Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

DP6 Guidelines for University Schools

advertisement 
Canterbury Christ Church University
Data Protection
Guidelines for Schools
These guidelines are aimed at staff working in Schools, and apply to all staff, whether academics,
administrators, secretarial or support staff and temporary workers, who regularly handle personal information
relating to students.
The Data Protection Act 1998 (‘the Act’) covers all personal data, so it is important for all members of staff to
be aware of the requirements of the Act and the obligations placed on them.
Information Held
It is likely Schools hold standard information such as students' names and contact details, information about
class attendance, and marks or grades achieved.
It is also likely sensitive information such as medical notes, information relating to medical conditions or
disabilities will be held; this information constitutes sensitive personal data.
All data must be stored and used in accordance with the Act. This means the information must be accurate,
kept up-to-date and held securely.
School Student Files
1. Content
Information held in student files is potentially disclosable to the student concerned. This includes comments
about the standard of the student's work or behaviour.
When writing and filing notes, reports or comments staff must be aware that the information may be
disclosed, and do not write or record any comments that cannot be justified or are potentially insulting or
defamatory.
2. Accuracy
Files need keeping up-to-date. Changes to addresses or other contact details, along with details of the students
study need changing both on paper files and on any database held, including QLS.
It is an obligation on Schools to undertake such checks of the central database required by the Academic
Registrar.
3. Relevance
Schools should only retain relevant and necessary information on student files. Files need weeding regularly
to ensure the removing of duplicated materials and irrelevant documents; this should be undertaken
periodically.
4. Retention Periods
Guidelines for Schools
July 2015
Page 1
When a student leaves the University, including completions and withdrawals, the School should close the
student file, and indicate on the file that it is closed. Student files may systematically and thoroughly weeded
to remove all records that are of no further use.
Schools should retain the weeded student files for no more than the retention period set by the department.
5. Security
Student files need holding securely, for example, in a locked office or filing cabinet or in an office that is
continuously manned.
Files should not be left open on desks or in areas where visitors or other students can view them.
Information held on computer should be password-protected and screens sited so that they cannot be seen by
passers-by.
Where a memory stick is used to transport data, it should be encrypted and so password protected.
Handling Enquiries for personal information
Wherever possible, be open with students in relation to information held about them. If a student wishes to
make a formal subject access request under Act, you should refer them to the University Data Protection
Officer.
If you are asked to disclose information about a student to someone else, either within or outside the
University, you must not do so without the student's consent, except in a few situations. Even parents,
spouses, friends, partners or sponsors are not entitled to information without the student's consent.
However, information can be legitimately disclosed to third parties for purposes connected with a student's
studies and to meet statutory requirements, e.g. HEFCE, Council Tax Offices, auditors and Research
Councils, provided the University is satisfied about the enquirer's identity and the legitimacy of the request. In
case of doubt, it is advisable to check with the Data Protection Officer or your line manager.
From time to time, the University receives requests for information from bodies such as the police. The
University endeavours to co-operate with such requests, but steps need taking to ensure requests are genuine
and legitimate. The police have a standard form they should use in connection with any requests for personal
information. The Data Protection Officer is able to provide advice, and it is prudent to make contact before
any personal information is disclosed in response to such a request.
There may also be occasions where personal information needs disclosing in an emergency, e.g. where a
student or staff member has been injured or taken ill. In such a situation, if necessary, personal information
can be disclosed without consent. For example, if a student collapses and is unconscious it would be
permissible to inform medical staff that the student suffers from diabetes.
There is no difficulty supplying personal information about students to other staff members of the University
who legitimately require the information to carry out their normal duties.
Project and Research Supervisors
Academics involved in supervising students whose work uses personal information should ensure the students
are aware of the requirements of the Data Protection Act. In particular, the consent of the subjects of the
research needs obtaining, and all personal information received needs holding confidentially and securely.
Results need anonymising, and should not identify individual participants in the research.
Guidelines for Schools
July 2015
Page 2
Academic Research
Staff, and, where relevant, students, undertaking research using personal information collected from third
parties will be covered by the University’s Data Protection Notification. However, the data protection
principles still apply. In carrying out research, it is important to make the subjects of the research fully aware
of the proposed use of their personal information.
Wherever possible, it is advisable to anonymise research data before use. Results should also be anonymised
and no information should be published that would allow participants to be identified.
Researchers are required to keep all personal information secure and ensure access is restricted only to those
staff or students directly involved in the research.
For further information, see Data Protection in Research.
Examination Marks
Students are not entitled to see their examination scripts or assessed coursework after submission. A student
who makes a request, under the Act, may see details of any comments made by the examiner, including any
Board of Examiners minute relating to the student. All examiners need to be aware of this.
Examination marks are published according the Registry schedule, and the Act cannot be used to obtain
access to marks any earlier than their publication date.
It is the University’s practice not to publish examination results on notice boards, but to inform students
personally of those results. However, student results may be published in the programmes for degree
ceremonies, subject to the student providing consent.
For further information, see the Assessment Procedures Manual.
Academic References
The Act includes specific rules about references. The writer of a reference may stipulate it is confidential and
need not show it to the individual about whom it is written.
However, once the reference is received, the subject of the reference may apply to the recipient for a copy.
The recipient will have to balance any issues of confidentiality and any refusal of consent by the referee
against the rights of the subject of the reference. In many cases, the reference will be made available.
Therefore, anyone preparing a reference should bear in mind that the person who is the subject of it might see
it. Writers of references should ensure that their references are accurate and any opinions expressed based on
factual evidence. These principles also apply to internal references, reports and assessments for promotion and
re-grading.
The University takes the view it is good practice for personal references to be of an ‘open’ nature.
Specific advice on confidential references is provided by the Director of Personnel (concerning members of
staff) and by the Director of Student Services (concerning students). It is essential to take full account of this
advice.
For further details see University Policy Statement and Guidelines for Providing References for Students.
Home Working
Guidelines for Schools
July 2015
Page 3
When working away from the University either at home or at another location, it is important to maintain the
security of personal information. Special care needs taking when transporting personal information, for
example, paper files, floppy disks and data sticks should be carried securely, and not left unattended in any
public place. Where a data stick is used, it should be encrypted so that it is password protected.
Personal information should not be transferred to home computers unless appropriate security, such as
password protection, is in place.
File Keeping and Personal or Private Files
Generally, documents that may need to be referred to carry out normal School business should be kept
centrally on a single file.
The case for a member of staff such as a personal tutor holding separate files can only be justified if it is in the
interests of the student, e.g. where the information is particularly sensitive. Private files should not be kept, as
it is important for efficient record keeping that files are kept in the appropriate place in the department office
to ensure proper practice and to avoid duplication or fragmentation.
The subject access provisions apply to "private" files in the same way as to any other records and if a student
or member of staff requests access to information held about them this will cover all records held and not just
the main School file. If it has been necessary for a tutor to maintain an additional or separate file of material
relating to an individual student, or group of students, for the duration of a programme of study, it is important
such files are thoroughly weeded after the student or students leave.
Any material needed for the completion of student references needs combining with the relevant central
School student file.
Storing selected work-related student records containing personal data at home does not exempt them from the
subject's right of access to those records.
Guidelines for Schools
July 2015
Page 4
Related documents
To Whom It May Concern
To Whom It May Concern
DP3 Data Protection Compliance An Aide Memoire
DP3 Data Protection Compliance An Aide Memoire
Consent for Medical Treatment and Photography
Consent for Medical Treatment and Photography
AGENCY LETTERHEAD CW Assessment Summary – FY15
AGENCY LETTERHEAD CW Assessment Summary – FY15
CW Assessment Report – Fillable
CW Assessment Report – Fillable
THE DISCLOSURE OF MEDICAL INFORMATION
THE DISCLOSURE OF MEDICAL INFORMATION
Consent for Medical/Surgical Care and Treatment Cf 242 11/05
Consent for Medical/Surgical Care and Treatment Cf 242 11/05
Microsoft Word - Junior Squash PARENT CONSENT FORM
Microsoft Word - Junior Squash PARENT CONSENT FORM
You have been given information about your condition and the
You have been given information about your condition and the
DP8 Collecting Personal Data Wording for Data Protection
DP8 Collecting Personal Data Wording for Data Protection
sdcc-compliance-guidelines
sdcc-compliance-guidelines
Medical Power of Attorney - Crow Creek Tribal School
Medical Power of Attorney - Crow Creek Tribal School
USE OF CELEBRITIES IN ADVERTISING
USE OF CELEBRITIES IN ADVERTISING
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
CUSTOMER_CODE SMUDE DIVISION_CODE SMUDE
Current State of CMCs
Current State of CMCs
St - Lancaster University
St - Lancaster University
Download
advertisement