Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Ethics

What information is covered

advertisement 
Mind in Furness
POLICIES & PROCEDURES
Data Protection Policy
Mind in Furness
64 School Street
Barrow in Furness
Cumbria
LA14 1EW
Coniston House
14 Lesh Lane
Barrow in Furness
Cumbria
LA13 9DY
Chair’s Signature……………………………………………………………………...
Date…………………………………………………………………………………….
Mind in Furness
Management Procedures
DATA PROTECTION ACT 1998
PL-07
1. INTRODUCTION
1.1 The Data Protection Act of 1998 came into force in March 2000. It covers
any information about an individual from which that individual can be
identified. The Act applies to ALL data whether electronic or manual. The Act
requires Mind in Furness to handle such information responsibly, hold it
securely, and release it judiciously. There are eight principles defined in the
Act, which govern the handling of information (see Section 3).
1.2 Mind in Furness retains relevant personal details of service users who
suffer from mental health distress, carers, organisations involved with mental
health provision and their representatives, donors, employees, trustees and
volunteers. Mind in Furness also as a charitable body retains information
pertaining to its financial management that also comes under the jurisdiction
of this policy.
1.3 The information is held exclusively by Mind in Furness for the purpose of
providing a confidential support and information service to those suffering
from mental health distress and their carers in order for them to access the
services they need, and for representing their interests; providing residential
services at Coniston House; and managing the organisation.
1.4 This document defines the structure and measures in place to protect data
about individuals where necessary, in accordance with the Act and should be
read in conjunction with Mind in Furness Confidentiality Policy, Day to Day
Record Keeping Procedures AM-01 and Archiving and Records
Retention AM-05
2. DEFINITIONS
2.1 ‘Data’ includes computerised and manual filing systems that are
structured by reference to individuals and readily accessible, for example,
card indexes, case file records.
2.2 ‘Data controller’ is Mind in Furness in its capacity as a collector of
information. Any person who handles Personal Data information on behalf of
Mind in Furness is bound by the legal requirements of the Data Protection Act.
Any such person does not act as an individual, but as a representative of the
data controller.
2.3 ‘Data Subject’ is an individual about whom data is held. Data subjects at
Mind in Furness can include:
 · Mental health service users be their services provided by Mind in
Furness, Cumbria Partnership Trust or any other provider
 · Carers of service users / or those suffering from mental distress.
 · organisation contact persons
Approved
WW-Chair
Authorised
KD-Chief Officer
Effective Date
Page 2 of 7
Reviewed 201101-11
Mind in Furness
Management Procedures
DATA PROTECTION ACT 1998




PL-07
· donors (individuals or organisations)
· employees and prospective employees through recruitment
· trustees
· volunteers
2.4 ‘Personal Data’ means data about a living individual who can be
identified from that data.
2.5 ‘Processing’ means virtually everything from data collection, storage and
use to data destruction. There is probably nothing that can be done to
personal data that would be outside the scope of this Act
2.6 ‘Sensitive Data’ means personal data and includes information about:
 · racial or ethnic origin of the person;
 · their religious beliefs or other beliefs of a similar nature;
 · their physical or mental health or condition;
 · their sexuality;
 · their HIV status
 · their political opinions;
 · whether they are a member of a trade union;
 · criminal record.
2.7 Finance Data means any data pertaining to monies generated by the
work of the charity through donation or fundraising.
3. THE EIGHT PRINCIPLES OF GOOD PRACTICE
These require that personal data must be:
1. Processed fairly and lawfully.
2. Obtained for specified and lawful purposes.
3. Adequate, relevant and not excessive.
4. Accurate and up to date.
5. Not kept any longer than necessary.
6. Processed in accordance with the “data subject’s” (the individual’s)
rights.
7. Securely kept.
8. Not transferred to any other country without adequate protection in
place
Approved
WW-Chair
Authorised
KD-Chief Officer
Effective Date
Page 3 of 7
Reviewed 201101-11
Mind in Furness
Management Procedures
DATA PROTECTION ACT 1998
PL-07
4. CONSENT
4.1 It is not strictly necessary to gain the consent of clients before recording
information about them, whether the data is Personal Data or Sensitive
Personal Data.
4.2 Consent is not necessary for Personal Data where it is in your legitimate
interests to hold the information, and holding it doesn’t harm the data subject.
4.3 There are some circumstances when you need consent to use people’s
data. For ‘sensitive personal data’ explicit consent is almost invariably
required – save where the law provides otherwise (See one example below).
In other circumstances it is good practice to get consent whenever possible.
4.4 In the case of Sensitive Personal Data there is an exemption from the
need for ‘explicit consent’ in Statutory Instrument (SI) 2000 No. 417 The Data
Protection (Processing of Sensitive Personal Data) Order 2000. This
exemption refers to cases where you are providing a confidential counselling,
advice or support service, and getting consent is either impossible or
unreasonable (www.hmso.gov.uk/stat html has all the Statutory Instruments).
4.5 Where people are distressed, under pressure, or confused it may make
matters worse if you go through a data protection consent procedure, staff
come back to this when the person is more able to deal with the matter
4.6 Consent means at a minimum telling the person what you need the
information for and asking whether they mind if you keep it. It is possible that
someone may later deny that they gave you this consent. Mind in Furness
asks service users to evidence in writing their consent to share information in
their best interests on the Personal Information sheet of the membership
forms. However, written consent is not actually a requirement of the Data
Protection Act, but it is good practice to obtain one.
4.7 What constitutes consent? ‘Any freely given specific and informed
indication of his/her wishes by the data subject signifies their agreement to
personal data relating to him being processed’. You cannot infer consent from
non-response to a communication.
4.8 The issue of consent raises the question of data stored about the carers of
service users, since Mind in Furness is not normally in a position to get
permission from the carers of service users to store this data.
4.9 As described above, there is an exemption from the need for consent in
recording sensitive data in the case of confidential support services. So
Approved
WW-Chair
Authorised
KD-Chief Officer
Effective Date
Page 4 of 7
Reviewed 201101-11
Mind in Furness
Management Procedures
DATA PROTECTION ACT 1998
PL-07
consent from the carer of the client is not needed, provided Mind in Furness is
only recording information needed in order to be able to help the carer or the
service user. All potential parties (be it service users or carers of service
users) must be included as a data subject category in Mind in Furness’ Data
Protection Notification.
5. STORAGE OF COMPUTER DATA
5.1 Computer security
5.1.1 Mind in Furness has a number of client computers that are password
protected. Service users are provided with this password and reminded that it
is not a confidential system for them
5.1.2 Each employee has access to a computer, which can only be accessed
by Username and Password. This password is individual to each employee
and a list of all passwords is held by the Administrator.
5.1.4 Data-sensitive files on the shared computer drive are protected from
unauthorised access by file passwords.
5.2 Memory Sticks
5.2.1 Memory Sticks are used by Mind in Furness staff to save work related
documents when they either work from home or from another work based
location.
5.2.2 Memory Sticks shall not be used to back up work present on any of Mind
in Furness Mind’s Computers.
5.2.2 All Staff are to keep work related documents saved on a memory stick to
a minimum and only for the shortest period necessary to complete the task in
hand in order to ensure that the Act is not breached. “Personal sensitive data”
should not be put on a memory stick and should not be removed from the
building
5.3 Back Up
5.3.1 All of Mind in Furness computers are backed up regularly in order to
preserve information produced and to safe guard from any loss of data from
any hardware malfunction.
5.3.2 All work related back up will be stored under lock and key within Mind in
Furness School Street Office
6. STORAGE OF MANUAL DATA
Approved
WW-Chair
Authorised
KD-Chief Officer
Effective Date
Page 5 of 7
Reviewed 201101-11
Mind in Furness
Management Procedures
DATA PROTECTION ACT 1998
PL-07
Folder files are kept in a filing cabinet where all information is held. All
cabinets are under lock and key with personal contact details and case notes
held separately. This information is only accessible to project workers and
their managers. Information held on clients is relevant to services they are
accessing and any individual work that is being conducted with them.
7. FINANCIAL DATA
7.1 Financial data is anything to do with the management of the charity’s
finances and income. This is part of general accounting necessary to safe
guard the financial stability of the organisation.
7.2 All data retained will be kept for the period of time specified in Policy AM05 Archive and Retention Policy.
7.3 All data will be handled and maintained following Mind in Furness financial
policy and procedure and the auditing requirements as required by the Charity
Commission..
8 Accountability
Mind in Furness is registered with the Data Protection Information
Commissioners Office as an organisation keeping personal and sensitive
data. There is an annual registration requirement and a fee applies. A note is
kept of the due date by the Chief Office who is responsible for ensuring that
these requirements are met. .
9
Communication
All staff are required to read this policy and ensure they follow the guidelines
set down by this policy and by the Data Registration Act. Appendix A gives a
summary of the Act and this policy and should be given to all service users on
admission to the service and at annual review
Approved
WW-Chair
Authorised
KD-Chief Officer
Effective Date
Page 6 of 7
Reviewed 201101-11
Mind in Furness
Management Procedures
DATA PROTECTION ACT 1998
PL-07
Appendix A- The Data Protection Act and The Information we keep
‘Personal data’ is information about identifiable, living individuals, held on
computer or in a manual filing system. The Act applies to people or
organisations that hold or use personal data in any way.
Mind in Furness HOLD’s personal data
 we are only allowed to use it for the purpose(s) it was originally
obtained for and we have to take good care of it.
 we must ensure that it is: adequate, relevant, not excessive, accurate,
up to date if necessary, and not held longer than necessary.
 we are committing an offence if we get access to personal data we are
not authorised to, or if we disclose it to people we are not supposed to
‘knowingly or recklessly’ and we would be committing an offence if we
sell personal data we are not entitled to.
When we OBTAIN personal data
 we have to make sure that the person we are getting the data from
knows who is collecting the data, and why & how the data will be used.
 If we get the data from someone else, we have to make sure that you
knows as soon as practicable who is using your data and why & how it
will be used.
 we may have to get consent from you to use your information
particularly if it is in any of the ‘sensitive’ categories. (‘This covers your
racial /ethnic origin, religious/ political beliefs, Trade Union
membership, health, sex life or criminal record.)
 we may also have to offer you the chance to opt out of some uses of
the data, such as direct marketing, disclosure to other organisations, or
use for secondary purposes.
When we DISCLOSE personal data
 we must check that the disclosure fits the purpose or purposes for
which the data is being held and we must check that the person we are
disclosing it to is allowed to have it.
 We must check that you are aware that this type of disclosure is
possible, or that there is an over-riding reason (such as a legal
obligation).
 We will not put personal data onto the Web without your consent
You have RIGHTS under the Data Protection Act
 If we need a person’s consent, we can’t use the data if they don’t give
consent (but you can explain the consequences of not giving it).
 People have the right to see the personal data we hold about them.
 Mind in Furness cannot use data for direct marketing of any goods or
services if you have told us not to.
Approved
WW-Chair
Authorised
KD-Chief Officer
Effective Date
Page 7 of 7
Reviewed 201101-11
Related documents
THE QUEEN`S AWARD FOR VOLUNTARY SERVICE
THE QUEEN`S AWARD FOR VOLUNTARY SERVICE
1920 Spruce Street- The Academy of the Vocal
1920 Spruce Street- The Academy of the Vocal
To Whom It May Concern
To Whom It May Concern
Safeguards to classroom videotaping: - Rethinking-Precollege-Math
Safeguards to classroom videotaping: - Rethinking-Precollege-Math
Allan Beever
Allan Beever
Furness Heart Failure Service Model
Furness Heart Failure Service Model
A Pilot Trial of Paclitaxel-Herceptin Adjuvant Therapy for Early Stage
A Pilot Trial of Paclitaxel-Herceptin Adjuvant Therapy for Early Stage
September - Red River Basin Commission
September - Red River Basin Commission
Download
advertisement