Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

When collecting Personal Data from students, members of staff, research... it is important that the ... Data Protection Guidance: Collecting Personal Data

advertisement 
Data Protection Guidance: Collecting Personal Data
When collecting Personal Data from students, members of staff, research participants or otherwise
it is important that the methods used comply with the Data Protection Act. This means that the
following information should be made clear to anyone providing personal data:
•
That the University is a data controller and is the organisation that will be holding the data.
•
The reasons why the data is being collected (both obvious and non-obvious reasons). It is
important to note that the data can only be used for the reasons specified.
•
The likely recipients parties of the data (both obvious and non-obvious disclosures).
•
If consent for processing is required forms can be signed. In order for consent to the
processing of sensitive data to be provided, it must be clear what sort of sensitive data will
be processed and that by completing and signing the form consent is being provided.
•
An "opt out" sentence may need to be included so that staff/students can opt out of certain
types of processing (i.e. direct marketing).
Depending on the form or data collection a slight adaptation to a standard notice will normally be
enough. See Appendix 1 for sample clauses.
The data collected should only be that which is relevant and not excessive, if you wish to collect
additional information that you do not currently hold, for example by carrying out a new
questionnaire it is important the University’s Notification with the Information Commissioner covers
the University for this processing, if you are in any doubt please contact the Records Manager.
Once the data has been collected it is important to comply with the 8 principles of data protection,
for example the personal data should be accurate, kept up to date, kept secure (e.g. lockable filing
cabinets, password protected), and not kept longer than necessary.
Under a Subject Access Request, the Records Manager will need to collate personal data from
across the University. Additionally, the Records Manager will advise data subjects whether the
University is processing his/her personal data, the sources and recipients of the data, why the data
is being collected, etc - all of which means that you must keep tabs on what is happening to data
subjects’ data.
Please note that there are certain exemptions that apply when Personal data is being collected
solely for Research purposes, please see guidance on Research.
Updated: September 2009
Appendix 1
Sample Data Protection Clauses
Standard Clause
The University of Exeter is a data controller and is registered with the Information Commissioner’s
Office as required under the Data Protection Act 1998. The will use this information [for
Education administration purposes] and will only process your personal data in accordance with
the University’s registration and current data protection legislation. Information contained on this
form will be disclosed to members of the University as necessary.
Opt-out Clause
How we use your information
Your contact details are being held by the University on a database. This information will be
shared with other departments and schools within the University and external third parties acting
on the University’s behalf as necessary. Information will not be disclosed to external third parties
without your consent. The University may wish to process your personal information in connection
with a variety of activities which may include…………... If you do not wish the University to use
your personal data in this way, then please tick this box .
Standard Direct Marketing Clause
How we use your information
The University may wish to process your personal information in connection with a variety of
public relations activities which may include sending publicity information to your
parent(s)/guardian(s)/trustee(s)/spouse/partner(s)/other(s), e.g. a welcome letter from the Mayor
of Exeter, or invitation to the Vice-Chancellor's luncheon. If you do not wish the University to use
your personal data in this way, then please tick this box .
If you do not wish the University to use your personal data in this way, please confirm in writing
to: Mr Joe Bloggs, Room 123, ABC Building.
Photograph Release Clause
"I give permission to the University of Exeter for my photograph and written profile to be used in
the [Undergraduate Prospectus 2003] and other promotional material for which it may be suitable.
Images will be held on record and used in publicity for up to three years
Signed………………………………..
Print name……………………………
Date……………………………………
Sensitive Data Clause (to obtain explicit consent)
The University of Exeter is a data controller and is registered with the Information Commissioner’s
Office as required under the Data Protection Act 1998. The University requires this information
for [Education administration] purposes and will only process your personal data in accordance
with the University’s registration and current data protection legislation. By signing below you
accept that the University of Exeter can pass details contained in this [form] to [members of the
university as necessary].
Signed: ………………………………….
Updated: September 2009
Date: …………………….
Related documents
Biography - University of York
Biography - University of York
James Kennedy
James Kennedy
A G u id
A G u id
Phillips Exeter Academy Student Essays
Phillips Exeter Academy Student Essays
Consent to be Nominated for _____________ County Extension Council
Consent to be Nominated for _____________ County Extension Council
STANDARD TERMS AND CONDITIONS FOR FOR SYSTEM/ICT SUPPLY
STANDARD TERMS AND CONDITIONS FOR FOR SYSTEM/ICT SUPPLY
Download
advertisement