Data Protection: Difference between revisions
m (Added legislation links) |
|||
Line 1: | Line 1: | ||
==1. Introduction== | ==1. Introduction== | ||
The governing body of this Academy aims to protect all staff's right to privacy in line with the Data Protection Act 1998; the European Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such data (95/46/EC); the Employment Practices Code and the Code of Practice; and the European Convention of Human Rights. | The governing body of this Academy aims to protect all staff's right to privacy in line with the [https://www.legislation.gov.uk/ukpga/1998/29/contents Data Protection Act 1998]; the [http://www.wipo.int/wipolex/en/details.jsp?id=13580 European Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such data (95/46/EC)]; the [https://ico.org.uk/media/for-organisations/documents/1064/the_employment_practices_code.pdf Employment Practices Code] and the Code of Practice; and the [http://www.echr.coe.int/Documents/Convention_ENG.pdf European Convention of Human Rights]. | ||
==2. Responsible person== | ==2. Responsible person== |
Revision as of 09:28, 7 October 2017
1. Introduction
The governing body of this Academy aims to protect all staff's right to privacy in line with the Data Protection Act 1998; the European Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of such data (95/46/EC); the Employment Practices Code and the Code of Practice; and the European Convention of Human Rights.
2. Responsible person
The Headteacher is the 'Data Controller' for the Academy and is responsible for:
- ensuring safe and confidential systems are in place in the Academy;
- providing information to bodies entitled to receive information; and
- consultation with employees and their representatives with regard to putting data protection procedures in place and monitoring them.
3. Staff recruitment
(NOTE: This is covered in Part 1 of the Employment Practices Code.)
3.1 Information provided
- In advertising for posts the Academy will include a statement setting out the purposes for which personal information may be used, on the lines of: 'Personal information provided by candidates will be kept in a secure file in the Academy and will not be released to third parties outside the Academy without the permission of the person concerned, except where there is a legal requirement so to do.'
- Within the Academy the Headteacher will determine who may have limited access to information and will inform the person(s) concerned that this is being done.
3.2 Checks
- DBS checks will be carried out in line with the government guidance in Keeping children safe in education: for schools and colleges 2015.
- Other vetting which is required by law (e.g. for some jobs under the Protection of Children's Act 1999) will be carried out as necessary, and in line with current regulations and local authority policy.
- Checks to verify the qualifications and fitness to teach will also be carried out. Other checks may be carried out to verify information provided by candidates for posts.
3.3 References
- Candidates for posts in the Academy do not have the right to obtain access to a confidential reference from the Academy/school or other organisation giving it, but no such exemption exists for the prospective employer. Therefore, the Academy will destroy all confidential references immediately after the recruitment process is over.
- The Academy will not provide confidential references to other schools/institutions/organisations about an employee at this Academy, unless the employee requests one in writing for good reason.
3.4 Short listing
Candidates will be informed that the selection panel will have access to the information provided in the application and any references/testimonials received.
3.5 Interviews
- Only the information relevant to the recruitment process (and information that may be required in defence against any discrimination claims) will be retained after the interview. Candidates will be told which information will be retained.
- All other interview material will be destroyed immediately after the interview.
4. Retention of information
- Information obtained for recruitment purposes will not be retained beyond six months.
- Information obtained on criminal convictions once verified by the DBS will be deleted, unless the information is clearly relevant to the person's employment in the Academy.
- All candidates will be asked whether they want their information kept on file for possible future vacancies.
- Information about unsuccessful candidates will otherwise be deleted at the end of the recruitment process.
5. Employment records
This is covered by Part 2 of the Employment Practices Code. The Academy aims to balance the Academy's need to keep records and the employee's right to a private life.
6. Access to information
- All employees have a right to know the nature and source of information kept about them. Each member of the Academy staff will be provided with personal details to check regularly - at times determined by the Headteacher.
- Employees may request at any other time to see the information kept about them in order to verify their accuracy. Employees can make representations to the Headteacher, and if not satisfied, to the governing body, about information being retained that is inaccurate or is of a sensitive personal nature.
- Employees have the right to apply for access to information required for a discipline, capability or grievance hearing (unless the provision of such information might prejudice criminal investigation). The records kept should only be sufficient to support conclusions drawn. Unsubstantiated allegations should normally be removed.
- Spent discipline warnings will be removed after 2 years. The reason for the termination will be recorded.
- The Academy must respond to any request within 40 calendar days. Although a fee up to £10 may be charged under the legislation, this Academy will not normally charge for access to information, although the governing body reserves the right to charge up to £10 in exceptional circumstances.
7. Security
The Headteacher will take necessary precautions to ensure that electronic and manual files are secure and will ensure Information Security guidance is issued to staff.
8. Pension and insurance schemes
Information may be supplied to a third party for pensions and insurance schemes, where such information is necessary. The employees concerned must be informed about how the information will be dealt with.
9. Equal opportunities monitoring
Information on both students and staff is periodically required by the government and other bodies authorised to request information. This is sensitive personal data, and the information should be kept to a minimum, and as far as possible in an anonymous form.
10. Marketing material
No information about employees or students will be provided to marketing companies, unless the person(s) concerned have given explicit permission.
11. Fraud detection
Data matching for fraud detection (e.g. to detect whether the employee is receiving state benefits or not) are possible. Before the governing body consents to the Academy participating in such a scheme the staff will be consulted. New employees must then be told of this scheme, and all employees should be reminded of it periodically under arrangements made by the Headteacher and approved by the governing body.
12. Disclosure requests
Members of staff who receive requests for references or other information about members of the current or previous employees at the Academy should inform the Headteacher before providing the information to ensure that they are acting within the law and official guidance.
13. Monitoring at work
- This is contained in Part 3 of the Code.
- The governing body aims to keep all monitoring at work within the provisions of the Data Protection Act 1998 and the European Convention of Human Rights.
14. Performance management records
- Performance reviews will be carried out on all staff in accordance with the agreed scheme.
- The reports on teaching staff performance obtained through the annual formal performance management system can only be retained by the Headteacher (with a copy to the member of staff concerned). Only details about professional development needs/requests may be shared with other staff.
- In this Academy the same arrangements will be in place for performance records of all staff.
15. Monitoring the use of electronic communications
- The Academy aims not to intrude into the private lives of staff but reserves the right to monitor the use of Academy computers, video and audio machines, phones and fax machines and will keep appropriate records, which can be accessed on request to the Headteacher.
- Staff have a right to privacy under the human rights legislation and under the Data Protection Act 1998. The Academy is aware of its obligations. However, the governors intend to use their powers under the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (LBP Regulations) made under the Regulation of Investigatory Powers Act 2000 which permits an employer to vet communications without the consent of the caller, writer or recipient where the intention is:
- to establish the existence of facts applicable to the business;
- to ascertain compliance with regulatory practices;
- for the purposes of quality control;
- to detect viruses or other dangers to the system; or
- to determine whether communications are relevant to the business.
- All staff are advised that such monitoring might take place at the Academy for these purposes including for the misuse of Academy equipment or its use for inappropriate purposes.
16. Information about employees' health
- This is covered by Part 4 of the Code.
- Any data on an employee's state of physical or mental health is sensitive personal data and will only be kept when the employee has been told what information is involved and the use that will be made of it, and the arrangements for its security. The employee must give written consent to its retention.
17. Sickness and ill-health records
- As far as possible the Academy should only retain information that is necessary to establish an employee's fitness for work. The governing body has delegated to the Headteacher the responsibility for determining what is necessary.
- The Academy recognises the difference between a 'sickness or injury record' and an 'absence record'.
- Sickness or injury records contain sensitive personal information. Generally they will not be kept on file. They will only be kept for specific purposes with the signed written permission of the employee. (E.g. in the case of capability or absence through ill-health proceedings). However, this does not prevent the Academy from recording that sickness notes have been received, and the dates of the absence.
- Absence records may only give the reason for ill-health absence as 'sick' or 'accident' or 'injury', without referring to the specific condition.
- No information about any of the above records will be made available to other employees unless it is necessary in order that they can fulfil their managerial roles (e.g. a senior member of staff in charge of human resources).
- Requests for information from doctors and other medical practitioners will be in accordance with the Access to Medical Reports Act 1998.
18. Occupational Health
The Academy has arrangements in place for access to occupational health information and consultation. All staff will be informed about how health information will be used under the scheme and who will have access to it.
19. Medical examinations
19.1. Recruitment
- Job applicants must only be medically examined to ensure they are:
- fit for the role;
- to meet legal requirements;
- determine the terms on which they are eligible to join a pension or insurance scheme.
- The Academy will make clear during the recruitment process that tests might be necessary.
19.2. Current employees
- Medical information will only be obtained through examination or testing if:
- the tests are part of a voluntary occupational health and safety programme;
- necessary to prevent a significant health risk;
- needed to determine an employee's continuing fitness for the role;
- needed to determine whether an employee is fit to return to work after a period of absence;
- needed to determine an employee's entitlement to health-related benefits;
- needed to prevent discrimination on the grounds of disability, or to assess the need to make reasonable adjustments, or to comply with other legal obligations.
20. Equal Opportunities
In implementing and amending this policy the governing body and headteacher will take into account the Academy’s equal opportunities policies.
21. Monitoring and review
- This policy will be monitored by the governing body's Pastoral & Community Committee.
- The Headteacher will report on its operation at least annually.
- It will be reviewed by the governing body every 2 years.
22. Date of the next review
January 2018