Data Protection Statement

May 2008

Principles

The Data Protection Act 1998 states that any Data Controller, defined as a person or organisation controlling the use of personal data, must comply with the eight enforceable principles of good practice.  That personal data must be

  • fairly and lawfully processed
  • processed for limited purposes
  • adequate, relevant and not excessive
  • accurate
  • not kept longer than necessary
  • processed in accordance with the Data Subject's rights
  • kept secure
  • not transferred abroad without adequate protection.


Personal data covers both facts and opinions about a living individual and can be any type of material including text, photographs, video, or audio.


Scope

This policy is intended to inform and assist staff and members of the LINk in complying with the requirements of the Data Protection Act 1998 (DPA) and its related legislation:

  • The Freedom of Information Act 2000 (FOIA)
  • The Human Rights Act 1998 (HRA)
  • The Public Interest Disclosure Act 1998 (PIDA)


Policy statement

It is the policy of Derby LINk that it will hold all personal data in accordance with the principles and requirements of the Data Protection Act 1998 and other relevant legislation, in collaboration with the host organisation, Community Action Derby.

All senior managers and postholders are committed to maintaining procedures that will ensure the correct handling of data relating to individuals (data subjects) and to raising awareness within the LINk of data protection issues.

Every member of the LINk or its staff is responsible for taking precautions to ensure the security of personal information.  This applies both when it is in their possession and when they are transferring it to another person or organisation.


Information covered by this policy

Personal data is any information that can identify the living individual that it is about.  It may take any of the following forms:

  • Computer documents or data processed by computer or other equipment, for example written text, images, video, or audio; or
  • Information in some forms of structured manual records, including photographs.


Policy detail

  • The LINk Communications Group will review this policy for its effectiveness (at least once a year).
  • (The Communications Officer) will advise and consult on all aspects of personal data protection, including disclosure and security.
  • (The LINk staff) will regularly perform internal audits of Derby LINk's information systems to maintain compliance with the Data Protection Act.  The Communcations Group will determine the frequency of auditing.
  • Derby LINk, in discussion with the host organisation, Community Action Derby, will issue and maintain guidelines on:

a)      the secure storage of data;

b)      disclosure of personal data:  how it will disclose it and how it will make the data subjects aware of this;

c)      how long the various data records will be retained; and

d)      how personal data will be destroyed after the retention period.

  • Any person who is engaged in processing personal data will have training in awareness of data protection requirements.
  • Derby LINk will maintain a separate procedure for handling subject access requests and data subject requests to correct or erase inaccurate data.
  • Derby LINk will maintain a separate procedure for dealing with employment references, according to the eight data protection principles, specifically that references are adequate, relevant and not excessive, and that they are accurate.
  • Derby LINk will maintain a separate procedure that specifies what constitutes sensitive data and how it will obtain consent to process it.  Also, senior management will specify any additional measures to be taken to safeguard sensitive personal data.
  • Derby LINk will issue a standard notice to allow data subjects to opt out of Derby LINk using their data.
  • There will be a condition in all Derby LINk employment contracts, agreements, and job descriptions to the effect that individuals, whether staff or members, must abide by the statements made in this policy.
  • Persistent failure by an individual to follow this policy will be dealt with in accordance with measures outlined in this policy and others adopted by the LINk, such as Confidentiality and Code of Conduct.