In a message dated 23/10/2001 13:13:06 GMT Daylight Time,
[log in to unmask] writes:
<< I am putting together a short,sharp information sheet for
staff now that paper records are no longer exempt. Has
anyone done this yet and if so can we share our ideas? >>
---------------
The following may be helpful as a base document which you could adapt for
your own uses. We will allow Jiscmail Data Protection members to
use/adapt/adopt the text below and we waive our copyright on the document for
members who contact us with the name of the organisation who will be using
it. This is for recording purposes so we know which companies/organisations
are using it with our permission. An acknowledgement on the final version
will suffice. Our unsolicited advert is at the bottom of this e-mail.
Note that the definition of "relevant filing system" is now largely redundant
for public bodies who will be subject to FOI. It now means that almost ANY
data on a person will be available under subject access provisions.
start of document--------
The Data Protection Act 1998
Basic Introduction for Public Sector Employees
What is the Data Protection Act 1998?
The Data Protection Act 1998 is a new law designed to protect the privacy of
individuals, in particular with regards to the processing of their personal
information. It should be seen as an extension of human rights legislation.
The Act was introduced to meet the requirements of an EC Directive to ensure
that all citizens of Europe could be certain that their personal information
would be protected to the same level wherever they live or work in the EU.
The 1998 Act replaces the Data Protection Act 1984 which was primarily aimed
at protecting computerised data. The new Act covers most manual records
(paper files, card index systems, microfilm, microfiche, audio/video tape,
some notebooks and diaries, etc) as well as those held on computer.
How does it affect the Organisation?
The Data Protection Act 1998 gives individuals the right to see information
held by companies and organisations, including this Organisation, and to have
the information corrected or erased in certain circumstances. People can
even apply for orders to stop the Organisation processing their information.
It also means that if the Organisation causes them harm (physical or
financial) or substantial distress as a result of any breach of the Data
Protection Act 1998 they could claim compensation. Criminal action might
also be taken.
How does it affect me?
Employees can also be prosecuted for unlawful action under the legislation.
Fines of up to £5000 could result if you use or disclose information about
other people without their consent or proper authorisation from the
Organisation. You could even be committing an offence if you give
information to another employee who does not need the details to carry out
their legitimate duties. You should take particular care when using the
Internet, e-mail and the internal network. Special care must be taken with
sensitive data such as ethnic origins, religious/political beliefs, health
data, disabilities, details of offences or alleged offences, sexual life or
trade union membership.
What are my responsibilities?
You should follow all instructions very carefully, you will be told what you
are allowed to do with the personal details of the Organisation's staff,
clients, customers and suppliers. There are strict limits on what data
(whether on computer, in filing cabinets or whatever) can be stored, used and
disclosed. You must not undertake any work on that kind of information
without proper authorisation from your line manager. If you are unsure about
any work you are asked to do, or any disclosure you are asked to make,
contact your Data Protection Officer/Representative
.................................................................. on
extension ...................
Disclosures to outside organisations, including the police and other
agencies, should only be undertaken by properly trained and authorised
personnel. If you have not been instructed on how to undertake the
appropriate checks, always pass on these requests to senior officers. Make a
note in your diary of the request and who you passed it on to. The only
exception to this rule is where information is required urgently to prevent
an injury. If you are sure the disclosure will stop an injury from happening
you should give the requester the data they are asking for. Again, make a
note in your diary of the incident, including the name of the officer you
gave the details to, the date and time of the event, and the nature of the
information given.
Disclosures to other staff, managers and others will depend upon a number of
factors. You will be given specific instructions on what details you can
give to whom. If the information requested seems excessive, or if you are
not sure if you are allowed to supply the data, always ask your line manager
and/or departmental Data Protection Officer.
You will be informed of your specific role within the Organisation's security
system but in general do not leave people's information on your desk when it
is not in use, lock all filing cabinets, do not leave data displayed on
screen, do not leave your computer logged on and unattended, do not give your
password to anyone under any circumstances, do not choose a password that's
easy to guess, never send anything by fax or e-mail that you wouldn't put on
the back of a postcard.
What are my rights?
As an employee of the Organisation you have a right to see information we
hold about you. If that information is incorrect or out of date, please let
us know and we will correct it. Some changes may only be made to data when
appropriate proof is supplied.
-----------------end of document
Ian Buckland
MD
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
Providers of quality and interesting Data Protection training courses for
your staff, managers, directors, elected members, contractors, data
processors, etc. We can help you put together your policies and procedures,
check your compliance level and assist with compliance measures.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|