PHWIGC framework that addresses the issues raised by the Francis Report. Author: John Morley & Jane Evans Information Governance Managers
|
|
- Sabrina Helena Carroll
- 5 years ago
- Views:
Transcription
1 PHWIGC Information Governance Audits Purpose of Document: To describe the process that Public Health Wales Information Governance Managers will follow when undertaking announced and unannounced Information Governance Audits Information Governance Committee: To decide- Paper will outline recommendations or issues to be approved by the Board or Committee. To discuss- Board or Committee will be asked to discuss and scrutinise the paper and provide feedback and comments. To inform- Board or Committee will be asked to note the paper for information only Other relevant information The Committee is invited to give approval for the commencement of site-based announced and unannounced Information Governance Audits, as described in the paper. Next Steps Audits will be undertaken by the Information Governance Managers, as described in the paper. These will be evaluated and discussed by the Information Governance Working Group (IGWG). This will result in the audits continuing or for recommendations for further development. The results of the audits will also be summarised and reported to IGWG and to the Committee. Link to Public Health Wales commitment and priorities for action: (please tick which commitment(s) is/are relevant) X X Priorities for action Put in place a comprehensive governance framework that addresses the issues raised by the Francis Report Author: John Morley & Jane Evans Information Governance Managers Date: 19 October 2014 Version:0d Sponsoring Executive Director: Mark Dickinson Who will present: (If appropriate) John Morley Documents attached: Audit, News Item Date of meeting: 27 October 2014 Committee/Groups that have Information Governance Working Group received or considered this paper: Date: 19/10/14 Version: 0d Page: 1 of 8
2 Link to standards for health services Link to risk register Equality impact assessment Financial implications Service user engagement Standard 9: Patient Information and Consent Standard 19: Information Management and Technology Risk of harm to staff or service users, reputational damage and / or financial penalties caused by a failure to meet statutory duties. (DATIX 310 Corporate risk register) Failure to ensure appropriate governance of information. This includes: loss or inappropriate release of PII; inappropriate withholding of data/information that should be released/shared; inaccurate and/or incomplete data leading to inappropriate action; inappropriate web use (DATIX 88) N/A Primarily opportunity costs only (Information Governance Managers time). There may be some additional travel required. N/A Date: 19/10/14 Version: 0d Page: 2 of 8
3 Information Governance Compliance Audits Author: John Morley, Jane Evans Information Governance Managers Date: 19 October 2014 Publication/ Distribution: Public (Internet) NHS Wales (Intranet) Public Health Wales (Intranet) Review Date: July 2015 Purpose and Summary of Document: Version: 0d To describe the process that Public Health Wales Information Governance Managers will follow when undertaking announced and unannounced Information Governance Audits. Date: 19/10/14 Version: 0d Page: 3 of 8
4 1 Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998 (the DPA). The Information Commissioner s Office (ICO) sees auditing as a constructive process with real benefits for data controllers and so aims to establish a participative approach. Public Health Wales Information Governance Managers have been tasked by the Information Governance Committee to produce proposals for a series of announced and unannounced Information Governance (IG) audits. This document describes the audits proposed. 2 Scope of the audits The IG Managers will focus on the following areas: a. Data protection governance The extent to which data protection responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor DPA compliance are in place and in operation throughout the organisation. b. Training and awareness The provision and monitoring of staff Information governance training and the awareness of data protection requirements relating to their roles and responsibilities. c. Records management (manual and electronic) The processes in place for managing both manual and electronic records containing personal data. This will include controls in place to monitor the creation, maintenance, storage, movement, retention and destruction of personal data records. d. Security of personal data The technical and organisational measures in place to ensure that there is adequate security over personal data held in manual or electronic form. e. Subject access requests - The procedures in operation for recognising and responding to individuals requests for access to their personal data. f. Freedom of information governance - The extent to which responsibilities, policies and procedures, performance measurement controls, and reporting mechanisms to monitor compliance with the Freedom of Information Act 2000 (FOIA) and the Environmental Information Regulations 2004 (EIR) are in place and in operation throughout the organisation. g. Data sharing - The design and operation of controls to ensure the sharing of personal data complies with the principles of the Data Protection Act 1998 and the good practice recommendations. Date: 19/10/14 Version: 0d Page: 4 of 8
5 3 Announced audits In the case of an announced audit, the IG managers will focus their activities on the team /division/ directorate s compliance with all points (a-g) above. 4 Unannounced Audits In the case of unannounced audits, the IG managers will focus on general IT security, building security and what information (especially patient/client/staff identifiable information (PII)) is visible on desks. These audits will normally take place towards the end of the normal working day. 5 Audit follow up Working on a colour score card system, each audit will be categorised as follows: Green Audits rated green - no follow up Yellow Audits rated yellow IG Managers will conduct a follow up check at three months Red Audits rated red IG Managers will report findings to the Information Governance Committee and to the Executive Lead for IG and Chief Executive for immediate action. 6 Information Governance Audit checklist During announced audits, IG Managers will check staff s knowledge and compliance with the following: 6.1 Keeping patient, staff and other personal information secure Number Test Score 1 to keep passwords secure to change regularly, no sharing? 2 to lock (ctrl,alt,del) or log off computers when away from desks? Passwords not visible, written down anywhere except under lock and key Check system settings and user practice Date: 19/10/14 Version: 0d Page: 5 of 8
6 3 to ensure computer screens are sited away from the view of others to prevent unlawful disclosure of sensitive information? 4 to secure of confidential paper waste securely in the confidential bins provided? 5 to prevent virus attacks by taking care when opening and attachment or visiting new websites? 6 about working to a clear desk basis by securely storing hard copy personal information when it is not being used? 7 to maintain an awareness of who should be allowed in areas normally restricted to staff and to keep those areas secure? 8 that if personal or sensitive data is held on any portable storage device eg laptop, USB pen, it must be encrypted? Check how rooms and desks are arranged especially in any reception areas Check any contracts in place for confidential waste disposal and that staff actually dispose of waste appropriately Check systems have appropriate virus software installed correctly Check current office practices Are visitors challenged Check all memory devices found in the office 6.2 Meeting the reasonable expectation of patients and staff whose data we handle Number Test Score 1 to collect only the personal information you need for a particular business purpose? 2 records should be updated promptly to ensure accuracy 3 that you should only be viewing patient or staff data for a legitimate business purpose principles principles principles Date: 19/10/14 Version: 0d Page: 6 of 8
7 4 that you may be committing an offence if you are disclosing patient or staff information without consent this includes verbal disclosure and which may lead to disciplinary action? 5 that you should inform the Information Governance Managers of any potential information sharing agreements? 6 when transporting personal data, we ensure that it is kept secure at all times? 7 that records in all formats should be stored, handled and retained in accordance with the Public Health Wales Records Management Policy? principles Check staff awareness of DATIX Check awareness of the transport of PI Iprocedure Check staff awareness of the policy and where to find it 6.3 Disclosing personal information over the telephone or via Number Test Best Practice Score 1 to be aware that there are people who will try and trick you to give out personal information? 2 that to prevent these disclosures, we should carry out identity checks before giving out personal information to someone making an incoming call? 3 to ensure that sensitive conversations are not overheard by others? 4 that when leaving answer phone messages, you should not disclose sensitive information? just leave your name and contact details Check staff awareness of blaggers Safe Haven techniques employed Check office situation, i.e. quiet areas, meeting rooms available etc Safe Haven techniques employed Date: 19/10/14 Version: 0d Page: 7 of 8
8 6.4 Handling requests from patients and staff for their personal information (subject access requests) Number Test Score 1 that patients, staff and other individuals have a right to a copy of the personal information held by the trust under the Data Protection Act, subject to certain conditions 2 Requests should be sent to the Information Governance Department 3 Public Health Wales must meet a statutory time limit of 40 days to complete the requests but in many cases must respond within 21 days? principles especially what a Subject Access Request (SAR) is and what to do if one is received. principles especially what a SAR is and what to do if one is received. principles especially what a SAR is and what to do if one is received. 6.5 Caldicott guardian Public Health Wales has an appointed Caldicott Guardian (Dr Quentin Sandifer) who plays a key role in ensuring that NHS and partner organisations satisfy the highest practical standards for handling patient information. Acting as the conscience of an organisation, the Guardian actively supports work to facilitate and enable information sharing, and is available to advise on options for lawful and ethical processing of information as required. 6.6 Information Governance breach reporting All breaches or near misses relating to the above and other Information Governance issues will also be reported on a DATIX incident report. Date: 19/10/14 Version: 0d Page: 8 of 8
INFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN
INFORMATION GOVERNANCE STRATEGY & IMPLEMENTATION PLAN 2015-2018 Disclaimer The latest version of this document is located on PTHB intranet. Please check the review date and if there are any doubts contact
More informationHumber Information Sharing Charter
External Ref: HIG 01 Review date November 2016 Version No. V07 Internal Ref: NELC 16.60.01 Humber Information Sharing Charter This Charter may be an uncontrolled copy, please check the source of this document
More informationTECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients
TECHNICAL RELEASE TECH 05/14BL Data Protection Handling information provided by clients ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over
More informationInformation Governance User Handbook
Information Governance User Handbook Version: 2.0 Ratified by: NHS Bury CCG Information Governance Operational Group Date ratified: 15 th December 2016 Name of originator /author (s): Responsible Committee
More informationData Protection Policy
Data Protection Policy StCH Data Protection Policy - POL 53 vs1 - July 2016 1 Document Control Table Document Title: Data Protection Policy Document Ref: POL 53 Author (name and job title): Karen Anderson,
More informationInformation Governance Clauses Clinical and Non Clinical Contracts
Information Governance Clauses Clinical and Non Clinical Contracts Policy Number Target Audience Approving Committee Date Approved Last Review Date Next Review Date Policy Author Version Number IG014 All
More informationHumber Information Sharing Charter
External Ref: HIG 01 Insert here the logo of the signatory organisation Review date November 2016 Version No. V07 Internal Ref: ERYC CFS ILS 02 Humber Information Sharing Charter This Charter may be an
More informationThe UK legislation is wholly retrospective and applies to all information held by public authorities regardless of its date.
FREEDOM OF INFORMATION POLICY INTRODUCTION The Freedom of Information (FOI) Act was passed in 2000 and replaces the Open Government Code of Practice that has been in place since 1994. The Act gives the
More informationDATA QUALITY POLICY. Version: 1.2. Management and Caldicott Committee. Date approved: 02 February Governance Lead
DATA QUALITY POLICY Version: 1.2 Approved by: Date approved: 02 February 2016 Name of Originator/Author: Name of Responsible Committee/Individual: Information Governance, Records Management and Caldicott
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Including the Information Governance Strategy Framework and associated Information Governance Procedures Last Review Date June 2017 Approving Body Audit Committee Date of
More informationInformation Governance Policy
Information Governance Policy Policy Number IG001 Target Audience CCG/ GMSS Staff Approving Committee CCG Chief Officer Date Approved February 2018 Last Review Date February 2018 Next Review Date February
More informationDATA PROTECTION POLICY 2016
DATA PROTECTION POLICY 2016 ADOPTED FROM BRADFORD METROPOLITAIN COUNCIL MODEL POLICY AUTUMN 2016 To be agreed by Governors on; 17/10/16 Signed by Chair of Governors: Statutory policy: Yes Frequency of
More informationIGPr002 - Information Governance Management Framework
IGPr002 - Information Governance Management Framework Page 1 of 10 Table of Contents Information Governance Management Framework... 1 Why we need this Framework... 3 What the Framework is trying to do...
More informationInformation Governance Policy and Management Framework
Putting Barnsley People First Information Governance Policy and Management Framework Version: 2.0 Approved By: Governing Body Date Approved: February 2014 Name of originator / author: Richard Walker Name
More informationHeart of England NHS Foundation Trust
Heart of England NHS Foundation Trust Data protection audit report Executive summary February 2017 1. Background 1. Background The Information Commissioner is responsible for enforcing and promoting compliance
More informationInformation Sharing Policy
Information Sharing Policy DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 19 December 2012 Name of originator/author: Information Governance Manager Name of responsible
More informationInformation Asset Management Procedure
Procedure Number: IG02 Version: 2.0 Approved by: Information Governance Working Group Date approved: July 2016 Ratified by: Audit and Risk Committee Date ratified: September 2016 Name of originator/author:
More informationInformation Governance Policy
Information Governance Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 19 th September 2017 Name of originator /author (s):
More informationAn Information Governance Guide for Clinical Audit
An Information Governance Guide for Clinical Audit Wendy Harrison and Heather Sharp NHS Bradford and Airedale Clinical audit tool to promote quality for better health services Revised - minor changes to
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing
More informationData Breach Policy and Procedure
Data Breach Policy and Procedure Every care is taken by the college to protect personal data from situations where a data protection breach could compromise security. This policy and procedure applies
More informationInformation Security Risk Management Programme and Strategy
Information Security Risk Management Programme and Strategy Table of Contents 1. Introduction... 3 2. Purpose... 3 3. Definitions... 3 4. Roles and Responsibilities... 4 4.1. Accountable Officer... 4 4.2.
More informationChelsea & Westminster Hospital NHS Foundation Trust. Data protection audit report
Chelsea & Westminster Hospital NHS Foundation Trust Data protection audit report Executive summary October 2017 1. Background The Information Commissioner is responsible for enforcing and promoting compliance
More informationGDPR POLICY. This policy complies with the requirements set out in the GDPR, which will come into effect on
GDPR POLICY Sponsors Statement All The Bishop of Winchester Academy policies exist to support the Sponsors vision, Christian ethos and values that are embedded in the day-to-day and long term running of
More informationData Protection Policy
Data Protection Policy (Data Protection Act 1998) (This policy will be updated to incorporate GDPR by May 2018) Page 1 of 9 Data Protection Policy 1 Statement of Policy The Constellation Trust needs to
More informationInformation Governance Management Framework
Management Framework Summary: This document sets out the framework, structure, system and accountabilities for Management within West Kent CCG Clinical Commissioning Group. APPROVED BY: Chief Finance Officer
More informationData protection (GDPR) policy
Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL
More informationInformation Governance Policy
Information Governance Policy Date completed: February 2016 Responsible Director: Approved by/ date: Director of Compliance Review date: October 2017 Amended: Author: Ben Westmancott Information Governance
More informationGeneral Data Protection Regulation (GDPR) Key considerations and implications for brokers
General Data Protection Regulation () Key and implications for brokers Contents at at 03 - did you know? 05 How to handle 07 Considerations for Broker Directors 08 General Data Protection Regulation ()
More informationMOBILE AND REMOTE WORKING POLICY
Policy reference number : IG/21 MOBILE AND REMOTE WORKING POLICY Purpose of document The purpose of this policy is to provide NHS Birmingham Cross City CCG (BCCCG) staff with a framework for mobile and
More informationQueen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE
Queen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE Prepared by: Peter Hawksworth, Headteacher Checked by: Jackie Hesslegrave, Business Manager Adopted by Governors: November 2017 Review
More informationThe review demonstrated that the Trust has taken appropriate steps and put plans in place to address the requirements of the Undertaking.
Data Protection Act 1998 Undertaking follow-up Pennine Care NHS Foundation Trust ICO Reference: COM0579293 & COM0641364 In the week beginning 15 January 2018 the Information Commissioner s Office (ICO)
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Page 1 of 13 INFORMATION GOVERNANCE POLICY EXECUTIVE SUMMARY Key Messages Principles of Information Governance Openness Confidentiality and Legal Compliance Information Security
More informationSecurity of Personal Data Policy and Guidelines
Kensington & Chelsea College Security of Personal Data Policy and Guidelines Written by Richard Lane, April 2009 Updated for subject access requests February 2011 1 Introduction KCC holds personal data
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Mission Statement WeST holds a deep seated belief in education and lifelong learning. Effective collaboration, mutual support and professional challenge will underpin our quest to
More informationINFORMATION GOVERNANCE ASSURANCE FRAMEWORK
INFORMATION GOVERNANCE ASSURANCE FRAMEWORK Summary This document sets out an overarching framework for the strategic Information Governance agenda in the Business Services Organisation. In particular,
More informationINFORMATION GOVERNANCE POLICY AND FRAMEWORK
INFORMATION GOVERNANCE POLICY AND FRAMEWORK Policy approved by: Audit and Governance Committees Date: 9 th October 2017 Next Review Date: September 2018 Version: 4.0 Information Governance Policy & Framework
More informationSt Michael s CE Primary School Data Protection Policy
St Michael s CE Primary School Data Protection Policy We will prepare the children at St. Michael's school for life, by giving them the opportunity to fulfil their potential within a happy caring Christian
More informationGDPR digest ARE YOU GDPR READY? {More than a MORTGAGE CLUB}
GDPR digest ARE YOU GDPR READY? {More than a MORTGAGE CLUB} contents. at a glance ICO Helpline Principles Privacy by design Lawful basis for processing Privacy Electronic Communications Regulations - PECR
More informationINFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION
INFORMATION GOVERNANCE STRATEGY AND STRATEGIC VISION Policy approved by: Joint Audit and Governance Committee Date: December 2016 Next Review Date: October 2018 Version: 2.0 Information Governance Strategy
More informationGuide to information provided by NHS dentists under the model publication scheme
Freedom of Information Act 2000 Guide to information provided by NHS dentists under the model publication scheme Introduction The Freedom of Information Act 2000 (FOIA) requires all public authorities
More informationData Protection Policy
Data Protection Policy This policy will be reviewed by the Trust Board three yearly or amended if there are any changes in legislation before that time. Date of last review: Autumn 2018 Date of next review:
More informationPolicy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent
Policy Document for: Data Protection (GDPR) Approved by Directors: September 2017 Due for Review: September 2020 1. Statement of intent Timu Academy Trust is required to keep and process certain information
More informationDocumented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act 2000
Documented and publicly available procedures are in place to ensure compliance with the Freedom of Information Act 2000 Guidance Compliance with the Freedom of Information Act 2000 Introduction 1. The
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Unique Reference / Version Primary Intranet Location Information Management & Governance Secondary Intranet Location Policy Name Information Governance Policy Version Number
More informationData Quality Policy
Cambridgeshire and Peterborough Clinical Commissioning Group (CCG) Data Quality Policy 2017-2019 Ratification Process Lead Author(s): Reviewed / Developed by: Approved by: Ratified by: Associate Director
More informationKEMBLE PRIMARY & SIDDINGTON CE PRIMARY SCHOOLS DATA PROTECTION & THE GENERAL DATA PROTECTION REGULATION (GDPR) POLICY
KEMBLE PRIMARY & SIDDINGTON CE PRIMARY SCHOOLS DATA PROTECTION & THE GENERAL DATA PROTECTION REGULATION (GDPR) POLICY Member of staff responsible Head teacher Governor responsible Chair of LGB & DPO Date
More informationThe current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.
Page 2 of 10 Data Protection Policy Chief Information Officer Chief Information Officer Data Protection Officer The current version (July 2018) is derived from, and supersedes, the version published in
More informationInformation Governance Assurance Framework
Document Reference POL008 Document Status Approved Version: V4.0 DOCUMENT CHANGE HISTORY Initiated by Date Author IG Toolkit Requirements November 2010 IG Manager Version Date Comments (i.e. viewed, or
More informationDATA PROTECTION POLICY
Registered Address: Mountdale Gardens, Leigh-on-Sea, Essex SS9 4AW Executive Headteacher: Mrs. J. Mullan Telephone: (01702) 524193 Fax: (01702) 526761 DATA PROTECTION POLICY SEN TRUST SOUTHEND KINGSDOWN
More informationDATA PROTECTION POLICY
Registered Address: Mountdale Gardens, Leigh-on-Sea, Essex SS9 4AW Executive Headteacher: Mrs. J. Mullan Telephone: (01702) 524193 Fax: (01702) 526761 DATA PROTECTION POLICY SEN TRUST SOUTHEND KINGSDOWN
More informationWest Kent Clinical Commissioning Group
West Kent Clinical Commissioning Group Information Governance Strategy 2017-18 Release: Final Approved Date: 27/10/2016 Author: Jamie Sheldrake Senior Associate - Information Governance Owner: SOUTH EAST
More informationGeneral Data Protection Regulation. What should community energy organisations be doing to prepare?
General Data Protection Regulation What should community energy organisations be doing to prepare? The implementation date of 25 May 2018 for the General Data Protection Regulation (GDPR) is fast approaching.
More informationData Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General
Data Protection Document Detail Type of Document (Stat Policy/Policy/Procedure) Policy Category of Document (Trust HR-Fin-FM-Gen/Academy) General Index reference number Approved 26/04/18 Approved by Trust
More informationInformation Governance Management Framework 2016/17
Information Governance Management Framework 2016/17 Reference: IG12 Compliance with all CCG policies, procedures, protocols, guidelines, guidance and standards is a condition of employment. Breach of policy
More informationInformation Governance Policy
Author Darren Rigg Head of Information Governance Corporate Lead Bryan Machin Executive Director of Finance and Resources Document Version 1 Date ratified by Quality Committee 24 th October 2014 Date issued
More informationData Protection Policy
Data Protection Policy Version Date Revision Author Summary of Changes 1.0 21 st May 2018 Ashleigh Morrow EXECUTIVE STATEMENT At CASTLEREAGH NURSERY SCHOOL (the School ), we believe privacy is important.
More informationStandard Operating Procedure 3 (SOP 3) Identity Management
Standard Operating Procedure 3 (SOP 3) Why we have a procedure? Identity Management The need for authorised access by employees, contractors and partners to information, at anytime from anywhere, creates
More informationData Protection Policy
Data Protection Policy Reviewed by: Reviewed when Resources Committee As required Date written and last reviewed July 2018 Source and date of model policy, if applicable n/a Contents 1. Aims... 2 2. Legislation
More informationJOB DESCRIPTION. Temporary Project Administration Officer Corporate Services Redesign 3 to 6 months. Hot Desking from Tatchbury Mount, Calmore
JOB DESCRIPTION Job Title: Temporary Project Administration Officer Corporate Services Redesign 3 to 6 months Grade: 1.0 WTE Band 3 Work Base: Accountable to: Responsible to: Hot Desking from Tatchbury
More informationInformation Governance Policy
Information Governance Policy Owner Author Information Team Information Governance Manager Reviewed by Approved by and date Council/Committee/EMT Board - Date approved Effective from 24 April 2017 Review
More informationINFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT. Information Governance Manager. This paper supports:
FOR DISCUSSION INFORMATION GOVERNANCE COMMITTEE 28 APRIL 2015 AGENDA ITEM 2.6 INFORMATION COMMISSIONER S OFFICE FOLLOW UP DATA PROTECTION AUDIT REPORT Report of Paper prepared by Director of Therapies
More informationFAQs: Compass and Data Protection (February 2015) Within this document reference to a County also refers to an Area in Wales and a Region in Scotland.
FAQs: Compass and Data Protection (February 2015) Within this document reference to a County also refers to an Area in Wales and a Region in Scotland. 1. What is Data Protection and why is it relevant
More informationData Management and Protection Policy
Data Management and Protection Policy Approved by Governor committee: Finance and Audit Date to be reviewed: June 2018 Responsibility of : Director of Finance and Operations Date ratified by Governing
More informationAuditing data protection
Data protection Auditing data protection a guide to ICO data protection audits 1 Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationData Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:
Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective: 1 Policy Statement Objective 1.1 It is the policy of Penderels Trust to demonstrate compliance
More informationGUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector
GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector TABLE OF CONTENTS INTRODUCTION... 2 Accountable privacy management 2 Getting started 3 A.
More informationGeneral Optical Council. Data Protection Policy
General Optical Council Data Protection Policy Authors: Lisa Sparkes Version: 1.2 Status: Live Date: September 2013 Review Date: September 2014 Location: Internet / Intranet Document History Version Date
More informationSt Mark s Church of England Academy Data Protection Policy
St Mark s Church of England Academy Data Protection Policy 1 Contents Purpose:... Error! Bookmark not defined. Scope:... Error! Bookmark not defined. Procedure:... Error! Bookmark not defined. Definitions:...
More informationTHE HEATH ACADEMY TRUST DATA PROTECTION POLICY
THE HEATH ACADEMY TRUST DATA PROTECTION POLICY inspire transform together Summary Policy Reference Number: 024 Category: Authorised By: Committee Responsible: Data Protection Board Of Directors Board Of
More informationBaptist Union of Scotland DATA PROTECTION POLICY
Baptist Union of Scotland DATA PROTECTION POLICY Adopted: May 2018 1 1.The Baptist Union of Scotland 48, Speirs Wharf, Glasgow G4 9TH (Charity Registration SC004960) is committed to protecting all information
More informationFreedom of Information (FOI) Policy
Freedom of Information (FOI) Policy Subject Freedom of Information Act (2000) Policy number Tbc Approved by Trust Executive Group Date approved March 2015 Version 2 Policy owner Director of Communications
More informationInformation governance strategy
Information governance strategy January 2018 Version 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment V 1.0 Trevor Duplessis 22/01/18 Due for review Dec
More informationDate: INFORMATION GOVERNANCE POLICY
Date: INFORMATION GOVERNANCE POLICY Information Governance Policy IGPOL/01 Information Systems Corporate Services Division March 2017 1 Revision History Version Date Author(s) Comments 0.1 12/12/2012 Helen
More informationInformation Governance Management Framework Version 6 December 2017
Information Governance Management Framework Version 6 December 2017 Page 1 of 8 Introduction Robust information governance requires clear and effective management and accountability structures, governance
More informationSection a What this Policy is for Policy Statement. 2. Why this policy is important... 3
Norwich Central Baptist Church DATA PROTECTION POLICY Adopted: May.2018 Norwich Central Baptist Church (NCBC) is committed to protecting all information that we handle about people we support and work
More informationNissa Consultancy Ltd Data Protection Policy
Nissa Consultancy Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments (DPIA)
More informationSCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools
SCHOOLS DATA PROTECTION POLICY Guidance Notes for Schools Please read this policy carefully and ensure that all spaces highlighted in the document are completed prior to publication. Please ensure that
More informationInformation governance handbook
Information governance handbook About the handbook This handbook sets out our approach to Information Governance and applies to GOC employees, members and those working on our behalf. Use this document
More informationThe template uses the terms students / pupils to refer to the children or young people at the institution.
This document is for advice and guidance purposes only. It is anticipated that schools / colleges will use this advice alongside their own data protection policy. This document is not intended to provide
More informationData Protection Policy. UK Policy May 2018
UK Policy May 2018 5 & 7 Diamond Court, Opal Drive, Eastlake Park, Fox Milne, Milton Keynes MK15 0DU, T: 01908 396250, F: 01908 396251 www.cognitaschools.co.uk Registered in England Cognita Limited No
More informationPolicy Document Control Page
Title: Records Management Policy Version: 9 Reference Number: CO20 Policy Document Control Page Keywords Records, management, record keeping, audit, transportation, HR, personnel, health records, child
More informationData Protection Policy
Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:
More informationData Protection Audit Self-assessment toolkit
Data Protection Audit Self-assessment toolkit online preferences security passport details emergency contact details blood group email account number accuracy CCTV images tax records rights payroll number
More informationGeneral Data Protection Regulation (GDPR) Readiness
For External Distribution Canada Life UK General Data Protection Regulation (GDPR) Readiness Customers, Clients and Business Partners FAQ GDPR TP FAQ January 2018 Frequently Asked Questions (FAQ) Document
More informationGeneral Data Protection Regulation (GDPR) Frequently Asked Questions
General Data Protection Regulation (GDPR) Frequently Asked Questions 26 March 2018 0 Contents Introduction... 3 What is GDPR?... 3 Who does the GDPR apply to?... 3 Are tax advisers data controllers or
More informationData Protection Policy
Preston and District Data Protection Policy The University of the Third Age Scope of the policy This policy applies to the work of Preston & District U3A (hereafter the U3A ). The policy sets out the requirements
More informationTourettes Action Data Protection Policy
Tourettes Action Data Protection Policy Effective date: 01/01/2018 Review date: 01/01/2020 Approved: Suzanne Dobson, CEO Tourettes Action Author: Pippa McClounan, Office Manager Tourettes Action Version
More informationANNEX 2 Security Management Plan
ANNEX 2 Page 1 of 24 The following pages define our draft security management plan (a complete and up to date shall be submitted to The Authority within 20 days of contract award as per Schedule 2.4, para
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY 1. Introduction This policy sets out how The Robert Gordon University shall comply with the requirements of the Data Protection Act 1998 and was created with reference to the JISC
More informationPRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE
PRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE Reference No: IG40 Version: 1.2 Purpose of Document: Ratified by: Date ratified: 27 th September 2013 Review Date September 2014 Name of originator/author: Contact
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY CONSULTATION AND RATIFICATION SCHEDULE Document Name: Governance Policy Policy Number/Version: 2.0 Name of originator/author: Midlands & Lancashire CSU Governance Team Ratified
More informationEARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY
EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY Adopted: 5 June 2018 1 Earls Hall Baptist Church is committed to protecting all information that we handle about people we support and work with, and to
More informationAPCC Policy Statement
Purpose APCC Internal Data Security Policy Statement: APCC Business 1. The APCC is committed to being transparent about how it collects and uses the personal data of its workforce and to meeting its data
More informationNHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17
NHS Sunderland Clinical Commissioning Group Information Governance Strategy 2016/17 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Executive Committee Governing
More informationDocument Ref: Issue Date: March 2018 Review Date: March 2020 Policy Lead: Stephanie Vasey, Data Governance Manager
Policy Data Protection Policy Document Ref: 471.4 Issue Date: March 2018 Review Date: March 2020 Policy Lead: Stephanie Vasey, Data Governance Manager Data Protection Policy Entity This policy applies
More informationDATA PROTECTION POLICY 2018
DATA PROTECTION POLICY 2018 Amesbury Baptist Church is committed to protecting all information that we handle about people we support and work with, and to respecting people s rights around how their information
More informationQuick guide to the employment practices code
Data protection Quick guide to the employment practices code Ideal for the small business Contents 3 Contents Section 1 About this guidance 4 Section 2 What is the Data Protection Act? 5 Section 3 Recruitment
More informationInformation Governance Strategic Management Framework
Information Governance Strategic Management Framework 2016-2018 Susan Meakin Information Governance Manager June 2016 Information Governance DOCUMENT CONTROL: Version: 2 Ratified by: Health Informatics
More information