A question has arisen at Kingston about the information recorded by security staff on incident forms and the way in which this is used within the University. The main areas where the situation arises are in relation to students living in halls. A complication is that our security service is provided by staff of a wholly owned subsidiary service company of the University. Security staff attending an incident and recording events sometimes get given information which falls into the sensitive data definitions. For example, mental or other health problems, sexual abuse etc.. The security guards may record some or all of this on an incident form. Historically a copy of this form has been passed to other departments - our Student Life Office and/or Health and Counselling. A recent case rightly raised questions about whether such transfer of data is appropriate. As a result we have changed some practices and are considering the wider implications. Question arise about whether a transfer of data to health and counselling can be considered as being in the vital interests of the student - in the case of a potential suicide it may be but what of other situations? Until now H & C have used the data to make contact with the student to offer support or advice. Student life Office use the data in investigations as to whether or not a breach of University regulations (primarily hall licence terms) has taken place. The information may provide mitigation for an incident. Have others considered similar situations and, if so, have you come to any particular conclusions or changed practices as a result? As the security service is provided by a subsidiary should we make clear that, in this sort of case, they are acting as our agents and processing the data on our behalf? If not, there is the question of data being transferred by them to us. Thoughts or experiences would be useful. John Hitches J F Hitches Data Protection Officer and Information Security Officer Kingston University River House 53-57 High Street, Kingston upon Thames Surrey, KT1 1LQ Telephone/Fax: 020 8547 7768 E-mail: [log in to unmask] The views expressed are those of the individual and not necessarily those of the university. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - www.jiscmail.ac.uk/user-manual/summary-user-commands.htm all commands go to [log in to unmask] not the list please! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^