In a message dated 23/10/2001 13:13:06 GMT Daylight Time, 
[log in to unmask] writes:

<< I am putting together a short,sharp information sheet for
 staff now that paper records are no longer exempt. Has
 anyone done this yet and if so can we share our ideas? >>
---------------
The following may be helpful as a base document which you could adapt for 
your own uses.  We will allow Jiscmail Data Protection members to 
use/adapt/adopt the text below and we waive our copyright on the document for 
members who contact us with the name of the organisation who will be using 
it.  This is for recording purposes so we know which companies/organisations 
are using it with our permission.  An acknowledgement on the final version 
will suffice.  Our unsolicited advert is at the bottom of this e-mail.

Note that the definition of "relevant filing system" is now largely redundant 
for public bodies who will be subject to FOI.  It now means that almost ANY 
data on a person will be available under subject access provisions.

start of document--------

The Data Protection Act 1998
Basic Introduction for Public Sector Employees

What is the Data Protection Act 1998?
The Data Protection Act 1998 is a new law designed to protect the privacy of 
individuals, in particular with regards to the processing of their personal 
information.  It should be seen as an extension of human rights legislation.  
The Act was introduced to meet the requirements of an EC Directive to ensure 
that all citizens of Europe could be certain that their personal information 
would be protected to the same level wherever they live or work in the EU. 
The 1998 Act replaces the Data Protection Act 1984 which was primarily aimed 
at protecting computerised data.  The new Act covers most manual records 
(paper files, card index systems, microfilm, microfiche, audio/video tape, 
some notebooks and diaries, etc) as well as those held on computer.

How does it affect the Organisation?
The Data Protection Act 1998 gives individuals the right to see information 
held by companies and organisations, including this Organisation, and to have 
the information corrected or erased in certain circumstances.  People can 
even apply for orders to stop the Organisation processing their information.  
It also means that if the Organisation causes them harm (physical or 
financial) or substantial distress as a result of any breach of the Data 
Protection Act 1998 they could claim compensation.  Criminal action might 
also be taken.

How does it affect me?
Employees can also be prosecuted for unlawful action under the legislation.  
Fines of up to £5000 could result if you use or disclose information about 
other people without their consent or proper authorisation from the 
Organisation.  You could even be committing an offence if you give 
information to another employee who does not need the details to carry out 
their legitimate duties.  You should take particular care when using the 
Internet, e-mail and the internal network.  Special care must be taken with 
sensitive data such as ethnic origins, religious/political beliefs, health 
data, disabilities, details of offences or alleged offences, sexual life or 
trade union membership.

What are my responsibilities?
You should follow all instructions very carefully, you will be told what you 
are allowed to do with the personal details of the Organisation's staff, 
clients, customers and suppliers.  There are strict limits on what data 
(whether on computer, in filing cabinets or whatever) can be stored, used and 
disclosed.  You must not undertake any work on that kind of information 
without proper authorisation from your line manager.  If you are unsure about 
any work you are asked to do, or any disclosure you are asked to make, 
contact your Data Protection Officer/Representative 

.................................................................. on 
extension ...................

Disclosures to outside organisations, including the police and other 
agencies, should only be undertaken by properly trained and authorised 
personnel.  If you have not been instructed on how to undertake the 
appropriate checks, always pass on these requests to senior officers.  Make a 
note in your diary of the request and who you passed it on to.  The only 
exception to this rule is where information is required urgently to prevent 
an injury.  If you are sure the disclosure will stop an injury from happening 
you should give the requester the data they are asking for.  Again, make a 
note in your diary of the incident, including the name of the officer you 
gave the details to, the date and time of the event, and the nature of the 
information given.

Disclosures to other staff, managers and others will depend upon a number of 
factors.  You will be given specific instructions on what details you can 
give to whom.  If the information requested seems excessive, or if you are 
not sure if you are allowed to supply the data, always ask your line manager 
and/or departmental Data Protection Officer.

You will be informed of your specific role within the Organisation's security 
system but in general do not leave people's information on your desk when it 
is not in use, lock all filing cabinets, do not leave data displayed on 
screen, do not leave your computer logged on and unattended, do not give your 
password to anyone under any circumstances, do not choose a password that's 
easy to guess, never send anything by fax or e-mail that you wouldn't put on 
the back of a postcard.

What are my rights?
As an employee of the Organisation you have a right to see information we 
hold about you.  If that information is incorrect or out of date, please let 
us know and we will correct it.  Some changes may only be made to data when 
appropriate proof is supplied.
-----------------end of document

Ian Buckland
MD
Keep IT Legal Ltd

Please Note: The information contained in this document does not replace or 
negate the need for proper legal advice and/or representation. It is 
essential that you do not rely upon any advice given without contacting your 
solicitor.  If you need further explanation of any points raised please 
contact Keep I.T. Legal Ltd at the address below:

55 Curbar Curve
Inkersall, Chesterfield
Derbyshire  S43 3HP 
(Reg 3822335)
Tel: 01246 473999 
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk

Providers of quality and interesting Data Protection training courses for 
your staff, managers, directors, elected members, contractors, data 
processors, etc.  We can help you put together your policies and procedures, 
check your compliance level and assist with compliance measures.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
    www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^