Data Protection

POLICY /

DATA PROTECTION

SCOPE

This Policy applies to Members of the Board, all staff members, former staff members and volunteers of Abbeyfield Scotland Ltd.

AIM

The aim of this Policy is to state how Abbeyfield Scotland Ltd will meet the requirements of the Data Protection Act 1998.

BACKGROUND

Abbeyfield Scotland Ltd recognises that the Data Protection Act (1998) is an important piece of legislation to protect the rights of individuals in respect to any personal information that we keep about them, whether on computer or in manual systems.

POLICY

Abbeyfield Scotland Ltd will register with Information Commissioner as a Data Controller under the Data Protection Act (1998) (the Act) and ensure that Abbeyfield Scotland Ltd’s practices in the handling of personal data is of a high standard and complies fully with the Act.

Personal Data

The data referred to throughout this Policy is “personal data”. Personal data is data that refers to a living individual who can be identified from that data or from other information which is or is likely to come into the possession of the data holder.

Data does not have to be private or sensitive in order to constitute personal data and includes information such as names, addresses and telephone numbers.

Data relates to any information held on a computer (including internet and e-mails) or information recorded manually as part of a filing system.

Sensitive personal data is defined as information about the individual’s:

Racial or ethnic origin

Political opinions

Religious or similar beliefs

Trade Union membership

Physical or mental health

Sex life

Criminal record or allegations of criminal conduct

Principles of the Data Protection Act 1998

Abbeyfield Scotland Ltd will adopt and operate procedures in accordance with the Act principles. The Act sets out the following eight principles governing the processing of personal data:

Personal data shall be processed fairly and lawfully

Personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes

Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed

Personal data shall be accurate and, where if necessary, kept up to date

Personal data shall be kept for no longer than is necessary for the purposes for which it is processed

Personal data shall be processed in accordance with the rights of data subjects under the Act

Personal data shall be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage

Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection

Abbeyfield Scotland Ltd and Members of the Board, staff and volunteers must ensure that they follow these principles at all times.

Responsibilities for Compliance

The Director has overall responsibility for data protection within Abbeyfield Scotland Ltd and for ensuring that notification to the Information Commission and Abbeyfield Scotland Ltd’s entry in the Data Protection register is accurate and up to date.

The Senior Administrator will assist in implementing the requirements of the Act by:

Providing advice and support to all departments on all matters relating to compliance with the Act

Disseminating information relating to the Act

Responding to requests from individuals to access
personal data held about them

The Senior Area Manager has specific responsibility for personal data held on employees. Staff will be informed about data protection issues and their rights to access their own personal data through the staff handbook and induction courses.

Area Managers will ensure that personal data processed within their area which will be included in Abbeyfield Scotland Ltd’s data protection register entry, is kept up to date and complies with the principles of the Act.

All staff and volunteers have a responsibility to fully comply with the requirements of the Act and this Policy. When involved in requesting information, staff will explain why the information is necessary, what it is to be used for, and who will have access to it.

Access Rights

Residents, staff members, volunteers and other individuals about whom Abbeyfield Scotland Ltd holds personal data will have the right to access the information, unless it is exempt under the Act.

Abbeyfield Scotland Ltd will respond to information requests promptly and no longer then 20 working days.

Charges for Providing Information

No charge will normally be made for requests for information. However, Abbeyfield Scotland Ltd reserves the right to make a charge of up to £5.00 to cover administration, stationery and postage costs, where it is felt necessary to do so.

Confidentiality

Only information which can or must be legally disclosed under the Act will be shared with a third party without the individuals consent.

All staff will have a password to ensure information is only accessible to those who need to know the information in order to carry out the requirements of their post.

Status: ApprovedMarch 2012Date of Next Review: 2015

O:\ABBEYFIELD SCOTLAND\Policies\2011\GOVERNANCE\Data Protection1