Data Protection/ Information Security Policy
|
|
- Madeleine Johns
- 6 years ago
- Views:
Transcription
1 Data Protection/ Information Security Policy Date Policy Reviewed 27 th April 2016 Date Passed to Governors: 27 th April 2016 Approved by Governors: 7 th June 2016 Date of Next Review: June 2018
2 Data Protection Policy Statement The Longfield Academy Trust is committed to the eight principles of the Data Protection Act 1998: 1) Personal data shall be processed fairly and lawfully 2) Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes 3) Personal data shall be adequate, relevant and not excessive 4) Personal data shall be accurate and, where necessary, kept up to date 5) Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes 6) Personal data shall be processed in accordance with the rights of data subjects under this Act 7) Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data 8) Personal data shall be not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. This statement represents the response of the Governing Body to its duties under the Data Protection Act Our Commitment Aims The Longfield Academy Trust will implement the requirements of the Data Protection Act 1998 and any subsequent amendments or regulations on protecting data, and the academy s controls and procedures will ensure integrity and security of data. The Longfield Academy Trust will maintain a Data Protection register entry with the Information Commissioner, and ensure that all personal data obtained, held, used or disclosed conforms to the details recorded within that registration. In addition The Longfield Academy Trust will ensure that: 1) A member of the senior management team has overall responsibility for the implementation of Data Protection. This is currently the Finance Director. 2) Staff are aware of their responsibilities under the Data Protection Act. 3) Staff are trained and supported to deal effectively with the requirements of the Act, including the need to deal with subject access requests, in whole or in part, in accordance with the Act.
3 4) The requirements of the Act are considered in decision making processes, such as the development of policy and procedures and the design and the implementation of information systems. 5) The operations of the organisation are developed to meet the highest standards of openness and accountability. Scope of the Policy The policy statement of commitment and the ensuing controls and procedures arising from the policy are applicable to all members of the Academy, including pupils. Those with responsibility for handling or processing information are particularly affected. Monitoring The Finance Director has responsibility for maintaining a register of all requests made for information under the Data Protection Act that do not fall within the remit of the Data Protection Registration with the Information Commissioner, and the action taken on each application. It will identify reoccurring requests for the same or similar information and provide information for the reviews of the Data Protection Registration. The Longfield Academy Trust will register all complaints received about its Data Protection arrangements and will ensure learning points that arise from such complaints are used to improve related policies, procedures and guidance. The Finance Director will annually review this policy and its associated procedures and arrangements to ensure it remains up to date, effective and takes account of emerging good practice. Where new legal directions come into force, the policy will be reviewed in line with the commencement of that legislation. The Academy Data Controller, (The Trust s Finance Director) will ensure that the Academy s Data Protection Registration is renewed, reviewed and, where necessary, updated annually. The Business Committee will receive an annual report on the Academy s Information Policies that will include a report on the review of the Data Protection Policy. The controls and procedures may also be subject to review by the Academy auditors who would make recommendations on the basis of their findings. Arrangements and procedures that may be affected by changes in legislation will be reviewed as necessary. Significant changes in arrangements or procedures arising from these will be notified to Governors.
4 Criteria for monitoring The Policy and associated procedures and arrangements will be monitored within the context of legislation, including: 1) Data Protection 2) Computer Misuse 3) Human Rights 4) Equal Opportunities 5) Telecommunications 6) Health & Safety Requests and charges Requests for information can be made under the Freedom of Information Act or a Subject Access Request. Requests should be made in writing by letter or to the Academy, either to a named member of staff or role title, or to the Finance Director: Andrew Collishaw Longfield Academy Trust Longfield Road Darlington DL3 0HT Proof of identity (normally a driving licence, passport or utility bill or corporate identification in the case of organisations) will be required before the request can be met. The request will be dealt with within the required response time of 40 calendar days, subject to any extensions as stated within the Data Protection Act. If the request is too general the Academy will offer advice and assistance to determine the information required. The Academy does not have the right to ask why information is being sought, but the information can be volunteered to assist the Academy in meeting the request. The Academy s Charging and Remission Policy details the current costs charged for retrieval of information. Review and appeal If an applicant is dissatisfied with the handling of a request, they have the right to ask for an internal review. Internal review requests should be submitted no later than 40 working days after the date on which the applicant believes that the academy has failed to comply with the requirement, and should be addressed to:-
5 The Headteacher: Susan Johnson Longfield Academy Trust Longfield Road Darlington DL3 0HT If you are not content with the outcome of the internal review, an applicant has the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: Information Commissioner s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Making a request (Academy staff) No member of the Academy staff whilst acting within their respective role should make a request under the Data Protection Act 1998 without first receiving the authorisation of a member of the senior management team. Specific Data Protection Act Guidance Photos The Data Protection Act is unlikely to apply in many cases where photographs are taken in school. Fear of breaching the provisions of the Data Protection Act will not be wrongly used to stop people taking photographs or videos which provide many with much pleasure. Where the Data Protection Act does apply, a common sense approach suggests that if the photographer asks for permission to take a photograph, this will usually be enough to ensure compliance. Photos taken for official school use may be covered by the Data Protection Act and pupils and students will be advised why they are being taken. Photographs/videos should be stored securely and access should be restricted. At no time should access to photographs be open to other pupils or parents. Biometrics The Longfield Academy Trust does hold any biometric data relating to pupils or staff. This data is always stored securely.
6 Bring Your Own Device Bring your own device raises a number of data protection concerns due to the fact that the device is owned by the user rather than the data controller. It is crucial that the school ensures that all processing for personal data which is under his control remains in compliance with the Data Protection Act. Currently Bring Your Own Devices does not happen within the curriculum within the Trust. Cloud Computing The Longfield Academy Trust, as data controller, has a responsibility to ensure that the processing carried out by their cloud service provider complies with the Data Protection Act. The Trust will ensure that a contract and a data processing agreement in place. Data confidentiality When choosing a cloud service provider the Trust will select a data processor providing sufficient guarantees about the technical and organisational security measures governing the processing to be carried out, and will take reasonable steps to ensure compliance with those measures. Service availability Service availability means ensuring timely and reliable access to personal data. One threat to availability in the cloud which is often outside the responsibility of the cloud service provider is the accidental loss of network connectivity between the client and the service provider. The school as data controllers will therefore check whether they have adopted reasonable measures to cope with the risk of disruptions such as backup internet network links. The school will assess the level of risk and whether the school is prepared to accept that risk. Data transfers beyond the European Economic Area (EEA) The school understands that cloud service being provided by companies outside of the EEA may not have to comply with such tight data protection protocols. The Longfield Academy Trust will therefore only choose a cloud based supplier which confirms that the data is stored within the EEA. Payment Card Information The Longfield Academy Trust does currently receive debit/credit card payments and also via SIMS Agora/Parentmail. Sims Agora/Parentmail complies with the Payment Card Industry Data Security Standard. (PCI DSS). SIMS Agora/Parentmail has the appropriate firewalls to protect cardholder data, and also anti-virus software. Access to SIMS Agora is via a series of system passwords. When credit/debit card
7 information is received the receipts of the payments are stored securely with cardholders information encrypted. Information Security Employee Responsibilities Employees are responsible for:- 1) Ensuring any information they provide to The Longfield Academy Trust in connection with their employment is accurate and up to date. 2) Informing the Academy of any changes to information they have previously provided e.g. changes of address. 3) Checking the information that the Academy will send out from time to time giving details of information held and processed. 4) Informing the Academy of any errors or changes. If and when employees as part of their responsibilities collect, access and process information for employment records they must comply with the Guidelines for Data Protection. Line Managers are responsible for ensuring all employees they supervise are aware of their responsibilities under the Data Protection Act. The Academy will review annually the personal data held in respect of individual employees and will send a copy to employees to ensure it is accurate and up to date. Data Security Personal information (pupils, employees, commercial or any other information) should be kept in a locked filing cabinet or securely on the schools network. Information of this nature should not be stored on memory sticks. All employees are responsible for ensuring that:- 1) Any data which they have is kept secure particularly if taking data off site on laptop computers, tablets or files. If mobile devices are taken off site, they should never be left in a car overnight. A password must be in place for the device. The same precedent applies if personal data is stored on employees own devices. 2) At all times take care to ensure the safe keeping of personal data, minimising the risk of its loss or misuse. 3) Ensure any document containing personal data is password protected. 4) Personal information is not disclosed either orally or in writing deliberately or accidentally or otherwise to any unauthorised third party. 5) No personal information is given to unknown third parties over the telephone. The sharing of personal data is required as detailed elsewhere in the
8 document. If there are any doubts regarding the validity of the third party requesting the data requests should be replied to writing. 6) Use personal data only on secure password protected computers and other devices, ensuring that they are properly logged-off at the end of any session in which they are using personal data. 7) If school equipment is to be used by anyone other than the member of staff responsible for it that user must have a separate account set up by the ICT Support Department. The laptop must remain in the users possession at all times. 8) Equipment is insured whilst in school premises or the registered user s home. Whilst in transit it is only covered if it is in the possession of the user. If the equipment is in a situation where it is not covered by insurance, users are responsible for organising their own insurance. Any damage not covered by insurance could be charged to the individual. 9) If staff receives work s on their mobile phone as a minimum a 4 digit passcode must be used on the device. If there is a data breach employees must notify their Headteacher and the Longfield Academy Trust s Finance Director immediately. Major data breaches could be reportable to the Information Commissioners Office, within 24 hours. Therefore it is important that any data breaches are disclosed as a matter of urgency. The Headteacher in conjunction with the Finance Director will review the circumstances of the data breach and decide whether this breach warrants disclosure and any corrective action which may be required. Employees should note that unauthorised disclosure will usually be a disciplinary matter and may be considered gross misconduct in some cases. It may also result in a personal liability for the individual employee. Data Sharing The Longfield Academy Trust, Local Authority and the Department of Education, hold information on pupils in order to run the education system. In doing so the Academy has to follow the Data Protection Act, Data help about pupils has to be used for specific purposes, allowed by law. The Academy holds information about staff in its employment records in order to perform key tasks e.g. recruitment, performance monitoring, recording absence and health & safety matters. The Academy has to comply with the Data Protection Act, 1998 to ensure it is collected and used fairly, stored safety and not disclosed to other persons unlawfully. Pupil Data The Academy holds information on pupils in order to support their teaching and learning, to monitor and report on their progress, to provide appropriate pastoral care, and to assess how well the Academy as a whole is doing. This information
9 includes contact details, National Curriculum assessment results, attendance information, and characteristics such as ethnic group, special educational needs and any relevant medical information. From time to time we are required to pass on some of this data to the Local Authority (LA), to another school, Academy, College to which the pupil is transferring, to the Department of Education, and to the Standards and Testing Agency/Teaching Agency. The local Authority uses information about pupils to carry out specific functions for which it is responsible, such as the assessment of any special educational needs the pupil may have. As with the Department of Education, it may also use the information to derive statistics to inform decision on (for example) the funding of Academies, and to assess the performance of Academies and set targets for them. The statistics are used in such a way that individual pupils cannot be identified from them. The Standards and Testing Agency/Teaching Agency uses information about pupils to administer the National Curriculum tests and assessment. The results of these are passed on to Department of Education in order for it to compile statistics on trends and patterns in levels of achievement. The Standards and Testing Agency/Teaching Agency uses the information to evaluate the effectiveness of the National Curriculum and the associated assessment arrangements, and to ensure that these are continually improved. The Department for Education uses information about pupils for statistical purposes, to evaluate and develop Education Policy and to monitor the performance of the education service as a whole. The statistics are used in such a way that individual pupils cannot be identified from them. On occasions, information may be shared with other Government departments or agencies strictly for statistical or research purposes only. Pupils, as data subjects, have certain rights under the Data Protection Act, including a general right of access to personal data held on them, with parents exercising this right on their behalf if they are too young to do so themselves. If a pupil wishes to access their personal data, or a parent wishes to do so, on their behalf, they can contact the Academy in writing: Please note that all rights under the Data Protection Act to do with information about pupils rest with them as soon as they are old enough to understand these rights. This will vary from one child to another and you will wish to consider the position for your child, but, as a broad guide, it is reckoned that most children will have a sufficient understanding by the age of 12. Separately from the Data Protection Act, Department of Education regulations provide a pupil s parent (regardless of the age of the pupil) with the right to view, or
10 to have a copy of, their child s educational record at the Academy. If a parent wishes to exercise this right they should write to the Academy. Retention of Data Personal information should not be retained on the employment record for any longer than is necessary for the purpose required but equally it should not be discarded if doing so renders the record inadequate. Retention Timescales Application Form 6 years from end of employment References received 6 years from end of employment Payroll and Tax information 6 years from end of employment Annual Leave record 2 years Unpaid/Special Leave record 6 years from end of employment Sickness records 6 years from end of employment Annual Appraisal record 6 years from end of employment Records relating to promotion, training 6 years from end of employment Disciplinary record 6 years from end of employment References given 6 years from date reference provided Summary Record of Service E.g. Name, post(s) held dates of 10 years from end of employment Accident record at work 15 years Injury at work record 15 years. Core financial records 6 financial years + current. These timescales can be extended where there is a justified business reason for doing so not merely that it might be useful to hold such documentation. Application forms and other associated documentation within the Code of Practice for Recruitment and Selection of unsuccessful candidates for jobs should be destroyed after 8 months unless subject to challenge. Date of next review To be reviewed and approved by the Business Committee June 2018.
Data Protection Policy No. E11
Data Protection Policy No. E11 Last Reviewed: May 2015 Next Review: May 2018 1 of 5 Contents 1. Policy Statement... 3 Our Commitment... 3 Aims... 3 The Brunts Academy Data Protection Policy... 4 Scope
More informationDATA PROTECTION POLICY 2016
DATA PROTECTION POLICY 2016 ADOPTED FROM BRADFORD METROPOLITAIN COUNCIL MODEL POLICY AUTUMN 2016 To be agreed by Governors on; 17/10/16 Signed by Chair of Governors: Statutory policy: Yes Frequency of
More informationData Management and Protection Policy
Data Management and Protection Policy Approved by Governor committee: Finance and Audit Date to be reviewed: June 2018 Responsibility of : Director of Finance and Operations Date ratified by Governing
More informationData Protection Policy for the Grimsby Institute of Further & Higher Education
Data Protection Policy for the Grimsby Institute of Further & Higher Education Data Protection Policy Change Control Version: V1.1 New or Replacement: Approved by: Replacement Executive Management Team
More informationSt Mark s Church of England Academy Data Protection Policy
St Mark s Church of England Academy Data Protection Policy 1 Contents Purpose:... Error! Bookmark not defined. Scope:... Error! Bookmark not defined. Procedure:... Error! Bookmark not defined. Definitions:...
More informationData Protection Policy
THE CIPPENHAM SCHOOLS TRUST Data Protection Policy *Date for revision: Summer Term 2018 Responsibility for policy: Responsibility for operational: Trustees Trustees Reviewed by Directors: *subject to any
More informationData Protection Policy
Data Protection Policy (Data Protection Act 1998) (This policy will be updated to incorporate GDPR by May 2018) Page 1 of 9 Data Protection Policy 1 Statement of Policy The Constellation Trust needs to
More informationData Protection Policy
HOLY TRINITY CE (VA) PRIMARY SCHOOL Data Protection Policy Learning and caring together, building a firm foundation for the future. FOUNDED 1865 Date of Last Review: July 2015 Date to be Revisited: July
More informationData Protection Policy & Procedures
Data Protection Policy & Procedures Scope In this document, the terms we, us, our and/or Clear Sky refer to Clear Sky Children s Charity. The term you and/or your refer to all employees of Clear Sky, who
More informationDATA PROTECTION POLICY WINCHESTER CITY COUNCIL. Data Protection Policy
DATA PROTECTION POLICY WINCHESTER CITY COUNCIL Document Title: Author: Fiona Sutherland Revision History Version Revision Date Summary of Change Distribution 1.0 08/03/16 Internet Intranet WINCHESTER CITY
More informationData Protection Policy.
Data Protection Policy. The Leonardo Trust needs to keep certain information on its Employees, Volunteers, Service Users (clients) and Trustees to carry out its day to day operations, to meet its objectives
More informationData Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General
Data Protection Document Detail Type of Document (Stat Policy/Policy/Procedure) Policy Category of Document (Trust HR-Fin-FM-Gen/Academy) General Index reference number Approved 26/04/18 Approved by Trust
More informationData Protection Policy
Policy Current Status Operational Last Review: May 2018 Responsibility for Review: Director of Administration, Contracts and Health Next Review: September 2019 Internal Approval: & Safety SLT Originated:
More informationQueen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE
Queen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE Prepared by: Peter Hawksworth, Headteacher Checked by: Jackie Hesslegrave, Business Manager Adopted by Governors: November 2017 Review
More informationDixons Academies Charitable Trust. Pupils, parents and staff privacy notice
Dixons Academies Charitable Trust Pupils, parents and staff privacy notice Contents: Privacy notice for parents/carers page 3 Privacy notice for pupils.page 7 Privacy notice for staff page 11 1. Privacy
More informationDATA PROTECTION POLICY
Registered Address: Mountdale Gardens, Leigh-on-Sea, Essex SS9 4AW Executive Headteacher: Mrs. J. Mullan Telephone: (01702) 524193 Fax: (01702) 526761 DATA PROTECTION POLICY SEN TRUST SOUTHEND KINGSDOWN
More informationDATA PROTECTION POLICY
Registered Address: Mountdale Gardens, Leigh-on-Sea, Essex SS9 4AW Executive Headteacher: Mrs. J. Mullan Telephone: (01702) 524193 Fax: (01702) 526761 DATA PROTECTION POLICY SEN TRUST SOUTHEND KINGSDOWN
More informationData Protection Policy for Staff DJJK. Apr of 10
Data Protection Policy for Staff DJJK Apr 2018 1 of 10 Review and Amendment Record Date Person Conducting the Review Mar 2018 PMS New Policy, GDPR Apr 2018 DJJK Review Changes Made 2 of 10 1 Introduction
More informationData Protection Policy
Data Protection Policy for The Astor Bannerman Group of Companies Issue Date: 3 rd January 2014 Version: 01 Approval History Name Department Role/Position Date approved Signature James Stuart- Smith Director
More informationSt Laurence s Primary School. Privacy notices GDPR compliant
St Laurence s Primary School Privacy notices GDPR compliant Contents: Privacy notice for parents/carers page 2 Privacy notice for pupils page 7 Privacy notice for staff... page 12 1. Privacy notice for
More informationTHE COURTYARD Privacy Notice Policy
THE COURTYARD Privacy Notice Policy The Courtyard aims to offer an outstanding educational and social provision that will equip our students with the skills and experiences needed to discover and live
More informationRoundwood Primary School. Privacy Notice Parents
Roundwood Primary School Privacy Notice - Parents Name of Policy Privacy Notice Parents Date of adoption April 2018 Date of next review April 2020 Governing Body Committee Responsible Resources Member
More informationData Protection Policy
Data Protection Policy This policy will be reviewed by the Trust Board three yearly or amended if there are any changes in legislation before that time. Date of last review: Autumn 2018 Date of next review:
More informationSt Stephen in Brannel Parish Council PRIVACY NOTICE. For Staff*, Councillors and Role Holders 1 **
St Stephen in Brannel Parish Council PRIVACY NOTICE Mrs Linda Ranger - Clerk and RFO E-mail: clerk@ststepheninbrannel-pc.org.uk www.ststepheninbrannel-pc.org.uk Office 2, Brannel Room 22 Fore Street, St
More informationLittle Gaddesden C. of E. Primary School
PRIVACY NOTICE - PARENTS AND CARERS Approved by Resources Committee 21 May 18 Approved by Governing Body 22 May 18 Review by May 20 Little Gaddesden School collects data and information about parents /
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationHITCHIN GIRLS SCHOOL PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING HITCHIN GIRLS SCHOOL
HITCHIN GIRLS SCHOOL PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING HITCHIN GIRLS SCHOOL Hitchin Girls School collects data and information about parents / carers of our pupils so that we can
More informationData Breach Policy 2018/19
Data Breach Policy 2018/19 Key points of the Data Breach Policy Purpose What to do on becoming aware of a data breach To explain the procedure whenever a data breach occurs. If a member of Staff becomes
More informationDATA PROTECTION POLICY 2018
DATA PROTECTION POLICY 2018 Amesbury Baptist Church is committed to protecting all information that we handle about people we support and work with, and to respecting people s rights around how their information
More informationPRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING: St Luke s School
St Luke s School Policies, Guidance & Procedures PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING: St Luke s School St Luke s School collects data and information about parents / carers of our pupils
More informationSt Michael s CE Primary School Data Protection Policy
St Michael s CE Primary School Data Protection Policy We will prepare the children at St. Michael's school for life, by giving them the opportunity to fulfil their potential within a happy caring Christian
More informationThis personal information must be dealt with properly, with appropriate safeguards in place to ensure the rights and freedoms of data subjects.
BELFAST ROYAL ACADEMY Data Protection Policy Introduction Belfast Royal Academy recognises and accepts its responsibilities as set out in the Data Protection Act 1998. The School will take all reasonable
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY 1. Introduction This policy sets out how The Robert Gordon University shall comply with the requirements of the Data Protection Act 1998 and was created with reference to the JISC
More informationScottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY
Dingwall Baptist Church DATA PROTECTION POLICY Adopted: By Trustees Dingwall Baptist Church May 2018 1 Dingwall Baptist Church is committed to protecting all information that we handle about people we
More informationData Protection Policy
Data Protection Policy Name of Chair: Mr David Mann Name of Headteacher: Mrs Eileen Bissell Name of person Responsible: Mrs Eileen Bissell Adopted and Agreed on: October 2015 Date of Review: October 2018
More informationData Protection Act Policy And Operational Procedures For the Trust, Its Academies, And Essa Nursery
Data Protection Act Policy And Operational Procedures For the Trust, Its Academies, And Essa Nursery Date approved by the Board of Directors: 7 July 2017 Date adopted by Essa Academy Local Governing Body:
More informationData protection (GDPR) policy
Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL
More informationEARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY
EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY Adopted: 5 June 2018 1 Earls Hall Baptist Church is committed to protecting all information that we handle about people we support and work with, and to
More informationData Protection Policy, including Key Procedures
Data Protection Policy, including Key Procedures Revision Number :- 0 Date :- 16 April 2018 Status :- Approved Issue Date :- 22 March 2018 HEADING Aims of this Policy SECTION CONTENT Milton s Cottage Trust
More informationPrivacy notice for the school workforce (all staff) The personal data we hold
In line with new General Data Protection Regulations (GDPR), effective from 25 May 2018, please find below details of the privacy notice for all students in school. Privacy notice for the school workforce
More informationPRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING Greenside School
PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING Greenside School Greenside School collects data and information about parents / carers of our pupils so that we can operate effectively as a school.
More informationData Protection Policy
Data Protection Policy Reviewed by: Reviewed when Resources Committee As required Date written and last reviewed July 2018 Source and date of model policy, if applicable n/a Contents 1. Aims... 2 2. Legislation
More informationThe SENAD Group. Section 5 Data Protection Protocol
The SENAD Group Section 5 Data Protection Protocol Issue: April 2016 Reviewed: April 2016 Next Review: April 2018 Version: 1 Policy Ref: 513.0 Owners: RA/NH Section 5/513.0/V1/APR16/NH/RA Page 1 of 5 SENAD
More informationHOLY TRINITY CE PRIMARY SCHOOL PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS
HOLY TRINITY CE PRIMARY SCHOOL PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS Holy Trinity collects data and information about parents / carers of our pupils so that we can operate effectively as a school.
More informationPRIVACY NOTICE FOR PARENTS/CARERS OF PUPILS ATTENDING WARREN DELL PRIMARY SCHOOL
Warren Dell Primary School PRIVACY NOTICE FOR PARENTS/CARERS OF PUPILS ATTENDING WARREN DELL PRIMARY SCHOOL Warren Dell Primary School collects data and information about parents/carers of our pupils so
More informationDATA PROTECTION POLICY
1. Introduction This policy is intended to provide information about how the School will use (or process ) personal data about individuals including: Current, past and prospective pupils; Parents, carers
More informationParents / Carers of Pupils Attending St Catherine s C of E Primary School Privacy Notice
Parents / Carers of Pupils Attending St Catherine s C of E Primary School Privacy Notice Created 15th May 2018 PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING ST CATHERINE S C OF E PRIMARY SCHOOL
More informationTECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients
TECHNICAL RELEASE TECH 05/14BL Data Protection Handling information provided by clients ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over
More informationCHANNING SCHOOL DATA PROTECTION POLICY
CHANNING SCHOOL DATA PROTECTION POLICY The School may amend/change/update this Policy from time to time. 1. Background Data protection is an important legal compliance issue for Channing School. During
More informationData Protection Policy
Data Protection Policy University of London Data Protection UoL website link: http://www.london.ac.uk/238.html Email: records.managament@london.ac.uk Contents 1 Policy statement... 3 2 Introduction and
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Document Control History Title Data Protection Policy Version no. 1.0 Date of publication May 2018 Author(s) Amanda Cramb, HR Manager Next review date May 2021 Page 1 Introduction
More informationDATA PROTECTION POLICY
Title: Data Protection Policy Ref:CP005 Version:2 Approval Body: Corporation via Audit & Risk Committee Date:24th March 2015 Review Date: 24th March 2018 Lead Person: Director, Institutional Effectiveness
More informationThe Heathland School. Privacy notice for staff
The Heathland School Privacy notice for staff Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this
More informationDATA PROTECTION POLICY
LEEDS BECKETT U NIVERSI T Y DATA PROTECTION POLICY 1. INTRODUCTION 1.1 This policy document explains the framework through which the University ensures compliance with the Data Protection Act 1998 (DPA).
More informationPrivacy notice for the school workforce
Privacy notice for the school workforce Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this right
More informationFreedom of Information policy September 2018
Freedom of Information policy September 2018 Office use Published: May 2018 Updated September 2018 Next review: September 2019 Statutory/non: Statutory Lead: Alison Elway, Company Secretary/Head of Governance
More informationFunctional area. F Hallinan, C Abad, W Andrews Approver (s) Version 001 Effective date 25 May Privacy Notice for Emergency Contacts
The Charter Schools Educational Trust Privacy Notice for Emergency contacts GDPR compliant (Article 14 contact details given by someone other than the data subject) Contents: The personal data we hold
More informationRedundancy Policy. HR Policy and Procedure for Schools and Academies. Last Reviewed: May 2018
Redundancy Policy HR Policy and Procedure for Schools and Academies Last Reviewed: May 2018 Redundancy Policy Page 1 of 10 May 2018 Policy Outline Policy Statement The aim of this policy is to provide
More informationRSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )
RSD Technology Limited - Data protection policy: Introduction Company Name: Document DP3 Topic: RSD Technology Limited ( the Company ) Data Protection Policy Data protection Date: 25 th May 2018 Version:
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY APRIL 2018 Attendance Policy and Procedures (Pupils) (P3/Policies) Updated January 2018 Page 1 of 11 Title Summary Purpose Operational Date April 2018 Next Review Date April 2019
More informationData Protection Policy
Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:
More informationUoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.
PRIVACY NOTICE UNIVERSITY OF WARWICK We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information,
More informationPRIVACY NOTICE for Welsh St Donat s Community Council, May 2018
PRIVACY NOTICE for Welsh St Donat s Community Council, May 2018 NOTE: Welsh St Donat s Community Council is a small, rural Community Council and, compared with many councils and public bodies, processes
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Mission Statement WeST holds a deep seated belief in education and lifelong learning. Effective collaboration, mutual support and professional challenge will underpin our quest to
More informationParkfield Community School Freedom of Information Policy
Freedom of Information Policy Links to Rights Respecting: A17: Every child has the right to reliable information from the mass media in a way that they can understand. Governments must help protect children
More informationThe current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.
Page 2 of 10 Data Protection Policy Chief Information Officer Chief Information Officer Data Protection Officer The current version (July 2018) is derived from, and supersedes, the version published in
More informationSection a What this Policy is for Policy Statement. 2. Why this policy is important... 3
Norwich Central Baptist Church DATA PROTECTION POLICY Adopted: May.2018 Norwich Central Baptist Church (NCBC) is committed to protecting all information that we handle about people we support and work
More informationPRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING GRAVELEY PRIMARY SCHOOL
PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING GRAVELEY PRIMARY SCHOOL Graveley School collects data and information about parents / carers of our pupils so that we can operate effectively as
More informationNEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021
NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY Adopted: 20 June 2018 To be reviewed: June 2021 NEW LIFE BAPTIST CHURCH, NORTHALLERTON (referred to in this policy as NLBC) is committed to
More informationData Protection Policy
Hand in Hand We Learn OUR LADY & ST ANSELM S RC PRIMARY SCHOOL Data Protection Policy All children are recognised as unique individuals and nurtured in a caring family environment, with Christ at its centre.
More informationIQ Data Protection Policy
IQ Data Protection Policy Statement of purpose IQ Ltd is registered on the Data Protection register as a statutory requirement for organisations that hold personal data. Registration was first completed
More informationPrivacy Notice: for staff, trustees, governors and all who are engaged to work within The Evolve Trust
Privacy Notice: for staff, trustees, governors and all who are engaged to work within The Evolve Trust Use of Your Personal Data Statement Purpose: Information that we hold in relation to staff, trustees
More informationShavington Academy. Freedom of Information Policy
Shavington Academy Freedom of Information Policy June 2018 1 Table of Contents 1 INTRODUCTION... 3 2 POLICY STATEMENT... 3 3 SCOPE... 4 4 RELATIONSHIP WITH THE DATA PROTECTION ACT 1998... 4 5 ROLES AND
More informationRECORD OF PROCESSING ACTIVITIES ST CUTHBERT S CATHOLIC HIGH SCHOOL
RECORD OF PROCESSING ACTIVITIES ST CUTHBERT S CATHOLIC HIGH SCHOOL Created: May 2018 Last Reviewed: May 2018 This record of processing activities describes how St Cuthbert s Catholic High School processes
More informationEDWARDS COMMERCIAL CLEANING SERVICES LTD and EDWARDS COMMERCIAL CLEANING (NORTH) LTD Data Protection Policy for Employees, Workers and Consultants
EDWARDS COMMERCIAL CLEANING SERVICES LTD and EDWARDS COMMERCIAL CLEANING (NORTH) LTD Data Protection Policy for Employees, Workers and Consultants 1 Overview Data Protection Policy for Employees, Workers
More informationPrivacy Notice: All staff
Privacy Notice: All staff Approved: May 2018 Review date: May 2020 Theale C of E Primary School Church Street Theale RG7 5BZ Tel: 0118 9302239 Email: office@theale.w-berks.sch.uk Privacy Notice: All Staff
More informationData Protection Policy
Preston and District Data Protection Policy The University of the Third Age Scope of the policy This policy applies to the work of Preston & District U3A (hereafter the U3A ). The policy sets out the requirements
More informationGENERAL PRIVACY NOTICE. Reepham Town Council (The Council) is committed to protecting and respecting your privacy.
GENERAL PRIVACY NOTICE Reepham Town Council (The Council) is committed to protecting and respecting your privacy. Your personal data Personal data is any information about a living individual which allows
More informationData Protection. Policy
Data Protection Policy Why do we need this policy? What does the policy apply to? Which parts of SQA are affected? SQA is committed to adopting best practice in protecting the personal information of all
More informationThe template uses the terms students / pupils to refer to the children or young people at the institution.
This document is for advice and guidance purposes only. It is anticipated that schools / colleges will use this advice alongside their own data protection policy. This document is not intended to provide
More informationLIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018
LIFE STYLE CARE PLC Privacy Statement for Employees August 2018 Key points Why we use your personal data: We typically use your personal information for purposes related to your employment relationship
More informationGDPR - Privacy Notice Staff
GDPR - Privacy Notice Staff 1. Privacy notice for staff Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply
More informationGDPR - Privacy Notice Staff
GDPR - Privacy Notice Staff 1. Privacy notice for staff Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply
More informationPrivacy notice for suppliers, contractors and volunteers
Privacy notice for suppliers, contractors and volunteers Under data protection law, individuals have a right to be informed about how we, Dame Allan s Schools (hereafter the Schools) (which comprises Dame
More informationSecurity of Personal Data Policy and Guidelines
Kensington & Chelsea College Security of Personal Data Policy and Guidelines Written by Richard Lane, April 2009 Updated for subject access requests February 2011 1 Introduction KCC holds personal data
More informationSt George s School Harpenden Academy Trust. Freedom of Information Act 2000 Publication Scheme
St George s School Harpenden Academy Trust Freedom of Information Act 2000 Publication Scheme 1 AIMS St George s School, Harpenden Academy Trust (the School ) is committed to the Freedom of Information
More informationTHE PORTSMOUTH GRAMMAR SCHOOL
THE PORTSMOUTH GRAMMAR SCHOOL STAFF PRIVACY NOTICE In the course of your employment, engagement or other basis of work undertaken for the school, we will collect, use and hold ( process ) personal data
More informationLEICESTER HIGH SCHOOL DATA PROTECTION POLICY
LEICESTER HIGH SCHOOL DATA PROTECTION POLICY 1. Background Data protection is an important legal compliance issue for Leicester High School. During the course of the School's activities it collects, stores
More informationBaptist Union of Scotland DATA PROTECTION POLICY
Baptist Union of Scotland DATA PROTECTION POLICY Adopted: May 2018 1 1.The Baptist Union of Scotland 48, Speirs Wharf, Glasgow G4 9TH (Charity Registration SC004960) is committed to protecting all information
More informationPrivacy Notice Work Force
Privacy notice for the school workforce Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this right
More informationNorton Community Primary School. Data Protection Policy. September Vision Statement. Nothing is beyond our reach!
Norton Community Primary School Data Protection Policy September 2018 Vision Statement Nothing is beyond our reach! Care and challenge engage and motivate us! Praise reassures and supports us! Successes
More informationData Breach Policy and Procedure
Data Breach Policy and Procedure Every care is taken by the college to protect personal data from situations where a data protection breach could compromise security. This policy and procedure applies
More informationUCD Human Resources. UCD HR Privacy Statement - Employee
UCD Human Resources UCD HR Privacy Statement - Employee Contents 1 Introduction 3 2 What information do we process? 3 3 How do we use your information? 4 4 Special categories of data 4 5 How is your information
More informationPRIVACY NOTICE FOR STAFF
PRIVACY NOTICE FOR STAFF Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this right by providing privacy
More informationUniversity for the Creative Arts Application Declaration. Data Protection Privacy Notice
University for the Creative Arts Application Declaration Data Protection Privacy Notice The University for the Creative Arts takes its obligations with regard to data protection seriously. As such, we
More informationDRAYCOTE WATER SAILING CLUB DATA PRIVACY POLICY (12 th August 2018)
1 DRAYCOTE WATER SAILING CLUB DATA PRIVACY POLICY (12 th August 2018) 1. About this policy 1.1 This policy explains when and why we collect personal information about our members, customers, visitors,
More informationAPCC Policy Statement
Purpose APCC Internal Data Security Policy Statement: APCC Business 1. The APCC is committed to being transparent about how it collects and uses the personal data of its workforce and to meeting its data
More informationPrivacy Notice for Staff
Privacy Notice for Staff This Policy is to be used across all DEMAT schools Version Date DEMAT Officer responsible for updating content DPO Date approved by DEMAT Standards & Ethos Committee 1 Apri 2018
More informationSAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]
SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY Adopted: [17-04-2018] 1 SAFFRON WALDEN COMMUNITY CHURCH is committed to protecting all information that we handle about people we support and work
More informationAlexander James Recruitment Limited - DATA PROTECTION POLICY
Alexander James Recruitment Limited - DATA PROTECTION POLICY 1 ABOUT THIS POLICY (1) Why do we have a policy? (a) As an Organisation we store and use information, including personal information ( data
More information