Student obligations
-
Students must ensure that all personal data provided to the College is accurate and up-to-date. They must ensure that changes of address etc are notified to the Registry.
-
Students who may from time to time process personal data as part of their studies must notify their supervisor / tutor, who should inform the Principal.
Data security
- All staff members are responsible for ensuring that any personal data that they hold is kept securely.
- All staff must ensure that personal student information is not disclosed either orally or in writing or via Web pages or by any other means, accidentally or otherwise, to any unauthorised third party.
- Staff should note that unauthorised disclosure will be a disciplinary matter, and will be considered as gross misconduct.
Personal information
- Must be kept in a locked filing cabinet, drawer, or safe; or
- If it is computerised, be coded, encrypted or password protected both on a local hard drive and on a network drive that is regularly backed up; and
- If a copy is kept on a diskette or other removable storage media, that media must itself be kept in a locked filing cabinet, drawer, or safe.
Rights to access information
- All staff, students and other users are entitled to know what information the College holds about them and
- Know how to gain access to it and
- Know how to keep it up to date and
- Know what the College is doing to comply with its obligations
- To further explain this policy and in particular the last three points above the College will, upon request, provide all staff and students and other relevant users with a statement regarding the personal data held about them. This will state all data the College holds and processes about them, and the reasons for which they are processed.
- All staff, students and other users have a right to access certain personal data being kept about them either on computer or in certain files. Any person who wishes to exercise this right should complete the Subject Access Request Form and submit it to the appropriate Designated Data Controller.
- The College will make a charge of £10 on each occasion that access is requested, although the College has discretion to waive this.
- The College aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 10 working days.
Examination grades
- During the course of their studies, students will routinely be provided with information about their marks for both coursework and examinations. However, exam scripts themselves are exempt from the subject access rules, and copies will not ordinarily be given to a student who makes a subject access request.
Subject consent
- In many cases, the College can only process personal data with the consent of the individual. In some cases, if the data is sensitive, express consent must be obtained. Agreement to the College processing some specified classes of personal data is a condition of acceptance by a student onto any course, and a condition of employment for staff. This includes information about previous criminal convictions.
- Some jobs or courses will bring the applicants into contact with children, including young people between the ages of 16 and 18. The College has a duty under the Children Act and other enactments to ensure that staff members are suitable for the job, and that students are acceptable for the courses offered.
- The College also has a duty of care for all staff and students and must therefore make sure those employees and those who use College facilities do not pose a threat or danger to other users.
- The College may also ask for information about particular health needs, such as allergies to particular forms of medication, or any medical condition such as asthma or diabetes. The College will only use this information in the protection of the health and safety of the individual, but will need consent to process this data in the event of a medical emergency.
- Therefore, the application forms that all prospective staff and students are required to complete will include a section requiring consent to process the applicant's personal data. A refusal to sign such a form will prevent the application from being processed.
Processing sensitive information
- Sometimes it is necessary to process information about a person's health, criminal convictions, race, and trade union membership. This may be to ensure that the College is a safe place for everyone, or to operate other College policies, such as the Sick Pay policy or the Equal Opportunities policy. Because this information is considered sensitive, staff (and students where appropriate) will be asked to give their express consent for the College to process this data. An offer of employment or a course place may be withdrawn if an individual refuses to consent to this without a reason acceptable to the LCPS Board.
Publication of college information
- The names of Senior Officers and Directors of the College or any other personal data relating to employees or Directors will be published in the annual Calendar and on the web site when any statute or law requires such data to be made public.
- Certain items of information relating to college staff will be made available via searchable directories on the public Web site, in order to meet the legitimate needs of visitors and enquirers seeking to make contact with appropriate staff.
Retention of Data
- The College has a duty to retain personal staff and student data for a period of time following their departure from the College, mainly for legal reasons, but also for other purposes such as being able to provide references and academic transcripts, or for financial reasons, for example relating to taxation. Different categories of data will be retained for different periods of time.
Conclusion
- Compliance with the Act is the responsibility of all members of the College. Any deliberate breach of the Data Protection policy will lead to disciplinary action being taken or access to College facilities being withdrawn, or even to a criminal prosecution.
- Any questions or concerns about the interpretation or operation of this policy should be taken up with the Principal.
|
