DataProtdoc - Bishop Burton College

Document Sample
DataProtdoc - Bishop Burton College Powered By Docstoc
					                                           Bishop Burton
                                                            COLLEGE

                                       DATA PROTECTION POLICY

1.       Introduction
         Bishop Burton College must comply with the Data Protection Principles which are set out in the
         Data Protection Act 1998. In summary the Data Protection Principles state that personal data
         shall be:
            obtained and processed fairly and lawfully and shall not be processed unless certain
              conditions are met
            obtained for a specified and lawful purpose and shall not be processed in any manner
              incompatible with that purpose
            adequate, relevant and not excessive for those purposes
            accurate and kept up to date
            kept no longer than is necessary for that purpose
            processed in accordance with the data subject’s rights
            kept safe from unauthorised access, accidental loss or destruction; and
            shall not be transferred to a country outside the European Economic Area, unless that
              country has equivalent levels of protection for personal data.

         Bishop Burton College and all staff or other authorised users who process or use any personal
         information must ensure that they follow these principles at all times. In order to ensure that this
         happens, Bishop Burton College has developed a Data Protection Policy.

2.       Status of the Policy
(i)      Staff
         This policy does not form part of the formal contract of employment, but it is a condition of
         employment that employees will abide by the rules and policies made by Bishop Burton
         College. Any failure to follow the policy can, therefore, result in disciplinary proceedings.

         Any member of staff who considers that the policy has not been followed in respect of personal
         data about themselves should raise the matter with the designated data controller initially. If the
         matter is not resolved it may be raised as a formal grievance.

(ii)     Students
         By enrolling with the college a student has agreed to be bound by the college regulations. A
         student who ignores his/her responsibilities may find the student disciplinary regulations being
         invoked.

3.       Notification of Data Held and Processed
         All staff, students and college clients are entitled to know:
            what information Bishop Burton College holds and processes about them and why
            how to gain access to it
            how to keep it up to date
            what Bishop Burton College is doing to comply with its obligations under the 1998 Act.

         Information held on students and staff is initially that provided by prospective students and
         employees on the application form. The information will be added to during the period of
         study/employment (contract period) as necessary. Information on college clients will be of a
         financial or contractual nature and will be held for specified purposes eg payment processing.

         Access to information is detailed in paragraph 7 and how to keep information updated is
         detailed in paragraphs 4 and 5.

         Bishop Burton College is complying with its obligations under the Act by having a policy which
         enables staff, students and clients to understand their rights and responsibilities and by
         providing appropriate additional information and guidance for staff on their specific duties.


mbi/dpact/dppolicy.doc                       1 of 4                              December 2000
4.       Student/Client Responsibilities
         Students and clients are responsible for:
             checking that the information is accurate and up to date
             informing the College in writing of any changes to the information held, eg change of name,
              address, etc.

         The College cannot be held responsible for any inaccuracy unless the student/client can
         demonstrate that s/he had previously notified the College in writing of any change/s.

5.       Staff Responsibilities
(i)      Personal Data Provided to the College
         With reference to the personal data which the College holds on them, staff are responsible for:
             checking that the information is accurate and up to date
             informing the College in writing of any changes to the information held, eg change of name,
               address, etc.

         The College cannot be held responsible for any inaccuracy unless the employee can
         demonstrate that s/he had previously notified the College in writing of any change/s.

(ii)     Data held on Students/Clients/Employers/etc
         If and when, as part of their responsibilities, staff collect information about other people (eg
         about students course work, opinions about ability, references to other academic institutions, or
         details of personal circumstances) they must comply with the following guidelines:
             ensure that personal subject data they hold is kept securely, ie not accessible to other
              people, and, if the data is computerised, it should be password protected or kept only on
              disk which is itself kept securely
             ensure that personal subject data is not disclosed either orally or in writing, accidentally or
              otherwise, to any unauthorised third party.

         Staff should note that unauthorised disclosure will usually be a disciplinary matter.

6.       Retention of Data
         Bishop Burton College will keep some forms of information for longer than others and the table
         below indicates the periods of time different information will be held:

             Type of Data                      Retention Period                         Reason
Student        records,   including   At least 6 years from the date the   Limitation period for negligence
academic        achievements and      student leaves the college in
conduct                               case of litigation for negligence
                                      At least 10 years for personal
                                      and academic references with
                                      the agreement of the student
Application forms/interview notes     At least 6 months from the date      Time limits on litigation
                                      of the interviews
Accident books, and records and       3 years after the date of the last   RIDDOR 1985
reports of accidents                  entry
Medical records kept by reason        40 years                             COSHHR 1994
of the Control of Substances
Hazardous to Health Regulations
Personnel files including training    6 years from end of employment       References       and        potential
records and notes of disciplinary                                          litigation
and grievance hearings
Wages and salary records              6 years                              Taxes Management Act 1970
Statutory Sick Pay records and        6 years                              Statutory Sick Pay (General)
calculations                                                               Regulations 1982
Health records                        During employment                    Management of Health and
                                                                           Safety at Work Regulations


mbi/dpact/dppolicy.doc                       2 of 4                             December 2000
Health records where reason for       3 years                               Limitation period for personal
termination of employment is                                                injury claims
connected with health, including
stress related illness
Statutory Maternity Pay records       3 years                               Statutory     Maternity    Pay
and calculations                                                            (General) Regulations 1986
Income Tax and NI returns,            At least 3 years after the end of     Income     Tax     (Employment)
including correspondence with         the financial year to which the       Regulations 1993
tax office                            records relate
Facts relating to redundancies        3 years from the date of              Time limits on litigation
where       less       than   20      redundancy
redundancies`
Facts relating to redundancies        3 years from        the   date   of   As above
where 20 or more redundancies`        redundancy

7.       Rights to Access Information
         Staff, students and other users of Bishop Burton College have the right to access any personal
         data that is being kept about them either on computer or in certain files. Any person who
         wishes to exercise this right should complete the college “Access to Information” form and
         forward it to the College Administrator.

         Bishop Burton College will make a charge of £10 to cover administrative costs on each
         occasion that an access request is received.

         Bishop Burton College aims to comply with requests for access to personal information as
         quickly as possible, but will ensure that it is provided within 21 days unless there is good reason
         for delay. In such cases, the reason for delay will be explained in writing to the individual
         making the request. Students will be entitled to information about their marks for both
         coursework and examinations. However, this may take longer than other information to provide.

8.       Examination/Progression Information
         Examination and progression results may be displayed within the College. Any individual
         student who does not wish to be included in such a list must make a formal written request for
         exclusion to the College Administrator.

9.       Publication of Bishop Burton College Information
         Information that is already in the public domain is exempt from the 1998 Act. It is Bishop Burton
         College policy to make as much information public as possible and, in particular, the following
         information will be available to the public for inspection:
            names of Bishop Burton College governors and details of how to contact them
            list of key staff (senior staff and those with special responsibilities)
            photographs of key staff.

         Any individual who has good reason for wishing details in these lists or categories to remain
         confidential should contact the designated data controller.

         The Bishop Burton College internal phone list will not be a public document.

10.      Subject Consent
         In many cases, Bishop Burton College can only process personal data with the consent of the
         individual. All prospective staff, students and clients will be asked for their consent in processing
         particular types of information when an offer of employment or a course offer is made or a
         commercial contract is being negotiated. Agreement to Bishop Burton College processing
         some specified classes of personal data is a condition of acceptance of the contract between
         the member of staff, student or client with the college. For staff and students this includes
         information about previous criminal convictions and for commercial clients may include
         information about financial standing.



mbi/dpact/dppolicy.doc                       3 of 4                             December 2000
         In some cases, if the data is sensitive, express consent must be obtained – see paragraph 11.

         Some posts or courses will bring employees and students into contact with children, including
         young people between the ages of 16 and 18. Bishop Burton College has a duty under the
         Children Act and other legislation to ensure that staff are suitable for the post applied for and
         students for their preferred course. Bishop Burton College also has a duty of care to all staff
         and students and must, therefore, make sure that employees and those who use Bishop Burton
         College facilities do not pose a threat or danger to other users.

         Bishop Burton College will also ask for information about particular health needs, such as
         allergies to particular forms of medication, or other conditions such as asthma or diabetes.
         Bishop Burton College will only use this information to protect the health and safety of the
         individual.

11.      Express Consent (Sensitive Data)
         Sometimes it is necessary to process information about a person’s health, criminal convictions,
         race and gender and family details. This may be to ensure that Bishop Burton College is a safe
         place for everyone or to operate other College policies, such as the sick pay policy or equal
         opportunities policy. As this information is deemed sensitive under the Data Protection Act and
         it is appreciated that processing such data may cause concern express consent will be
         requested of staff and students. An offer of employment or of a course place may be withdrawn
         if an individual refuses to give consent without good reason. More information about express
         consent for sensitive data is available from the Registration office (for students) and the
         Personnel Section (for staff and clients).

12.      The Data Controller and the Designated Data Controllers
         Bishop Burton College as an incorporated further education institution is the data controller
         under the Act and the College Corporation is, therefore, ultimately responsible for
         implementation. However, the designated data controllers will deal with day to day matters.

         Bishop Burton College has two designated data controllers and they are the Director of
         Corporate Services (01964 553008) and the College Administrator (01964 553004).

13.      Conclusion
         Compliance with the 1998 Act is the responsibility of all Bishop Burton College staff, students
         and clients. Any deliberate breach of the data protection policy on the part of staff or students
         may lead to disciplinary action being taken, or access to Bishop Burton College facilities being
         withdrawn or a criminal prosecution. Any questions or concerns about the interpretation or
         operation of this policy should be taken up with the designated data controllers.




mbi/dpact/dppolicy.doc                     4 of 4                            December 2000

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:31
posted:2/28/2010
language:English
pages:4