Privacy Impact Assessment Policy V3.0
|
|
- Camilla Shanna Gray
- 6 years ago
- Views:
Transcription
1 Privacy Impact Assessment Policy V3.0 January 2016
2 Summary. Although not mandatory the best practice guidance from the information Commissioner is to conduct a Privacy Impact Assessment. Privacy impact assessments (PIAs) are a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals expectations of privacy. An effective PIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation which might otherwise occur. PIAs are an integral part of taking a privacy by design approach. Page 2 of 22
3 Table of Contents Summary Introduction Purpose of this Policy/Procedure Scope Definitions / Glossary Ownership and Responsibilities Standards and Practice Dissemination and Implementation Monitoring compliance and effectiveness Updating and Review Equality and Diversity Equality Impact Assessment... 9 Appendix 1. Governance Information Appendix 2. Initial Equality Impact Assessment Form Appendix 3. Privacy Impact Assessment Tool Page 3 of 22
4 1. Introduction 1.1. For many organisations, privacy now poses risks which need to be professionally managed in a similar way to other categories of risk. Royal Cornwall Hospitals Trust recognises that handling data is an intrinsic and critical aspect of their business, and that the implementation of projects that handle personal data need to monitored It is important to note that any collection, use or disclosure of personal information has the potential to have a risk to personal privacy. Sometimes those risks are not obvious and as a result it can be easy to overlook or not adequately address them This version supersedes any previous versions of this document. 2. Purpose of this Policy/Procedure 2.1. This policy and procedure is designed to illustrate the approach that the Trust is taking in regards to monitoring and assessing any changes to, or implementation of any new information systems. The careful analysis at the planning stage of intended projects will be enhanced by the implementation of Privacy Impact Assessments (PIA) on all new projects. 3. Scope 3.1. The term project used in this policy and procedure is not strictly limited to just projects. It encompasses any activity that may alter, dispose of or initiate a new system that contains, or potentially contains personal data, whether in an electronic or paper format This policy and procedure will apply across the Trust and contracted services where personal data is either managed or processed. All relevant projects must have a PIA Screening or Assessment completed at an early stage. 4. Definitions / Glossary PIA Privacy Impact Assessment (process for assessing risk) IGC Information Governance Committee (Oversight committee) SIRO Senior Information Risk Officer. (Person responsible for risk) 5. Ownership and Responsibilities 5.1. The Chief Executive is responsible for maintaining privacy and confidentiality within the Trust The Caldicott Guardian is responsible for protecting the confidentiality of patient information and acts as the conscience of the Trust to ensue 5.3. The Senior Information Risk Owner and the Head of Information Governance/Data Protection Officer responsible for ensuring IGC analysis of all Trust PIA s and ultimate approval. Page 4 of 22
5 5.4. Members of the Information Governance Committee (IGC) are responsible for assessing and contributing to the assessment of all Trust PIA s All Project Leads (either Business or Project managers) within the Trust are responsible for ensuring that PIA s are carried out, and presented to the relevant IGC, on all new projects All managers are to be aware of the need for PIA s for all new projects The IT Security Manager is responsible for assessing any IT security needs Role of the Managers Line managers are responsible for: Ensuring any new process or system that contains, handles or uses personal identifiable data has a PIA conducted prior to implementation. Ensuring any new/changed processes, policies, procedures or office locations (including moves) are assessed using the PIA to ensure confidential information is secure Role of the Information Governance Committee The Information Governance Committee is responsible for: Receiving completed PIA s and recommendations form the Head of Information Governance. Approving or seeking further clarification as to issues as required Role of Individual Staff All staff members are responsible for: Ensuring they alert either their line manager or the Head of Information Governance to changes to process where personal identifiable data is used. Raise awareness where they think personal identifiable data is at risk. 6. Standards and Practice 6.1. What is privacy? 6.2. Interpreted most broadly, privacy is about the integrity of the individual. However, for the purposes of completing a privacy impact assessment (PIA), it is more useful to examine different aspects of privacy. A PIA could consider: 6.3. Privacy of personal information is referred to variously as data privacy and information privacy. Individuals generally do not want data about themselves to be automatically available to other individuals and organisations. Even where data is possessed by another party, the individual should be able to exercise a substantial degree of control over that data and its use. Page 5 of 22
6 6.4. Privacy of the person, sometimes referred to as bodily privacy, is concerned with the integrity of the individual s body. At its broadest, it could be interpreted as extending to freedom from torture and right to medical treatment, but these are more commonly seen as separate human rights rather than as aspects of privacy. Issues that are more readily associated with privacy include body searches, compulsory immunisation, blood transfusion without consent, compulsory provision of samples of body fluids and body tissue, and requirements for submission to biometric measurement Privacy of personal behaviour relates to the observation of what individuals do, and includes such issues as optical surveillance and media privacy. It could relate to matters such as sexual preferences and habits, political or trade union activities and religious practices. But the notion of private space is vital to all aspects of behaviour, is relevant in private places such as the home and toilet cubicle, and is also relevant in public places, where casual observation by the few people in the vicinity is very different from systematic observation, the recording or transmission of images and sounds Privacy of personal communications could include various means of analysing or recording communications such as mail covers, the use of directional microphones and bugs with or without recording apparatus and telephonic interception and recording. In recent years, concerns have arisen about third party access to messages. Individuals generally desire the freedom to communicate among themselves, using various media, without routine monitoring of their communications by other persons or organisations Privacy risks 6.8. The enormous increases in the collection, storage, use and disclosure of personal data, and the imposition of many intrusive technologies, have caused increased concern about individual privacy. Privacy risks fall into two categories. 1. Risks to the individual as a result of contravention of their rights in relation to privacy, or loss, damage, misuse or abuse of their personal information. 2. Risks to the organisation as a result of: perceived harm to privacy; a failure to meet public expectations on the protection of personal information; retrospective imposition of regulatory conditions; the costs of redesigning or delaying a system; the collapse of a project or completed system; withdrawal of support from key supporting organisations due to perceived privacy harms; and/ or failure to comply with the law, leading to: o enforcement action; or o compensation claims from individuals. Page 6 of 22
7 6.9. Privacy Impact Assessment 6.10.A PIA is a systematic process for evaluating a proposal or project in terms of its impact upon privacy. A PIA can assist in: Identify potential issues and concerns on individual or group privacy Examine how detrimental effects may be overcome. Ensure that new projects comply with privacy law and principals. Avoiding loss of trust and reputation. Avoiding unnecessary costs and inadequate solutions 6.11.A PIA must be seen as a separate process from compliance checking or data protection audit processes. Projects which are already up and running should not be submitted to a PIA, but to either a compliance check or a data protection audit, whichever is more appropriate The Process 1. Identifying the need for a PIA. The need for a PIA can be identified as part of an organisation s usual project management process or by using the screening questions in annex two of this Code. 3. Identifying the privacy and related risks. Some will be risks to individuals - for example damage caused by inaccurate data or a security breach, or upset caused by an unnecessary intrusion on privacy. Some risks will be to the organisation - for example damage to reputation, or the financial costs or a data breach. Legal compliance risks include the DPA, PECR, and the Human Rights Act. 5. Signing off and recording the PIA outcomes. Make sure that the privacy risks have been signed-off at an appropriate level. This can be done as part of the wider project approval. A PIA report should summarise the process, and the steps taken to reduce the risks to privacy. It should also record the decisions taken to eliminate, mitigate, or accept the identified risks. Publishing a PIA report will improve transparency and accountability, and lets individuals learn more about how your project affects them. 2. Describing the information flows. Describe the information flows of the project. Explain what information is used, what it is used for, who it is obtained from and disclosed to, who will have access, and any other necessary information 4. Identifying and evaluating privacy solutions. Explain how you could address each risk. Some might be eliminated altogether. Other risks might be reduced. Most projects will require you to accept some level of risk, and will have some impact on privacy. Evaluate the likely costs and benefits of each approach. Think about the available resources, and the need to deliver a project which is still effective. 6.Integrating the PIA outcomes back into the project plan. The PIA findings and actions should be integrated with the project plan. It might be necessary to return to the PIA at various stages of the project s development and implementation. Large projects are more likely to benefit from a more formal review process. A PIA might generate actions which will continue after the assessment has finished, so you should ensure that these are monitored. Record what you can Page 7 of 22
8 7. Dissemination and Implementation 7.1. This document will be made available on the Trusts Document Library. It will also be highlighted to the Cornwall IT Services management to ensure it is adopted by its Project Managers This requirement has been in existence for a number of years, no further training is required, just a reaffirming of its existence and the need for compliance. 8. Monitoring compliance and effectiveness Element to be monitored Lead Tool Frequency Reporting arrangements Acting on recommendations and Lead(s) Change in practice and lessons to be shared The completion of PIA s for all known projects Deputy Director of CITS, Business & Infrastructure Programme Manager and Head of Information Governance? The PIA documentation is the tool used to monitor compliance. Assurances should be sought from the Deputy Director of CITS, Business & Infrastructure Programme Manager and Head of Information Governance quarterly as to the level of compliance. A PIA should be completed for all projects where there is a new use of information of where there is a significant change of an existing process. All PIA s will be tabled at the IGC. These are bi-monthly. The IGC will receive the PIA s once approved by the SIRO The SIRO and Head of Information Governance will make appropriate recommendations. These responsibilities are listed in the duties of the IGC. The IGC will require action plans on any recommendations made to PIA s that do not meet the required standards. The action plan for actions will be determined by the constraints of the delivery of the project. Any changes to the design of the project will be built into the project plan and will be managed by the Project Manager. The Project Manager will be responsible for ensuring the actions are undertaken ion an agreed time frame. Page 8 of 22
9 9. Updating and Review 9.1. This policy should be reviewed every three years. The IGC will be the mechanism for this Revisions can be made ahead of the review date when the procedural document requires updating. Where the revisions are significant and the overall policy is changed, the author should ensure the revised document is taken through the standard consultation, approval and dissemination processes Where the revisions are minor, e.g. amended job titles or changes in the organisational structure, approval can be sought from the Executive Director responsible for signatory approval, and can be re-published accordingly without having gone through the full consultation and ratification process Any revision activity is to be recorded in the Version Control Table as part of the document control process. 10. Equality and Diversity This document complies with the Royal Cornwall Hospitals NHS Trust service Equality and Diversity statement which can be found in the or the Equality and Diversity website All Human Resources policies must include, or refer to, the following employment statement: Royal Cornwall Hospitals NHS Trust is committed to a Policy of Equal Opportunities in employment. The aim of this policy is to ensure that no job applicant or employee receives less favourable treatment because of their race, colour, nationality, ethnic or national origin, or on the grounds of their age, gender, gender reassignment, marital status, domestic circumstances, disability, HIV status, sexual orientation, religion, belief, political affiliation or trade union membership, social or employment status or is disadvantaged by conditions or requirements which are not justified by the job to be done. This policy concerns all aspects of employment for existing staff and potential employees Equality Impact Assessment The Initial Equality Impact Assessment Screening Form is at Appendix 2. Page 9 of 22
10 Appendix 1. Governance Information Document Title Privacy Impact Assessment Policy Date Issued/Approved: Date Valid From: 25 January 2016 Date Valid To: Directorate / Department responsible (author/owner): No more than 3 years from approval Mark Scallan Head of Information Governance Contact details: Brief summary of contents Privacy impact assessment guide and tool for conducting process. This should be used for all new or significantly changed data collection/processes. Suggested Keywords: Target Audience Executive Director responsible for Policy: Date revised: 6 January 2016 This document replaces (exact title of previous version): Approval route (names of committees)/consultation: Privacy Confidentiality Risk Assessment. RCHT PCH CFT KCCG Christine Perry Director of Nursing Privacy Impact Assessment Version 2.0 Information Governance Committee Divisional Manager confirming approval processes Name and Post Title of additional signatories Name and Signature of Divisional/Directorate Governance Lead confirming approval by specialty and divisional management meetings Signature of Executive Director giving approval Publication Location (refer to Policy on Policies Approvals and Ratification): Richard Johnson Head of Quality, Safety & Compliance Not Required Name: Richard Johnson Internet & Intranet Intranet Only Page 10 of 22
11 Document Library Folder/Sub Folder Links to key external standards Related Documents: Training Need Identified? e.g. Clinical / Infection Prevention & Control Data Protection Act 1998 Information Governance Toolkit Information Use Framework Policy No training required as this policy and the tool will be used in collaboration with the Information Governance team. Version Control Table Date Version No Summary of Changes Changes Made by (Name and Job Title) 3 Nov 09 V.1 Initial issue M Scallan Head of IG. 12 Feb 13 V.2 Updated to POP compliance M Scallan Head of IG 25 Jan 16 V.3 Changed to show new assessment tool. M Scallan Head of IG [Please complete all boxes and delete help notes in blue italics including this note] All or part of this document can be released under the Freedom of Information Act 2000 This document is to be retained for 10 years from the date of expiry. This document is only valid on the day of printing Controlled Document This document has been created following the Royal Cornwall Hospitals NHS Trust Policy on Document Production. It should not be altered in any way without the express permission of the author or their Line Manager. Page 11 of 22
12 Appendix 2. Initial Equality Impact Assessment Form Privacy Impact Assessment Policy Directorate and service area: Information Governance Name of individual completing assessment: Mark Scallan 1. Policy Aim* Who is the strategy / policy / proposal / service function aimed at? Is this a new or existing Policy? existing Telephone: To provide a clear process for ensuring the Trust addresses the required confidentiality requirements for projects 2. Policy Objectives* To ensure projects consider the requirements of confidentiality and Data Protection. 3. Policy intended Outcomes* 4. *How will you measure the outcome? 5. Who is intended to benefit from the policy? 6a) Is consultation required with the workforce, equality groups, local interest groups etc. around this policy? Projects are implemented safely with the required considerations to confidentiality. Through PIA completion against the list of approved projects Patients and staff No b) If yes, have these *groups been consulted? C). Please list any groups who have been consulted about this procedure. Page 12 of 22
13 7. The Impact Please complete the following table. Are there concerns that the policy could have differential impact on: Equality Strands: Yes No Rationale for Assessment / Existing Evidence Age X No age related aspects. Sex (male, female, transgender / gender reassignment) Race / Ethnic communities /groups Disability - Learning disability, physical disability, sensory impairment and mental health problems Religion / other beliefs X X X X No sexual orientation related aspects No Race/Ethnic related aspects. No disability related aspects No Religion or belief related aspects. Marriage and civil X No Marriage/Civil partnership related aspects partnership Pregnancy and maternity X No pregnancy/maternity related aspects Sexual Orientation, Bisexual, Gay, heterosexual, Lesbian X No sexual orientation related aspects You will need to continue to a full Equality Impact Assessment if the following have been highlighted: You have ticked Yes in any column above and No consultation or evidence of there being consultation- this excludes any policies which have been identified as not requiring consultation. or Major service redesign or development 8. Please indicate if a full equality analysis is recommended. Yes No 9. If you are not recommending a Full Impact assessment please explain why. This policy as around process management, it would not have the desired elements to have a detrimental effect on any one individual or groups. Signature of policy developer / lead manager / director Date of completion and submission Names and signatures of members carrying out the Screening Assessment Keep one copy and send a copy to the Human Rights, Equality and Inclusion Lead, c/o Royal Cornwall Hospitals NHS Trust, Human Resources Department, Knowledge Spa, Truro, Cornwall, TR1 3HD A summary of the results will be published on the Trust s web site. Signed Date Page 13 of 22
14 Appendix 3. Privacy Impact Assessment Tool Privacy Impact Assessment. (PIAs) are a tool that you can use to identify and reduce the privacy risks of your projects. A PIA can reduce the risks of harm to individuals through the misuse of their personal information. It can also help us to design more efficient and effective processes for handling personal data. What do we mean by privacy? Privacy, in its broadest sense, is about the right of an individual to be let alone. It can take two main forms, and these can be subject to different types of intrusion: Physical privacy - the ability of a person to maintain their own physical space or solitude. Intrusion can come in the form of unwelcome searches of a person s home or personal possessions, bodily searches or other interference, acts of surveillance and the taking of biometric information. Informational privacy the ability of a person to control, edit, manage and delete information about themselves and to decide how and to what extent such information is communicated to others. Intrusion can come in the form of collection of excessive personal information, disclosure of personal information without consent and misuse of such information. It can include the collection of information through the surveillance or monitoring of how people act in public or private spaces and through the monitoring of communications whether by post, phone or online and extends to monitoring the records. Projects which might require a PIA A new IT system for storing and accessing personal data. A data sharing initiative where two or more organisations seek to pool or link sets of personal data. A proposal to identify people in a particular group or demographic and initiate a course of action. Using existing data for a new and unexpected or more intrusive purpose. A new surveillance system (especially one which monitors members of the public) or the application of new technology to an existing system (for example adding Automatic number plate recognition capabilities to existing CCTV). A new database which consolidates information held by separate parts of an organisation. Legislation, policy or strategies which will impact on privacy through the collection of use of information, or through surveillance or other monitoring. A move of office, building or location Page 14 of 22
15 The creation of a policy or procedure which centres on the collection or use of personal identifiable data. Any other project or activity where through careful consideration a risk could be identified which needs mitigation. Who is responsible for conducting a PIA? The completion of a PIA should be done through collaboration of the Project Sponsor, Project Manager and the Head of Information Governance. Guidance Notes (1) Does the project involve new or inherently privacy-invasive technologies? Examples of such technologies include, but are not limited to, smart cards, radio frequency identification (RFID) tags, biometrics, locator technologies (including mobile phone location, applications of global positioning systems (GPS) and intelligent transportation systems), visual surveillance, digital image and video recording, profiling, data mining, and logging of electronic traffic. Technologies that are inherently intrusive and technologies that are new and sound threatening, excite considerable public concern, and hence represent project risk. In order to answer this question, considerations include: whether all of the information technologies that are to be applied in the project are already well-understood by the public; whether their privacy impacts are all well-understood by the organisation, and by the public; whether there are established measures that avoid negative privacy impacts, or at least reduce them to the satisfaction of those whose privacy is affected; and whether all of those measures are being applied in the design of the project. (2) Is the justification for the new data-handling unclear or unpublished? Individuals are generally much more accepting of measures, even measures that are somewhat privacy-intrusive, if they can see that the loss of privacy is balanced by some other benefits to themselves or society as a whole. On the other hand, vague assertions that the measures are needed 'for security reasons', or 'to prevent fraud', are much less likely to calm public disquiet. (5) Does the project involve new or substantially changed identity authentication requirements that may be intrusive or onerous? The public understands that an identifier enables an organisation to collate data about an individual, and that identifiers that are used for multiple purposes enable data consolidation. They are also aware of the increasingly onerous registration processes and document production requirements Page 15 of 22
16 imposed by organisations in recent years. From the perspective of the project manager, these are warning signs of potential privacy risks. (8) Does the project involve new linkage of personal data with data in other collections, or significant change in data linkages? The degree of concern about a project is higher where data is transferred out of its original context. The term 'linkage' encompasses many kinds of activities, such as the transfer of data, the consolidation of data-holdings, the storage of identifiers used in other systems in order to facilitate the future searches of the current content of records, the act of fetching data from another location (eg to support so-called 'front-end verification'), and the matching of personal data from multiple sources. Page 16 of 22
17 Section one. Please complete this section to help the Information Governance Team assess whether further action is required. Information System or Project Name Person completing PIA Date Department Is this a new process or a change to an existing process? What is the project/system? Explain what the project aims to achieve, what the benefits will be to the organisation, to individuals and to other parties. Page 17 of 22
18 Please provide as much detail as possible for each of these answers. Will the project involve the collection of new information about individuals? This is where the project is increasing information we may already be collecting. Is there a clear justification for the new data handling, is this clear and is it made known to the data subjects? Will the project compel individuals to provide information about themselves? Are we making additional uses for identifiers already collected? Are we creating new identifiers, if so why and with who are they shared? Will information about individuals be disclosed to organisations or people who have not previously had routine access to the information? Are you using information about individuals for a purpose it is not currently used for, or in a way it is not currently used? Are we creating new uses? Does the project involve you using new technology which might be perceived as being privacy intrusive? For example, the use of biometrics or facial recognition. Will the project result in you making decisions or taking action against individuals in ways which can have a significant impact on them? Is the information about individuals of a kind particularly likely to raise privacy concerns or expectations? For example, health records, criminal records or other information that people would consider to be particularly private. Will the project require you to contact individuals in ways which they may find intrusive? Have we obtained consent for making contact? Page 18 of 22
19 Describe Information Flows to prevent function creep. E.g. Obtained, used, retained. Does the project involve new or substantially changed identity authentication requirements that maybe intrusive or onerous? Will the project result in the handling of a significant amount of new data about data subjects, or change in existing data holding? Will the project involve collecting information about a significantly larger group of people? Will the data be linked to other systems? For example will there be new interfaces that link this data to other previously unconnected systems? Will there be new of changed data collection policies or practices that maybe unclear or intrusive? Does the project involve new or changed data quality assurance processes or standards that maybe unclear or intrusive? Does the project involve new or changed data security arrangements that maybe unclear or intrusive? Does the project involve new or changed data access or disclosure arrangements that maybe unclear? Does the project involve new or changed data retention arrangements that maybe unclear? Does the Project involve changing the medium of disclosure for publically available information in such a way that the data becomes more readily accessible than before? Will the project give rise to new or changed datahandling that is in any way exempt from legislative privacy protections? Page 19 of 22
20 Section two What types of information is involved? Please indicate all likely data types. Personal Information: Name Please tick Sensitive Information Health/Clinical related information Please tick Initials only Religion Address Racial category Postcode Disabilities Part of Post Code Sexual persuasion NHS Number Safeguarding Adult or Children Local identifier Personal banking/financial information Date of Birth Criminal convictions Staff Administration Number Trade Union affiliation. Staff designation Any other types of information not mentioned above please outline below Data Flows. Describe the information flows of the project. Explain what information is used, what it is used for, who it is obtained from and disclosed to, who will have access, and any other necessary information. Page 20 of 22
21 Risk Risk to Individuals. Inadequate disclosure controls increase the likelihood of information being shared inappropriately. The context in which information is used or disclosed can change over time, leading to it being used for different purposes without people s knowledge New surveillance methods may be an unjustified intrusion on their privacy Measures taken against individuals as a result of collecting information about them might be seen as intrusive. The sharing and merging of datasets can allow organisations to collect a much wider set of information than individuals might expect. Identifiers might be collected and linked which prevent people from using a service anonymously. Vulnerable people may be particularly concerned about the risks of identification or the disclosure of information. Collecting information and linking identifiers might mean that an organisation is no longer using information which is safely anonymised. Information which is collected and stored unnecessarily, or is not properly managed so that duplicate records are created, presents a greater security risk If a retention period is not established information might be used for longer than necessary. Corporate and compliance Risk Non-compliance with the DPA or other legislation can lead to sanctions, fines and reputational damage. Problems which are only identified after the project has launched are more likely to require expensive fixes The use of biometric information or potentially intrusive tracking technologies may cause increased concern and cause people to avoid engaging with the organisation. Information which is collected and stored unnecessarily, or is not properly managed so that duplicate records are created, is less useful to the business. Public distrust about how information is used can damage an organisation s reputation and lead to loss of business. Data losses which damage individuals could lead to claims for compensation. Non-compliance with the Privacy and Electronic Communications Regulations (PECR). Non-compliance with sector specific legislation or standards. Non-compliance with human rights legislation. Page 21 of 22
22 Identify the key privacy risks and the associated compliance and corporate risks. Larger-scale PIAs might record this information on a more formal risk register. Privacy issue Risk to individuals Compliance risk Associated organisation / corporate risk Identify privacy solutions Describe the actions you could take to reduce the risks, and any future steps which would be necessary (e.g. the production of new guidance or future security testing for systems). Risk Solutions Result: is the risk eliminated, reduced, or accepted Evaluation: is the final impact on individuals after implementing each solution a justified, compliant and proportionate response to the aims of the project? Signed:. Date:... Project Lead Signed:. Date: Head of Information Governance Page 22 of 22
AVOIDING CONTRAST NEPHROPATHY - CLINICAL GUIDELINE 1. Aim/Purpose of this Guideline
AVOIDING CONTRAST NEPHROPATHY - CLINICAL GUIDELINE 1. Aim/Purpose of this Guideline 1.1. This assessment guideline is applicable to any clinician who requests or performs contrast associated clinical imaging.
More informationAdditional Annual Leave Purchase Scheme V3.0
Additional Annual Leave Purchase Scheme V3.0 Table of Contents 1. Introduction... 3 2. Purpose of this Policy/Procedure... 3 3. Scope... 3 4. Definitions / Glossary... 3 5. Ownership and Responsibilities...
More informationRadon Management Policy V2.0
V2.0 September 2015 Summary. Start Scope All premises for which the organisation has maintenance responsibility will have radon measurements taken and, where identified as radon affected, control measures
More informationPolicy and Procedure in case of an under or overpayment of salary, allowances and benefits. V4.0
Policy and Procedure in case of an under or overpayment of salary, allowances and benefits. V4.0 Summary. The Trust has a duty to ensure that all staff are paid correctly. Occasionally, there will be incorrect
More informationPay Protection Policy V2.0
V2.0 Table of Contents 1. Introduction... 3 2. Purpose of this Policy/Procedure... 3 3. Scope... 3 4. Definitions / Glossary... 3 5. Ownership and Responsibilities... 4 5.1. Role of the Chief Executive...
More informationGUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT
GUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT A Data Privacy Impact Assessment (DPIA) helps the University to assess the necessity and proportionality of processing personal data. A DPIA will enable the
More informationPlanned and Reactive Maintenance Policy V1.1
V1.1 November 2016 Summary Page 2 of 15 Table of Contents 1. Introduction... 4 2. Purpose of this Policy/Procedure... 4 3. Scope... 4 4. Definitions / Glossary... 4 5. Ownership and Responsibilities...
More informationStarting Salaries Policy. Document Title. Date Issued/Approved: September Date Valid From: 4 July Date Valid To: 31 March 2018
POLICY UNDER REVIEW Please note that this policy is under review. It does, however, remain current Trust policy subject to any recent legislative changes, national policy instruction (NHS or Department
More informationConducting privacy impact assessments code of practice
Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 Information Commissioner s foreword... 2 About this code... 3 Chapter 1 Introduction to PIAs...
More informationLeicestershire Police CCTV on Police Premises Policy
Leicestershire Police CCTV on Police Premises Policy Policy Owner: Department Responsible: Chief Officer Approval: Deputy Chief Constable Corporate Services Directorate Deputy Chief Constable Date of Next
More informationConducting privacy impact assessments code of practice
ICO lo Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 About this code... 3 Chapter 1 - Introduction to PIAs... 5 What the ICO means by PIA...
More informationData Protection Impact Assessment Policy
Data Protection Impact Assessment Policy Version 0.1 1 VERSION CONTROL Version Date Author Reason for Change 0.1 16.07.18 Debby Jones New policy 2 EQUALITY IMPACT ASSESSMENT Section 4 of the Equality Act
More informationAsbestos Management Plan. Policy, Organisation and Arrangements V2.2
Asbestos Management Plan Policy, Organisation and Arrangements V2.2 December 2015 Summary / Policy Statement The Royal Cornwall Hospitals NHS Trust is committed to meeting all the duties placed upon it
More informationData Protection Policy
Data Protection Policy StCH Data Protection Policy - POL 53 vs1 - July 2016 1 Document Control Table Document Title: Data Protection Policy Document Ref: POL 53 Author (name and job title): Karen Anderson,
More informationSustainable Development Management Plan V3.0
V3.0 November 2017 Summary Reducing CO 2 to meet or eceed 2020 targets Promote low carbon travel & transport Commit to sustainable commisioning and procurement Manage water, waste & chemicals responsibly
More informationStaff Briefing Session
Data Protection Act 1998 Privacy Impact Assessment (PIA) Compliance for Clinical Commissioning Groups Staff Briefing Session Overview PIA Requirement Annex one Privacy impact assessment screening questions
More informationPolicy on Supplier Representatives. October 2015
V5 October 2015 Summary Key Points Supplier Representatives must not enter any area without an appointment Supplier Representatives must be registered on the Medical Industry Accredited System If the meeting
More informationNHS Sunderland Clinical Commissioning Group. Information Governance Strategy 2016/17
NHS Sunderland Clinical Commissioning Group Information Governance Strategy 2016/17 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Executive Committee Governing
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn Executive Director of Performance and Assurance Sue Proud Information
More informationNHS Newcastle Gateshead Clinical Commissioning Group. Information Governance Strategy 2017/18
NHS Newcastle Gateshead Clinical Commissioning Group Information Governance Strategy 2017/18 Document Status Equality Impact Assessment Document Ratified/Approved By Final No impact Quality, Safety & Risk
More informationData protection (GDPR) policy
Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL
More informationThis Policy supersedes the following Policy, which must now be destroyed:
Document Title Reference Number Lead Officer Author(s) (name and designation) Ratified by Forensic Readiness Policy NTW(O)56 Lisa Quinn, Executive Director of Commissioning and Quality Assurance Angela
More informationPrivacy Impact Assessment Policy and Procedure
Privacy Impact Assessment Policy and Procedure This document outlines the Trust s approach and methodology for conducting Privacy Impact Assessments in line with the Information Risk Policy Key Words:
More informationEquality and Diversity Policy
Equality and Diversity Policy Hertfordshire, Bedfordshire and Luton Clinical Commissioning Groups Page 1 of 15 DOCUMENT CONTROL SHEET Document Owner: Director of Workforce Document Author(s): Louise Thomas,
More informationINFORMATION GOVERNANCE POLICY
INFORMATION GOVERNANCE POLICY Unique Reference / Version Primary Intranet Location Information Management & Governance Secondary Intranet Location Policy Name Information Governance Policy Version Number
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationIGPr002 - Information Governance Management Framework
IGPr002 - Information Governance Management Framework Page 1 of 10 Table of Contents Information Governance Management Framework... 1 Why we need this Framework... 3 What the Framework is trying to do...
More informationAgenda for Change Job Matching Policy. Document Title. Date Issued/Approved: May Date Valid From: 29 July Date Valid To: 30 June 2018
POLICY UNDER REVIEW Please note that this policy is under review. It does, however, remain current Trust policy subject to any recent legislative changes, national policy instruction (NHS or Department
More informationFreedom of Information (FOI) Policy
Freedom of Information (FOI) Policy Subject Freedom of Information Act (2000) Policy number Tbc Approved by Trust Executive Group Date approved March 2015 Version 2 Policy owner Director of Communications
More informationProject Title. Project Number. Privacy Impact Assessment
Project Title Project Number Privacy Impact Assessment This document is classified as Official and is disclosable under the terms of the Freedom of Information Act. No part of the report should be disseminated
More informationEquality and Diversity Policy
Equality and Diversity Policy Author(s) (name and post): Version No.: Version 2 Lisa Kelly, HR Business Partner, MLCSU Approval Date: 21 st November 2017 Review Date: July 2021 Author/s: NHS Staffordshire
More informationInformation Sharing Policy
Information Sharing Policy DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 19 December 2012 Name of originator/author: Information Governance Manager Name of responsible
More informationInformation Governance Policy and Management Framework
Putting Barnsley People First Information Governance Policy and Management Framework Version: 2.0 Approved By: Governing Body Date Approved: February 2014 Name of originator / author: Richard Walker Name
More informationHUMAN RESOURCES POLICY
HUMAN RESOURCES POLICY EQUALITY & DIVERSITY Policy Number: HR08 Version Number: 3.0 Issued Date: May 2017 Review Date: May 2020 Sponsoring Director: Prepared By: Consultation Process: Formally Approved:
More informationTourettes Action Data Protection Policy
Tourettes Action Data Protection Policy Effective date: 01/01/2018 Review date: 01/01/2020 Approved: Suzanne Dobson, CEO Tourettes Action Author: Pippa McClounan, Office Manager Tourettes Action Version
More informationFreedom of Information/Environmental Information Regulations Policy and Procedure
Policy Number: 8.3 Version number: 01 Date of issue: Date Archived: Reason for policy: (Redraft/new) New policy to ensure compliance with current legislation Authorised by: On Behalf of Management (Signature)
More informationWorkforce Equality and Diversity Policy
Type of Document Code: Policy Sponsor Lead Executive Recommended by: Workforce Equality and Diversity Policy Policy STHK0088 Deputy Human Resources Director Human Resources Director Policy Sub-Group Date
More informationPrivacy Impact Assessment: Standard Operating Procedure
Corporate Privacy Impact Assessment: Standard Operating Procedure Document Control Summary Status: Version: Author/Title: Owner/Title: Approved by: Ratified: Related Trust Strategy and/or Strategic Aims
More informationGetting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations
Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations Page 1 of 22 Your business and the new data protection laws Data protection and privacy
More informationInformation Governance Assurance Framework
Document Reference POL008 Document Status Approved Version: V4.0 DOCUMENT CHANGE HISTORY Initiated by Date Author IG Toolkit Requirements November 2010 IG Manager Version Date Comments (i.e. viewed, or
More informationDocument Title: Annual Progress Reports (APRs) Document Number: 056
Document Title: Annual Progress Reports (APRs) Document Number: 056 Version: 1 Ratified by: Committee Date ratified: 30/11/2017 Name of originator/author: Directorate: Department: Name of responsible individual:
More informationData Protection Policy
Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:
More informationThe Newcastle upon Tyne Hospitals NHS Foundation Trust. Sustainability Policy
The Newcastle upon Tyne Hospitals NHS Foundation Trust Sustainability Policy Version No.: 2.0 Effective From: 22 December 2017 Expiry Date: 22 December 2020 Date Ratified: 20 July 2017 Ratified By: Sustainable
More informationWe support providers to give patients safe, high quality, compassionate care within local health systems that are financially sustainable.
Equality in our workforce: Monitor workforce at 31 March 2017 We support providers to give patients safe, high quality, compassionate care within local health systems that are financially sustainable.
More informationRecruiting Ex-Offenders Policy
Recruiting Ex-Offenders Policy Ref: ELCCG_HR25 Version: Version 3 Supersedes: Version 2 Author (inc Job Title): Ratified by: (Name of responsible Committee) LCSU HR Remuneration Committee Date ratified:
More informationPrivacy Notice. If you wish to know more about our approach to Data Protection please read this Privacy Notice.
Privacy Notice Midland Heart Ltd makes records from our contact with you, including personal information that is subject to the General Data Protection Regulations (GDPR). We also collect information about
More informationDATA PROTECTION POLICY 2018
DATA PROTECTION POLICY 2018 Amesbury Baptist Church is committed to protecting all information that we handle about people we support and work with, and to respecting people s rights around how their information
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationData Protection Policy
Data Protection Policy This policy will be reviewed by the Trust Board three yearly or amended if there are any changes in legislation before that time. Date of last review: Autumn 2018 Date of next review:
More informationINFORMATION GOVERNANCE MANAGEMENT FRAMEWORK
INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK Document History Document Reference: IG33 Document Purpose: The document complements all other Information Governance policies and sets out the management arrangements
More informationEquality Impact Assessment Guidance and Template
Equality Impact Assessment Guidance and Template Page 1 of 10 / Equality Impact Assessment Guidance and Template / V1.0 / 11/2017 / LC Core Documentation Cover Page Equality Impact Assessment Guidance
More informationNHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY
NHS SOUTH DEVON AND TORBAY CLINICAL COMMISSIONING GROUP INFORMATION LIFECYCLE MANAGEMENT POLICY Version Control Version: 2.0 dated 17 July 2015 DATE VERSION CONTROL 04/06/2013 1.0 First draft of new policy
More informationColchester Hospital University NHS Foundation Trust. Equality Act Equality Delivery System Equality Objectives April March 2016
Introduction Colchester Hospital University NHS Foundation Trust Equality Act Equality Delivery System Equality Objectives April 2012 - March 2016 The Public Sector Equality Duties require that public
More informationTitle Issue Date May 2017 Review Date May 2019 Total Number of Pages 10 Owner. Equality and Diversity Policy. Bernie White Distribution.
Definition(s) E&D - Equality and Diversity RRA - Race Relations Act POVA - Protection of Vulnerable Adults CP - Child Protection DDA - Disability Discrimination Act MCA - Mental Capacity Act Purpose Purpose
More informationHONORARY EMERITUS STATUS FOR RETIRING CONSULTANT STAFF (MD10)
HONORARY EMERITUS STATUS FOR RETIRING CONSULTANT STAFF (MD10) If you require a copy of this policy in an alternative format (for example large print, easy read) or would like any assistance in relation
More informationPRIVACY NOTICE RNOH Trust Employees & Temporary workers
PRIVACY NOTICE RNOH Trust Employees & Temporary workers For further information about GDPR please contact: Data Protection Officer Tel: 020 3947 0419 rnoh.informationgovernance@nhs.net The Royal National
More informationEQUALITY AND DIVERSITY POLICY
EQUALITY AND DIVERSITY POLICY Version: 2 Ratified by: Date ratified: 13th March 2013 Approving Committee/Group (Date) Date Approved by Medicines Management Committee Name and Title of originator/author:
More informationThe Health Board objective of delivering the highest quality services possible can only be achieved by a workforce that is sufficiently skilled,
Section A: Assessment Name of Policy Partnership and Recognition Agreement Person/persons conducting this assessment with Contact Details Rachel Pressley, Workforce Governance Manager Andrew Crook, Head
More informationRecruiting Ex-Offenders Policy
Commissioning Support Unit Recruiting Ex-Offenders Policy HR Policy: HR25 Date Issued: 1/4/2013 Date to be reviewed: Periodically or if legislation changes Page 1 of 11 Policy Title: Supersedes: Description
More informationRecruitment and Selection Policy All Staff
Recruitment and Selection Policy All Staff Document Control Information Reviewed by the Strategic Management Team Date of Next Review: 13 December 2018 Approved by the Board of Management: 12 December
More informationEQUALITY AND DIVERSITY POLICY
EQUALITY AND DIVERSITY POLICY Page 1 of 8 Policy Title: Supersedes: Description of Amendment(s): This policy will impact on: Financial Implications: Equality and Diversity Policy Any previously agreed
More informationProcurement. Equalities in Procurement Policy. Policy Review Period/Expiry. November 2014
Procurement Equalities in Procurement Policy Policy Manager Andy Hay Policy Group Procurement Policy Established November 2013 Policy Review Period/Expiry November 2014 Last Updated November 2013 Aims
More informationInformation governance strategy
Information governance strategy January 2018 Version 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment V 1.0 Trevor Duplessis 22/01/18 Due for review Dec
More informationInformation Commissioner s Office. Consultation: GDPR DPIA guidance
Information Commissioner s Office Consultation: GDPR DPIA guidance Start date: 22 March 2018 End date: 13 April 2018 ICO GDPR guidance: Contents (for web navigation bar) At a glance About this detailed
More informationPRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE
PRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE Reference No: IG40 Version: 1.2 Purpose of Document: Ratified by: Date ratified: 27 th September 2013 Review Date September 2014 Name of originator/author: Contact
More informationHUMAN RESOURCES POLICY
rth of England Clinical Commissioning Groups rth of England Clinical Commissioning Groups HUMAN RESOURCES POLICY RECRUITING EX-OFFENDERS Policy Number: HR25 Version Number: 3.0 Issued Date: May 2017 Review
More informationEquality Analysis: a design tool for services, functions, strategies and policies
Equality Analysis: a design tool for services, functions, strategies and policies 1 Inclusive Design Design is a crucial factor in developing effective policies, strategies and inclusive services. Every
More informationTHE PAINSLEY CATHOLIC ACADEMY. GDPR Data Protection Impact Assessment Policy
THE PAINSLEY CATHOLIC ACADEMY GDPR Data Protection Impact Assessment Policy 1 GDPR The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people s personal
More informationInformation Asset Register IAR. Guidance for Schools
Information Asset Register IAR Guidance for Schools Contents 1. Introduction... 3 2. What is an Information Asset?... 4 3. What is an Information Asset Register?... 4 4. Why Do We Need an Information Asset
More informationLeicester, Leicestershire, and Rutland Facilities Management Collaborative (LLR FMC) Job Description. Director of Performance, Quality & Assurance
Leicester, Leicestershire, and Rutland Facilities Management Collaborative (LLR FMC) Job Description JOB TITLE: Statutory Compliance Officer (Non Acute) BAND: 6 BASE: Your primary base is to be confirmed,
More informationRecruiting Ex-Offenders Policy
Recruiting Ex-Offenders Policy April 2014 Author: Responsibility: Sue Hand, Head of HR All Staff Effective Date: April 2014 Review Date: April 2016 Reviewing/Endorsing committees Approved by Governance
More informationPOLICY. Data Breach Notification Policy. Version Version 1.0. Equality Impact Assessment Status. Date approved 23 rd May 2018
POLICY Document Title Data Breach Notification Policy Version Version 1.0 Equality Impact Assessment Status TBC Approved by Senior Management Team Date approved 23 rd May 2018 Effective date 25 th May
More informationGDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS
GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS What is the purpose of this document? FS1 Recruitment UK Ltd is committed to protecting the privacy and security of your
More informationProtection of Pay and Conditions of Service (As a Result of Organisational Change)
Protection of Pay and Conditions of Service (As a Result of Organisational Change) Document Owner ENHCCG Document Author Jenny Holland, Senior HR Advisor Version Directorate Authorised By FINAL Human Resources
More informationBBC Equality Analysis: Project & Policy Template
BBC Equality Analysis: Project & Policy Template Introduction The Equality Act 2010 established the public sector equality duty applicable to all public authorities, including for the most part, the functions
More informationThe Act protects lesbian, gay, bi-sexual and heterosexual people. This includes colour, ethnic / national origin or nationality
BP-HR-065.1 Page no: 1 of 13 Business Process Issue No: 02 Issue date: 09/08/2013 Review date: 08/08/2016 Equality Impact Assessment (EqIA) Originator: Carol Gillespie It is important to note that not
More informationEDINBURGH NAPIER UNIVERSITY A GUIDE TO PRIVACY IMPACT ASSESSMENTS
EDINBURGH NAPIER UNIVERSITY A GUIDE TO PRIVACY IMPACT ASSESSMENTS PART ONE ABOUT PIAs... 2 What is this guide for?... 2 What is a PIA and what does it do?... 2 What are the risks of not carrying out a
More informationReview date: November 2014 Responsible Manager: Director of Human Resources Group Director (HR and Corporate Services) Accessible to Students: No
Staff Disciplinary Policy & Procedure Date approved: 24 November 2011 Approved by: NCG Executive Review date: November 2014 Responsible Manager: Director of Human Resources Executive Lead: Group Director
More informationNOT PROTECTIVELY MARKED. BCH06/001 Civil Contingencies Unit Business Continuity Policy. NOT PROTECTIVELY MARKED Feb-18 Page 1 of 11
BCH06/001 Civil Contingencies Unit Business Continuity Policy Feb-18 Page 1 of 11 TABLE OF CONTENTS 1. POLICY AIM... 3 2. APPLICABILITY... 3 2.1 Inclusions... 4 2.2 Exclusions... 4 3. THE POLICY... 4 4.
More informationCareer Choices Dewis Gyrfa Equality and Diversity Policy
Career Choices Dewis Gyrfa Equality and Diversity Policy Context Career Choices Dewis Gyrfa (CCDG) which trades as Gyrfa Cymru Careers Wales, The Company, supports clients to plan their career development
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY APRIL 2018 Attendance Policy and Procedures (Pupils) (P3/Policies) Updated January 2018 Page 1 of 11 Title Summary Purpose Operational Date April 2018 Next Review Date April 2019
More informationHUMAN RESOURCES POLICY
rth of England Clinical Commissioning Groups HUMAN RESOURCES POLICY RECRUITING EX-OFFENDERS Policy Number: HR25 Version Number: 2.0 Issued Date: May 2017 Review Date: May 2020 Sponsoring Director: Prepared
More informationDevelopment and Management of Procedural Documents Policy
Development and Management of Procedural Documents Policy The 5 key messages the reader should note about this document are: 1. Procedural Documents are important within any organisation. They are an essential
More informationPrivacy Notice for Suppliers of Goods and Services
Privacy Notice for Suppliers of Goods and Services In the development of this policy consideration has been given to Equality and Diversity and Data Protection. Equality and Diversity DEMAT is committed
More informationSuspension, Exclusion or Transfer Policy
Suspension, Exclusion or Transfer Policy Solent NHS Trust Policies can only be considered to be valid and up-to-date if viewed on the intranet. Please visit the intranet for the latest version. Purpose
More informationHYDRASUN LTD RECRUITMENT PRIVACY NOTICE
HYDRASUN LTD RECRUITMENT PRIVACY NOTICE Introduction Hydrasun Limited is a company incorporated in Scotland and having its registered office at Gateway Business Park, Moss Road, Aberdeen AB12 3GQ. We are
More informationGlasgow Kelvin College. Recruitment and Selection Policy. All Staff
Glasgow Kelvin College Recruitment and Selection Policy All Staff Document Control Information Status: Active Responsibility for document review: Strategic Management Team Current version review date:
More informationEquality and Human Rights Policy
Equality and Human Rights Policy Policy Number: Scope of this Document: Recommending Committee: Approving Committee: HR10 All Colleagues, Patients and Service Users, Visitors, Carers, Volunteers, Contractors
More informationBaptist Union of Scotland DATA PROTECTION POLICY
Baptist Union of Scotland DATA PROTECTION POLICY Adopted: May 2018 1 1.The Baptist Union of Scotland 48, Speirs Wharf, Glasgow G4 9TH (Charity Registration SC004960) is committed to protecting all information
More informationThe Heathland School. Privacy notice for staff
The Heathland School Privacy notice for staff Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this
More informationPage 1 of 7 Recommendation CM/Rec(2010)13 of the Committee of Ministers to member states on the protection of individuals with regard to automatic processing of personal data in the context of profiling
More informationRole Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities
Role Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities Accountable to: All employed staff working within the 3 CCGs Within the 3 CCGs the Chief Officer
More informationRoyal National Hospital for Rheumatic Diseases NHS Foundation Trust. Equal Opportunities in Employment
Royal National Hospital for Rheumatic Diseases NHS Foundation Trust T 01225 465941 F 01225 421202 E info@rnhrd.nhs.uk W www.rnhrd.nhs.uk Royal National Hospital for Rheumatic Diseases NHS Foundation Trust,
More informationSAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]
SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY Adopted: [17-04-2018] 1 SAFFRON WALDEN COMMUNITY CHURCH is committed to protecting all information that we handle about people we support and work
More informationPOLICY MANAGEMENT FRAMEWORK
POLICY MANAGEMENT FRAMEWORK October 2012 Author: Responsibility: Janet Young, Governance and Risk Manager All Staff Effective Date: ctober 2012 Review Date: October 2014 Reviewing/Endorsing committees
More informationThe Newcastle Upon Tyne Hospitals NHS Foundation Trust. Aggregating Data and Learning from Incidents, Complaints and Claims Policy
The Newcastle Upon Tyne Hospitals NHS Foundation Trust Aggregating Data and Learning from Incidents, Complaints and Claims Policy Version no. 2.1 Effective from: 2 nd October 2012 Expiry date: 31 st October
More informationThis privacy notice applies to attendees, organisers and others involved in Merton College s conferences and events
This privacy notice applies to attendees, organisers and others involved in Merton College s conferences and events A summary of what this notice explains Merton College is committed to protecting the
More informationMoving and Handling Policy
Moving and Handling Policy Ratified Governance and Risk Committee Status Approved Issued August 2014 Approved By Governance and Risk Committee Consultation Governance and Risk Committee Equality
More informationGeneral Optical Council. Data Protection Policy
General Optical Council Data Protection Policy Authors: Lisa Sparkes Version: 1.2 Status: Live Date: September 2013 Review Date: September 2014 Location: Internet / Intranet Document History Version Date
More informationScottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY
Dingwall Baptist Church DATA PROTECTION POLICY Adopted: By Trustees Dingwall Baptist Church May 2018 1 Dingwall Baptist Church is committed to protecting all information that we handle about people we
More information