1
|
|
- Cassandra Ward
- 6 years ago
- Views:
Transcription
1 The Information Commissioner s response to the Department for Culture, Media and Sport s consultation on requiring direct marketing callers to provide Calling Line Identification The Information Commissioner has responsibility for promoting and enforcing the Data Protection Act 1998 (DPA), the Privacy and Electronic Communications Regulations 2003 (PECR), the Freedom of Information Act 2000, and the Environmental Information Regulations. He is independent from government and upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The Commissioner does this by providing guidance to individuals and organisations, solving problems where he can, and taking appropriate action where the law is broken. The Information Commissioner welcomes the opportunity to respond to DCMS s consultation on requiring direct marketing callers to provide Calling Line Identification (CLI). The Commissioner s remit extends to the oversight and enforcement of unsolicited direct marketing contact via electronic means including live and automated telephone calls. In undertaking this role, the Commissioner investigates complaints, gathers intelligence from numerous sources and coordinates his activities with other relevant regulators. The Commissioner supports the proposed changes, noting in particular the potential for these changes to assist him in his enforcement work. He remains committed to taking action against organisations which breach PECR when his regulatory powers allow him to do so with a view to tackling the nuisance, anxiety and distress these calls cause to the public. Ofcom has recently estimated that 1.7 billion live sales calls and 940 million recorded sales calls are made annually to UK consumers 1. With this scale of direct marketing calls being undertaken, it is vital that individuals are able to exercise their rights in respect of those calls and that complaints can be appropriately investigated and addressed by the Commissioner and other regulators as appropriate. 1
2 Do you agree that the Government should amend PECR to make it a requirement for direct marketing callers to provide CLI? Yes. The Commissioner strongly supports the idea of requiring callers to provide CLI when making direct marketing calls. The Commissioner is supportive of this requirement for several reasons. Firstly, it sends out a message to callers and call recipients alike that direct marketing should and can be carried out in a legitimate, transparent and accountable manner, with CLI acting as insurance of that. By insurance, we mean that requiring the provision of CLI should empower individuals to choose whether to answer a call at all. If they do choose to answer and the call is one they wish to complain about, having the caller s CLI should enable them to make a better informed complaint. Inclusion of CLI should also enable individuals to contact the calling organisation directly to express their dissatisfaction about being contacted, enable them to ask to be removed from any relevant call database and also potentially be a first step in exercising their rights under the DPA. From an enforcement perspective, requiring a valid CLI should ensure that more detailed, and consequently more useful, evidence and intelligence can be obtained relating to individual breaches of PECR. It should also assist us in identifying those organisations we most need to target with enforcement activity. However, there is a strong need to ensure that the information obtained is as useful as possible. The requirements of regulation 24 of PECR should be used as the basis for any amendment. We have identified a number of potential issues which need to be addressed to ensure that any amendment is fit for purpose. Specifically, we would want any amendment to include a requirement for a valid CLI to be provided and we would want clarity as to what constitutes valid CLI, addressing the following issues: the CLI needs to be dialable - meaning capable of receiving inbound calls. the CLI needs to be a direct contact number for the organisation that is the subject of the direct marketing or for that organisation s delegated or contracted representatives (the instigator of calls or caller). The CLI could legitimately be for a third party organisation provided that a contract with the marketed organisation governs the relationship. However, inclusion of the genuine CLI for an organisation other than the subject of the marketing or any kind of spoofing need to be specifically excluded;
3 what needs to happen when an individual who has received a call contacts the number given in the CLI. To ensure the inclusion of a valid CLI assists individuals as well as regulators, we would suggest a requirement that the dialable number be answered in some way, to avoid already frustrated or upset individuals attempting to contact dialable numbers which are never picked up. whether the CLI needs to be a UK number, or whether a non-uk number that is otherwise genuine can be deemed valid; whether a presentation number can be a valid CLI. Any wording needs to take into account that there can be legitimate circumstances when the calling number would not necessarily be the number which the organisation would display as the CLI. For example, where an organisation contacts individuals from multiple different numbers (for example, from different staff) using one overarching CLI would help the call recipient to identify that those calls are from the organisation, as opposed to the individual receiving multiple calls from different numbers. In that situation, the use of one CLI would enable the individual to build an accurate picture of the calls they are receiving; the level at which any charge can be levied for dialling the CLI; and whether geographically targeted CLI can be used. By geographically targeted, we are referring to an organisation choosing to use a local telephone code as opposed to their actual national or non-local number to encourage an individual to answer the call. We have raised potential concerns previously 2 that there may be fairness issues to the localisation of CLI from the perspective of the DPA (in that individuals may be encouraged to pick up a call that they would otherwise not have answered because they believe it to be local). There is a potential for the individual to be misled by targeted use of a local number, and it is our experience that less legitimate organisations use this as a deliberate tactic to improve call pick up rates, relying on individuals to respond to the local number where a generic or national one would be ignored. As well as covering off the basic requirements of valid CLI, any wording included needs to be compatible with VOIP (Voice over Internet Protocol), which is increasingly being adopted. VOIP calls can terminate either at an IP address or be diverted to a landline number. Any amendment to PECR needs to enable enforcement activity and contact from individuals where VOIP calls have been made. 2 ICO s response to Ofcom s call for inputs on Ofcom s persistent misuse of the telecommunications network powers -
4 Our concern is that if the requirements for including CLI are insufficiently clear, this may leave loopholes which less ethical organisations may seek to exploit. We also want to avoid situations arising where organisations unwittingly fail to comply, as a result of simply not understanding what is required of them. We are also keen to ensure that any requirement introduced is consistent with the guidance that Ofcom has issued in relation to presentation CLI, to ensure that both the Commissioner and Ofcom can enforce their separate powers (under PECR and the Communications Act 2003 respectively) consistently and tackle the problem of nuisance calls in a cohesive and constructive way. Are there any other costs or benefits that may be associated with this proposal that you think the Government should consider before taking a final decision? We have considered this question both from the perspective of the public, as well as from our perspective as a regulator. It is worth considering that there may, in the short term, be some inconvenience for certain individuals if CLI is required. For example, the requirement to provide CLI when making direct marketing calls could negate individuals use of services which automatically reject or block calls from withheld numbers. Anecdotal evidence also suggests some individuals currently refuse calls on the basis that they come from numbers listed as withheld or unknown. It might be worth considering that the proposed requirement to provide CLI could make those individuals choices as to which calls to refuse more difficult. Depending on how the requirement to provide CLI is received by the public, it could either reduce or increase the information available to regulators. Where the provision of CLI genuinely enables individuals to exercise the power of choice over which calls to answer, an unintended consequence could be that it ultimately acts to reduce the evidence made available to regulators such as the ICO. Where calls go unanswered through choice, and without the call recipient being inconvenienced by the call itself, there may be a reduction in reported complaints and consequently, of the evidence available. Conversely, individuals could choose to make more complaints, with the expectation of increased enforcement action. The side effect of this and cost to individuals - would be an increase in the time spent by individuals completing complaint forms, whether those of the ICO, TPS or their own telephone operators. (Although we are currently taking steps to further improve our online reporting process to reduce the time it takes to complete multiple reports.)
5 Overall, as a regulator we strongly welcome this proposal. As has been identified in the consultation document, this proposal could result in significant regulatory benefit to the ICO. The adoption of this proposal would enable streamlining of our investigation, evidence and intelligence gathering processes and consequently could have a cost saving impact for the ICO (and consequently free up some resource for additional enforcement activity). We estimate that around 13% 3 of the complaints and concerns that we receive relate to calls received from spoofed CLIs, and as such we spend a disproportionate amount of time identifying the organisation responsible. Removal of this burden would enable us to identify and target organisations more quickly, resulting in shorter investigation times and enabling us to mitigate threats to consumers much earlier. It is therefore our view that any potential costs are significantly outweighed by potential benefits. February It is extremely difficult to identify a definitive number of complaints where CLI is invalid. We are reliant on the data entered in our online reporting tool. For example, where a CLI is one digit short, is this because the CLI was spoofed, or because it was entered incorrectly? The 13% figure is a sample, based on analysis of complaints received in Augsut 2015 where a CLI has not been provided or has been found to be invalid based on previous information or investigation. It is important to note that the real figure could be much higher, depending on calls which are never reported to the ICO or to the TPS.
BTs response to Ofcom s Call for inputs. Review of how we use our persistent misuse powers - Focus on silent and abandoned calls
7 November 2014 BTs response to Ofcom s Call for inputs Review of how we use our persistent misuse powers - Focus on silent and abandoned calls 1 Executive Summary: We support the work Ofcom is doing to
More informationLords Bill Committee on Digital Economy Bill Information Commissioner s briefing
Lords Bill Committee on Digital Economy Bill Information Commissioner s briefing Introduction 1. The Information Commissioner has responsibility in the UK for promoting and enforcing the Data Protection
More informationTraining Manual. DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Data Protection Officer is Mike Bandurak
PROFESSIONAL INDEPENDENT ADVISERS LTD DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Training Manual Data Protection Officer is Mike Bandurak GDPR introduction
More informationDATA PROTECTION POLICY VERSION 1.0
VERSION 1.0 1 Department of Education and Skills Last updated 21 May 2018 Table of Contents 1. Introduction... 4 2. Scope & purpose... 4 3. Responsibility for this policy... 5 4. Data protection principles...
More informationThe Information Commissioner s response to the Competition and Market Authority s Energy market investigation: notice of possible remedies paper.
The Information Commissioner s response to the Competition and Market Authority s Energy market investigation: notice of possible remedies paper. The Information Commissioner s role The Information Commissioner
More informationThe use of consumers energy consumption data emanating from smart meters is governed by the Data Access Privacy Framework (DAPF).
The Information Commissioner s Office response to the Department of Business, Energy & Industrial Strategy and Ofgem s Call for Evidence on a Smart, Flexible Energy System. The Information Commissioner
More informationBaptist Union of Scotland DATA PROTECTION POLICY
Baptist Union of Scotland DATA PROTECTION POLICY Adopted: May 2018 1 1.The Baptist Union of Scotland 48, Speirs Wharf, Glasgow G4 9TH (Charity Registration SC004960) is committed to protecting all information
More informationReactiv Media Ltd OfCom Response
Reactiv Media Ltd OfCom Response Q1: We would welcome views and evidence from stakeholders on (a) the main types of harm that consumers experience from nuisance calls in general and specifically in relation
More informationSection a What this Policy is for Policy Statement. 2. Why this policy is important... 3
Norwich Central Baptist Church DATA PROTECTION POLICY Adopted: May.2018 Norwich Central Baptist Church (NCBC) is committed to protecting all information that we handle about people we support and work
More informationNumbering arrangements for Voice over Broadband services. Internet Telephony Service Providers Association ( ITSPA )
Second Response to the Office of Communications consultation on Numbering arrangements for Voice over Broadband services on behalf of the Internet Telephony Service Providers Association ( ITSPA ) Submitted
More informationIntroduction. Summary
The Information Commissioner s response to the Department for Digital, Culture, Media & Sport consultation on the Security of Network and Information Systems. Introduction 1. The Information Commissioner
More informationScottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY
Dingwall Baptist Church DATA PROTECTION POLICY Adopted: By Trustees Dingwall Baptist Church May 2018 1 Dingwall Baptist Church is committed to protecting all information that we handle about people we
More informationEARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY
EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY Adopted: 5 June 2018 1 Earls Hall Baptist Church is committed to protecting all information that we handle about people we support and work with, and to
More informationGeneral Data Protection Regulation. What should community energy organisations be doing to prepare?
General Data Protection Regulation What should community energy organisations be doing to prepare? The implementation date of 25 May 2018 for the General Data Protection Regulation (GDPR) is fast approaching.
More informationGENERAL DATA PROTECTION REGULATION.
For the use of mortgage intermediaries and other professionals only. GENERAL DATA HALIFAX INTERMEDIARIES KEY CHANGES GUIDE MAY 2018 REGULATION >SELECT A TILE FOR MORE INFORMATION WHAT IS THE GDPR? KEY
More informationDELL BANK INTERNATIONAL D.A.C DATA PROTECTION STATEMENT - USE OF PERSONAL DATA 1
DELL BANK INTERNATIONAL D.A.C DATA PROTECTION STATEMENT - USE OF PERSONAL DATA 1 1. Introduction & Scope This Data Protection Statement ( Statement ) sets out how we, Dell Bank International d.a.c., trading
More informationAustralian Communications and Media Authority s Calling the Emergency Call Service Review of Arrangements Discussion Paper
Australian Communications and Media Authority s Calling the Emergency Call Service Review of Arrangements Discussion Paper Submission by Communications Alliance and the Australian Mobile Telecommunication
More informationDiscussion Paper on innovative uses of consumer data by financial institutions
Datum 28 juli 2016 Referentie OD15800 NVB response to the European Banking Authority Consultation form Discussion Paper on innovative uses of consumer data by financial institutions The EBA invites comments
More informationBoth companies are privately held and not affiliated, while sharing their management teams and some staff.
Overview Netzquadrat GmbH has been provided IP based services since 1998. Its mobile communication service "sms.de" has since attracted more than 2.5 million consumers. In the last seven years Netzquadrat
More informationLeicestershire Police CCTV on Police Premises Policy
Leicestershire Police CCTV on Police Premises Policy Policy Owner: Department Responsible: Chief Officer Approval: Deputy Chief Constable Corporate Services Directorate Deputy Chief Constable Date of Next
More information1 Revised statement of policy on the persistent misuse of an electronic communications network or service 2010
Annex 1 1 Revised statement of policy on the persistent misuse of an electronic communications network or service 2010 Introduction A1.1 This statement is published in accordance with section 131 of the
More informationCode of Practice for the sales and marketing of subscriptions to mobile networks
Code of Practice for the sales and marketing of subscriptions to mobile networks Introduction There are in excess of 66 million active mobile accounts in the UK. In search of ever improving tariffs and
More informationConducting privacy impact assessments code of practice
ICO lo Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 About this code... 3 Chapter 1 - Introduction to PIAs... 5 What the ICO means by PIA...
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationPRIVACY POLICY. VERSION 1.3 Keystone Property Finance 42 Kings Hill Avenue, Kings Hill, West Malling, Kent M19 4AJ
PRIVACY POLICY VERSION 1.3 Keystone Property Finance 42 Kings Hill Avenue, Kings Hill, West Malling, Kent M19 4AJ Contents INTRODUCTION... 2 WHY WE PROVIDE YOU WITH OUR PRIVACY NOTICE... 2 OUR PRIVACY
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationDATA PROTECTION POLICY 2018
DATA PROTECTION POLICY 2018 Amesbury Baptist Church is committed to protecting all information that we handle about people we support and work with, and to respecting people s rights around how their information
More information27 April GDPR Implementation Challenges: A Summary of CIPL GDPR Project Participants Feedback
27 April 2017 GDPR Implementation Challenges: A Summary of CIPL GDPR Project Participants Feedback 1 GDPR Implementation Challenges A Summary of CIPL GDPR Project Participants Feedback In early 2017, CIPL
More informationUoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.
PRIVACY NOTICE UNIVERSITY OF WARWICK We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information,
More informationCurrent Account Credit Card. Privacy Notice
Current Account Credit Card Privacy Notice Contents Introduction 3 What sort of data do we hold about you? 3 What about joint applications and additional cardholders? 4 How does Tesco Bank use your personal
More informationGuidance on the General Data Protection Regulation: (1) Getting started
Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1
More information10/02/2017 Version pptx. 1
The Information Commissioner s response to the Department for Business, Energy and Industrial Strategy call for evidence on implementing Midata in the energy sector The Information Commissioner has responsibility
More information7 Estimating consumer harm
Annex 7 7 Estimating consumer harm Background A7.1 Silent and abandoned calls made to consumers will almost always be unwanted. Consumers who receive these calls can therefore be considered to be harmed.
More informationIntroduction to the General Data Protection Regulation (GDPR)
Introduction to the General Data Protection Regulation (GDPR) #CIPR / @CIPR_UK This guide is worth 5 CPD points Introduction to the General Data Protection Regulation (GDPR) / 2 Contents 1 Introduction
More informationOfcom s response to the BIS consultation: Enhancing Consumer Confidence by Clarifying Consumer Law on the Supply of Goods Services and Digital
Ofcom s response to the BIS consultation: Enhancing Consumer Confidence by Clarifying Consumer Law on the Supply of Goods Services and Digital Content. Publication date: 5 th October 2012 Main Heading
More informationScottish and Southern Energy plc. Telephone: Our Reference: Facsimile: Your Reference:
Claudio Pollack Floor 6, Office of Communications Riverside House 2A Southwark Bridge Road London SE1 9HA Head Office Inveralmond House 200 Dunkeld Road Perth PH1 3AQ Telephone: 01738 456400 Our Reference:
More informationDATA PROTECTION POLICY 2016
DATA PROTECTION POLICY 2016 ADOPTED FROM BRADFORD METROPOLITAIN COUNCIL MODEL POLICY AUTUMN 2016 To be agreed by Governors on; 17/10/16 Signed by Chair of Governors: Statutory policy: Yes Frequency of
More informationFCA Mission: Our Future Approach to Consumers
FCA Mission: Our Future Approach to Consumers BSA Response 29 January 2018 Executive Summary Consumer responsibility (question 1): We note and support the FCA s continued acknowledgement that consumers
More informationUCD Human Resources. UCD HR Privacy Statement - Employee
UCD Human Resources UCD HR Privacy Statement - Employee Contents 1 Introduction 3 2 What information do we process? 3 3 How do we use your information? 4 4 Special categories of data 4 5 How is your information
More informationNext Generation Networks Consultation
17 th August 2005 Next Generation Networks Consultation Summary ITSPA welcomes the opportunity to comment on Ofcom s further consultation on Next Generation Networks. Ofcom s approach to IP voice interconnect
More informationIntellect s Response to Ofcom s Consultation related to New Voice Services
Intellect s Response to Ofcom s Consultation related to New Voice Services Intellect is the trade association for the information technology, telecommunications and electronics industries in the UK representing
More informationInformation Commissioner s Office. Consultation: GDPR consent guidance
Information Commissioner s Office Consultation: GDPR consent guidance Start date: 2 March 2017 End date: 31 March 2017 1 Introduction The General Data Protection Regulation (GDPR) will apply in the UK
More informationQuick guide to the employment practices code
Data protection Quick guide to the employment practices code Ideal for the small business Contents 3 Contents Section 1 About this guidance 4 Section 2 What is the Data Protection Act? 5 Section 3 Recruitment
More informationCONSULTATION ON USE OF RESOURCES AND WELL- LED ASSESSMENTS - NHS Providers response
February 2017 CONSULTATION ON USE OF RESOURCES AND WELL- LED ASSESSMENTS - NHS Providers response ABOUT NHS PROVIDERS NHS Providers is the membership organisation and trade association for the NHS acute,
More informationGeneral Optical Council. Data Protection Policy
General Optical Council Data Protection Policy Authors: Lisa Sparkes Version: 1.2 Status: Live Date: September 2013 Review Date: September 2014 Location: Internet / Intranet Document History Version Date
More informationNEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021
NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY Adopted: 20 June 2018 To be reviewed: June 2021 NEW LIFE BAPTIST CHURCH, NORTHALLERTON (referred to in this policy as NLBC) is committed to
More informationUtility Warehouse. Privacy and Electronic Communications Regulations audit report
Utility Warehouse Privacy and Electronic Communications Regulations audit report Executive summary March 2018 1. Background and scope The Information Commissioner may audit the measures taken by the provider
More informationNissa Consultancy Ltd Data Protection Policy
Nissa Consultancy Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments (DPIA)
More informationPrivacy notices, transparency and control
Data protection Privacy notices, transparency and control A code of practice on communicating privacy information to individuals About the code Who should use this code? Why should you provide effective
More informationIntroduction. Welcome to the OAG Aviation Group privacy notice.
Introduction Welcome to the OAG Aviation Group privacy notice. The OAG Aviation Group respects your privacy and is committed to protecting your personal data. This privacy notice aims to give you information
More informationProcedure If you are reading a paper version of this document it may not be the latest version. Please check on Insite.
Procedure If you are reading a paper version of this document it may not be the latest version. Please check on Insite. Title Enforcement Fire Safety Service Standards Management Procedure Author (Role)
More informationGDPR digest ARE YOU GDPR READY? {More than a MORTGAGE CLUB}
GDPR digest ARE YOU GDPR READY? {More than a MORTGAGE CLUB} contents. at a glance ICO Helpline Principles Privacy by design Lawful basis for processing Privacy Electronic Communications Regulations - PECR
More informationSTAFF PRIVACY NOTICE
STAFF PRIVACY NOTICE 1. ABOUT THIS NOTICE We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data,
More informationBT Response A review of consumer complaints procedures - Ofcom consultation
BT Response A review of consumer complaints procedures - Ofcom consultation Introduction 1. BT welcomes the opportunity to respond to the consultation A review of consumer complaints procedures. 2. We
More informationSt Mark s Church of England Academy Data Protection Policy
St Mark s Church of England Academy Data Protection Policy 1 Contents Purpose:... Error! Bookmark not defined. Scope:... Error! Bookmark not defined. Procedure:... Error! Bookmark not defined. Definitions:...
More informationReality Solutions Data and Privacy Policy
Reality Solutions Data and Privacy Policy Reality Solutions Limited Reality Solutions Limited is an IT and Business Software Solution provider, providing IT software, hardware, business solutions and support
More informationUsing reported concerns to improve how organisations deal with information rights. Performance Improvement Business Plan 2015 / 16
Using reported concerns to improve how organisations deal with information rights Performance Improvement Business Plan 2015 / 16 Our 2015-18 corporate objectives The ICO has identified the following six
More informationChelsea & Westminster Hospital NHS Foundation Trust. Data protection audit report
Chelsea & Westminster Hospital NHS Foundation Trust Data protection audit report Executive summary October 2017 1. Background The Information Commissioner is responsible for enforcing and promoting compliance
More informationVersion 1.0 (final)
The Information Commissioner s response to the Department for Business Innovation and Skills consultation on moving Land Registry operations to the private sector ( the consultation ) The Information Commissioner
More informationGDPR factsheet Key provisions and steps for compliance
GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance
More informationErnst & Young Data Protection Binding Corporate Rules Programme
Ernst & Young Data Protection Binding Corporate Rules Programme Table of contents Introduction to the data protection binding corporate rules programme... 2 Part I: Background and actions... 3 Part II:
More informationUpdate on Communications Consumer Panel and ACOD activities
NOVEMBER BULLETIN Update on Communications Consumer Panel and ACOD activities The Communications Consumer Panel has continued to meet with both communications providers and key stakeholders to discuss
More informationPrivacy Policy PURPOSE SCOPE POLICY. Data Collection
Privacy Policy PURPOSE 1. To ensure Training & Assessment Mentor maintains the privacy of personal information provided to Training & Assessment Mentor from Staff and Students. SCOPE 2. This document describes
More informationPRIVACY NOTICE - DRIVER HIRE TRAINING
PRIVACY NOTICE - DRIVER HIRE TRAINING Introduction Driver Hire Group Services Ltd and DH People Plus Ltd t/a Driver Hire Training (Driver Hire) provide training and worker engagement support services,
More informationStaffordshire Police. Data Protection Audit Report. Executive Summary
Staffordshire Police Data Protection Audit Report Executive Summary May 2018 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationData Protection Practitioners Conference 2018 #DPPC2018. Lawful basis myths
Data Protection Practitioners Conference 2018 #DPPC2018 Myth #1 This lawful basis stuff is all new. Reality It s not new. The six lawful bases for processing are very similar to the old conditions for
More informationConducting privacy impact assessments code of practice
Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 Information Commissioner s foreword... 2 About this code... 3 Chapter 1 Introduction to PIAs...
More informationData Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General
Data Protection Document Detail Type of Document (Stat Policy/Policy/Procedure) Policy Category of Document (Trust HR-Fin-FM-Gen/Academy) General Index reference number Approved 26/04/18 Approved by Trust
More informationExternal Supplier Control Obligations
External Supplier Control Obligations Customer Complaints Important Note: For regulated suppliers, the supplier must adhere to any specific set out by the regulator in their local jurisdiction which may
More informationREDDISH VALE HIGH SCHOOL PRIMARY PRIVACY NOTICE
REDDISH VALE HIGH SCHOOL PRIMARY PRIVACY NOTICE Overview Reddish Vale High School is committed to ensuring that we re transparent about the ways in which we use your personal information and that we have
More informationCommunications Consumer Panel and Advisory Committee for Older and Disabled People: draft Priorities and Work Plan 2017/18
Communications Consumer Panel and Advisory Committee for Older and Disabled People: draft Priorities and Work Plan 2017/18 This is the 2018/19 draft Work Plan for the Communications Consumer Panel and
More informationGPEN Sweep 2018 Privacy Accountability
GPEN Sweep 2018 Privacy Accountability October 2018 Office of the Privacy Commissioner, New Zealand Information Commissioner s Office, UK Page 1 of 9 Background The 2018 GPEN Sweep aimed to consider how
More informationPublic Procurement: A consultation on changes to public procurement rules in Scotland
Public Procurement: A consultation on changes to public procurement rules in Scotland Federation of Small Businesses Scotland April 2015 Introduction The FSB is Scotland s largest direct-member business
More informationStaff Briefing Session
Data Protection Act 1998 Privacy Impact Assessment (PIA) Compliance for Clinical Commissioning Groups Staff Briefing Session Overview PIA Requirement Annex one Privacy impact assessment screening questions
More informationHEALTHY WORKPLACE PRIVACY POLICY
1 Background HEALTHY WORKPLACE PRIVACY POLICY 1.1 This privacy policy applies to the personal data we hold about employees of prospective Healthy Workplaces corporate clients. It sets out how and why we
More informationFindings from ICO audits of 16 local authorities
Data protection Findings from ICO audits of 16 local authorities January to December 2013 Introduction This report is based on ICO audits of 16 local authorities between January and December 2013. This
More informationOur Privacy Principles
SAXON HALL/SOUTHEND MASONIC CENTRE - PRIVACY POLICY Our Privacy Principles We will look after any personal information you share with us. This is central to our values as a company. We want everyone to
More informationParliamentary and Health Ombudsman. Data protection audit report
Parliamentary and Health Ombudsman Data protection audit report Executive summary March 2018 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data
More informationData Privacy Notice Personal Effective from 25 May 2018
Data Privacy Notice Personal Effective from 25 May 2018 Contents 1. Introduction 3 2. Information we hold about you 3 3. What we use your information for and the legal basis for doing so 4 4. Who we will
More informationSCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools
SCHOOLS DATA PROTECTION POLICY Guidance Notes for Schools Please read this policy carefully and ensure that all spaces highlighted in the document are completed prior to publication. Please ensure that
More informationTimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents
Company Name: Document DP3 Topic: ( the Company ) Data Protection Policy Data Protection Date: April 2018 Version: 001 Contents Introduction Definitions Data processing under the Data Protection Laws 1.
More informationTrinity is committed to protecting the privacy and security of personal data.
This privacy notice applies data processing activities undertaken by Trinity College for security and monitoring relating to staff, students and visitors to Trinity premises including CCTV, other security
More informationCall for evidence: Regulatory Sandbox
Call for evidence: Regulatory Sandbox The Information Commissioner (the Commissioner) is calling for evidence and initial views on creating a regulatory sandbox. The ICO s Technology Strategy for 2018-2021
More informationOperating procedure. Managing customer contacts
Operating procedure Managing customer contacts Contents 1. Introduction 2. Staff welfare 3. Application and context of this procedure 4. Defining and dealing with challenging customer behaviour 5. Equality
More informationJob applicant privacy notice (compliant with the General Data Protection Regulations (GDPR)
Job applicant privacy notice (compliant with the General Data Protection Regulations (GDPR) The Company is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed
More informationACTING IN THE SPIRIT OF SERVICE Information gathering and public trust
ACTING IN THE SPIRIT OF SERVICE Information gathering and public trust Model standards for information gathering associated with regulatory compliance, law enforcement and security functions. Effective
More informationData Protection Policy
Data Protection Policy Version Date Revision Author Summary of Changes 1.0 21 st May 2018 Ashleigh Morrow EXECUTIVE STATEMENT At CASTLEREAGH NURSERY SCHOOL (the School ), we believe privacy is important.
More informationComplaint about your ad What happens now?
Complaint about your ad What happens now? Our procedures 01 Receiving a complaint When we receive a complaint it is assessed against the Advertising Codes. Many of the complaints we receive don t raise
More informationTWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION
TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA
More informationGDPR: An Evolution, Not a Revolution
GDPR: An Evolution, Not a Revolution Disclaimer This article does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. You should
More informationAllstate Northern Ireland Limited Data Privacy Notice
Privacy Notice Applicants for jobs at Allstate Northern Ireland, UK UK Data Privacy Please click on the hyperlink to the right which will guide you to the Data Privacy Notice Notice for jobs at Allstate
More informationSAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]
SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY Adopted: [17-04-2018] 1 SAFFRON WALDEN COMMUNITY CHURCH is committed to protecting all information that we handle about people we support and work
More informationNCVO recruitment & GDPR applying for a job with us
NCVO recruitment & GDPR applying for a job with us NCVO is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently.
More informationTesco Telecoms Response to Ofcom consultation. Strategic Review of Customer Switching. Submitted: 26 November
Tesco Telecoms Response to Ofcom consultation Strategic Review of Customer Switching Submitted: 26 November 1 Introduction Tesco Telecoms encompasses the Tesco Broadband, Tesco Internet and Tesco Homephone
More informationComplaint handling: under the spotlight. EY point of view
Complaint handling: under the spotlight EY point of view New rules on complaint handling On 23 July 2015, the UK s Financial Conduct Authority (FCA) issued its Policy Statement (PS15/19), in response to
More informationTHE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER
THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER Contents 1 Introduction 2 2 Key messages 3 3 The requirement to appoint a Data Protection Officer 4 3.1 Public
More informationGDPR Factsheet - Key Provisions and steps for Compliance
GDPR Factsheet - Key Provisions and steps for Compliance Organisations in the Leisure & Hospitality industry hold vast amounts of personal data relating to customers, employees, and suppliers as well as
More informationData Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents
Company Name: Document: Topic: System People ( the Company ) Data Protection Policy Data protection Date: 28/4/2018 Version: 1 Contents Introduction Definitions Data processing under the Data Protection
More informationRSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )
RSD Technology Limited - Data protection policy: Introduction Company Name: Document DP3 Topic: RSD Technology Limited ( the Company ) Data Protection Policy Data protection Date: 25 th May 2018 Version:
More informationThe General Data Protection Regulation in health & social care. 6 October 2016 Leeds
The General Data Protection Regulation in health & social care 6 October 2016 Leeds Session outline 09.05am: Roadmap of the GDPR 10.15am: Coffee break 10.30: GDPR impact: Streetview Employment Rights of
More information