECHNOLOGY (Department of Information Technology) NOTIFICATION New Delhi, the 11th April, 2011

WHISTLE BLOWING POLICY

Freedom of Information Act 2000 (Section 50) Decision Notice

Fairfield Primary School. Complaints Procedures

THE PIGGOTT SCHOOL FREEDOM OF INFORMATION POLICY AND GUIDANCE

Terms of Business

Data Access Agreement

PRIVACY MANAGEMENT PLAN

Statutory Frameworks. Safeguarding and Prevent. 1. Safeguarding

Green Freight Asia Privacy Policy

Human Resources People and Organisational Development. Disclosure and Barring Service (DBS) Checks Guidelines for Managers and Employees

Customer Data Annual Privacy Agreement

University of Wollongong

Decision 019/2011 Mr Allan Clark and Glasgow City Council. Names and addresses of Glasgow s Community Councillors

Data Protection Bill [HL]

SCHOOL POLICY Safeguarding, Disclosure and Barring Policy

Official Gazette No. 55 issued on 8 May Data Protection Act. of 14 March 2002

2.16 Freedom of Information and Protection of Privacy Act

the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

Reporting Obligations 2. Recorded online. September /10/2017 ACCA Ireland ACCA

Decision Notice. Decision 083/2018: Ms L and Edinburgh College

Child sex offenders disclosure scheme (CSODS)

Yr Adran Plant, Addysg, Dysgu Gydol Oes a Sgiliau Department for Children, Education, Lifelong Learning and Skills

DocuSign Envelope ID: 93578C7C-0B BEE9-0536AB6EDE32

16 March Purpose & Introduction

JSE DATA AGREEMENT (JDA) GENERAL TERMS AND CONDITIONS

Policy To Protect Personal Information

DATA PROTECTION AND FREEDOM OF INFORMATION POLICY

Transcription:

Data Protection Policy

The school collects and uses certain types of personal information about staff, pupils, parents and other individuals who come into contact with the school in order provide education and associated functions. In addition, it may be required by law to collect and use certain types of information to comply with statutory obligations of Local Education Authorities (LEAs), government agencies and other bodies. This policy is intended to ensure that personal information must be dealt with properly and securely and in accordance with the Data Protection Act 1998 and other related legislation. It will apply to information regardless of the way it is used, recorded and stored and whether it is held in paper files or electronically. Data Protection Principles The Eight Data Protection Principles as laid down in the 1998 Data Protection Act must be followed at all times: 1. Data must be processed fairly and lawfully. 2. Personal data shall be obtained only for one or more specific and lawful purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed. 4. Personal data shall be accurate and where necessary kept up to date. 5. Personal data processed for any purpose(s) shall not be kept for longer than is necessary for that purpose. 6. Personal data shall be processed in accordance with the rights of data subjects under the 1998 Data Protection Act. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. 8. Personal data shall not be transferred to a country outside the EEA, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. The school is committed to maintaining those principles at all times. This means the school will: check the quality and accuracy of the information we hold and apply our records management policies and procedures to ensure that information is not held longer than is necessary

ensure that when information is authorised for disposal it is done appropriately ensure appropriate security measures to safeguard personal information whether that is held in paper files or on our computer system share personal information with others when it is necessary and legally appropriate to do so set out clear procedures for responding to requests for access to personal information known as subject access in the Data Protection Act see appendix train our staff so that they are aware of our policies and procedures This policy will be updated as necessary to reflect best practice or amendments made to the Data Protection Act 1998. Complaints Complaints under this policy should be made to the Chairperson of the Governing Body who will decide if it is appropriate for the complaint to be dealt with under the complaints procedure. Complaints which are not dealt with under the school s complaint procedure should be forwarded in writing to the Information Commissioner. It is likely that complaints about procedural issues, due process and timeliness will be dealt with by the Governing Body, complaints that involve consideration of personal data or sensitive personal data should be referred to the Information Commissioner. Contacts If you have any concerns or questions in relation to this policy please contact the Headteacher who will also act as the contact point for any requests under the Data Protection Act. For advice and assistance please contact Data Protections and Freedom of Information officer, Stockport Council 0161-474 4299 Further advice and information, including a full list of exemptions, is available from the Information Commission: www.informationcommissioner.gov.uk 01625 545 700.

Appendix 1 REDDISH VALE HIGH SCHOOL Procedures for Responding to Requests for Personal Information in Accordance with the Data Protection Act (1998) Anybody who makes a request to see their file or their child s file or other personal data held on them is making a request under the Data Protection Act 1998. All information relating to the child including that held in day books, diaries and on electronic systems and email should be considered for disclosure. There is a statutory exception to the above, where parents do have an automatic right to access defined materials under The Education (School Records) Regulations 1989. The school will observe these statutory rights. If there is a current court order which relates to information regarding any child, that order must, regardless of other circumstances, be observed. Dealing with a Data Protection Request 1. A request under the Data Protection Act must be made in writing. 2. In many cases a letter to the Headteacher will be sufficient to identify the information required. If you cannot identify the information required from the initial request you can go back to the applicant to ask for more information. 3. The Headteacher must be confident of the identity of the individual making the request. This could be done by checking signatures against verified signatures on file or by asking the applicant to produce valid identification, such as a passport or photo-driving license. These checks should be done in addition to proof of relationship with the child. 4. An individual only has the automatic right to access information about themselves; requests from family members, carers or parents of a minor will have to be considered. The Headteacher will have responsibility for ensuring the child s welfare is appropriately considered in deciding whether to comply with a request. Normally the requester will have to prove both their relationship with the child and that disclosure is in the child s best interests to the satisfaction of the Headteacher. In the event of a child having sufficient capacity to understand (normally age 12 or above) the Headteacher should discuss the request with the child and take their views into account when making a decision. There may be circumstance in which a child can refuse their consent to a request. 5. The school may charge a statutory fee, currently calculated on a sliding scale, but only if a permanent copy of the information is provided. If a letter is sent out requesting a fee the 40-calendar day statutory timescale does not begin until the fee is received. It is important though that no request is delayed unnecessarily by time taken to inform the applicant of a fee.

6. The school will make use of exemptions under the Act as appropriate. All files must be reviewed before any disclosure takes place. Under no circumstance will access be granted immediately or before this review process has taken place. 7. Where information has been provided to the School by a third party, for example by the local authority, the police, a health care professional or another school, but is held on the school s file it is normal to seek the consent of the third party before disclosing information. This must be done early in the process in order to stay within the 40-day timescale. Even if the third party does not consent or consent is explicitly not given the data may be disclosed. In these cases it may be appropriate to seek additional advice. 8. The applicant should be told the data that the school holds, be given a copy of the data, be told the purposes for which it is processed and whether it has been shared with any other party. It is good practice to explain whether data has been withheld and if so why. There may be circumstances where this is not appropriate, the Headteacher should at all times consider the welfare of the child. The school should also give details of who to contact in the event of a complaint and the details of the Information Commission who can provide independent information. 9. Where all the data in a document cannot be disclosed a permanent copy should be made and the data obscured or parts of the data can be retyped if this is more sensible. In any event a copy of the full document (before obscuring) and the altered document should be retained together with the reason why the document was altered. This is so, that in the event of a complaint, there is an audit trail of what was done and why. 10. Information can be provided by post (registered mail) or on deposit at the school with an officer available to help the applicant. If the latter is used th applicant must have access to a photocopier in case they want a permanent copy of their data. In considering the method of delivery the views of the applicant should be taken into account. Any codes, technical terms or abbreviations should be explained. Any data which is difficult to read or illegible should be retyped. 11. Schools should monitor the number of requests received and document whether they are dealt with within the 40-calendar day statutory timescale. 12. The Act applies only to living individuals. Review Date Summer Term 2017

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback