POLICY ON DATA PROTECTION ACTS 1988 & 2003

POLICY ON DATA PROTECTION ACTS 1988 & 2003
The objectives of this document are:
•
•
•
to give an overview of the Data Protection legislation that applies in the Republic of
Ireland
to summarise the responsibilities of staff and students within St Patrick’s College
and
to summarise the rights of individuals under the legislation.
Further information is available at:
http://www.dataprotection.ie
WHAT IS DATA PROTECTION?
Data protection addresses the safeguarding of the privacy rights of individuals in relation
to the processing of personal data. The Data Protection Act 1988 and the Data Protection
Amendment Act 2003 confer rights on individuals as well as responsibilities on those
persons processing personal data.
St Patrick’s College, in common with many other organisations such as government bodies,
finance houses and other universities etc., gathers and stores data about individuals. This
is necessary for the purposes of running the operations of the College. For the purpose of
data protection, such organisations or individuals who control the contents and use of
personal data are known as DATA CONTROLLERS. The Data Protection Acts 1988 and
2003 impose obligations on data controllers and give rights to individuals relating to their
personal data.
WHAT TYPES OF DATA ARE INCLUDED?
All personal information relating to a living individual is included under the legislation. It
covers data that is held on computers as well as data that is held in manual files.
Data Protection Policy – St Patrick’s College – December 2014
It applies to all the data that is held - for example it applies to data in emails and copy
letters as well as to data on Master Files etc.
WHAT ARE OUR RESPONSIBILITIES?
Any staff member of St Patrick’s College who is involved in the collection, storage or
processing of such data has responsibilities under the legislation.
Examples would include staff members involved in the collection of data from individuals
applying for courses at St Patrick’s College; those involved in the recruitment of staff,
those involved in the processing of fee payments, examination results, Alumni data, etc.
The responsibilities of Data Controllers are:
•
•
•
•
•
•
•
•
to obtain and process information fairly
to keep it only for one or more specific, explicit and lawful purposes
use and disclose only in ways compatible with these purposes
to keep it safe and secure
to keep it accurate, complete and up-to-date
to ensure that it is adequate, relevant and not excessive
to retain it for no longer than is necessary for the explicit purpose
to give a copy of the data to an individual, upon request (such a request is known as
an Access Request).
WHAT ARE YOUR RIGHTS AS AN INDIVIDUAL?
Please link to www.dataprotection.ie to view your rights as an individual under data protection
legislation. This sets out in detail how to exercise these rights and the timelines that must be
adhered to by the Data Controller when you seek to determine that your rights are being protected.
Under data protection law, you have the right:
•
•
•
•
•
•
•
•
To have your details used in line with data protection regulations
To information about your personal details (the data controller must state why they
want your details, and must advise you if your personal details are being given to
another organisation)
To access your personal details (by submitting an Access Request)
To know if your personal details are being held
To change or remove your details
To prevent use of your personal details for purposes other than their main purpose
To remove your details from a direct marketing list
To object to the use of your details (this right does not apply if you have already
agreed that the data controller can use your details, or the data controller needs
your details under the terms of a contract to which you have agreed)
2|Page
Data Protection Policy – St Patrick’s College – December 2014
•
•
To freedom from automated decision making
To refuse direct marketing calls or mail.
_______________________________________________________________________________________________________
St Patrick’s College Research data
All research conducted by staff and students of the College is subject to an ethical review
process. Research is conducted in accordance with the Code of Good Research Practice
(http://www.spd.dcu.ie/site/research/documents/CodeofGoodResearchPracticeSPD_Nov
2013.pdf). The responsibilities and procedures for the storage and disposal of data and
samples (including compliance with the requirements of the St Patrick’s College Research
Ethics Committee, or any relevant external ethics committee) are made clear at the start of
any project . The attention of prospective researchers is drawn to the provisions contained
in the Data Protection Acts 1998 & 2003
(http://www.irishstatutebook.ie/2003/en/act/pub/0006/index.html and
http://www.dataprotection.ie/viewdoc.asp?DocID=796 ), and the requirement that they at
all times act within the provisions of such legislation. Researchers also pay particular
attention to any non-disclosure agreements entered into and/or non-disclosure clauses in
proposed funding agreements and ensure they do not compromise good practice in
data/sample retention and/or publication of research outputs.
Transfer of Data between DCU/SPD/Mater Dei/CICE
Transfer of data between DCU/SPD/Mater Dei/CICE is subject to a Letter of Agreement
between the four institutions.
Transfer of Data for International Students
St Patrick's College participates in student exchange programmes; receiving students and
facilitating College students who participate on exchange programmes abroad. Records
related to students on such exchange programmes are maintained electronically in line
with the College's records retention policy. Examination results related to such students
are retained on the student record system. Examination results are posted to visiting
students in hard copy.
CCTV recordings
St Patrick’s College has closed circuit television cameras (CCTV) located throughout the
campus, covering buildings, internal spaces, car parks, roads, pathways and grounds. This
is necessary in order to protect against larcency and theft, for the security of staff, students
and visitors and for the security of College property. CCTV is monitored by SPD security
staff under the supervision of the Head Porter. Access to recorded data is restricted to
authorised personnel. CCTV data is retained for 38 days, depending on activity levels,
3|Page
Data Protection Policy – St Patrick’s College – December 2014
except when the images identify an issue and are retained specifically in the context of an
investigation of that specific issue.
CCTV footage is not released to any third party except An Garda Síochána in the case of a
disclosure pursuant to Section 8 of the Data Protection Act 1988 (i.e. where it is required
for the purpose of preventing, detecting or investigating alleged offences). A listing of
camera locations is available on request from the Secretary/Bursar. Signage indicating
that CCTV is in use is in place. Information on CCTV operations in the College is available
from the Head Porter.
Vetting Records
Student vetting information stored on the Student Records system is limited to a series of
codes, indicating whether the application has been received, processed or completed. No
information about convictions is recorded on the Student Records system. The original
forms are returned to the College in a sealed envelope to maintain confidentiality; they are
retained on file subject to the College’s records retention policy.
Staff vetting records are held in line with the College’s records retention policy.
Non-disclosure agreements/external contractors
External contractors with access to student data must sign a non-disclosure agreement.
Contact details:
Within St Patrick’s College, the College President has overall responsibility for the
implementation of Data Protection policy. Queries and clarifications should be directed to
the President’s Office, St Patrick’s College, Drumcondra, Dublin 9, and marked for the
attention of the Senior Administrator.
For queries relating access to your own personal data, please contact:
[email protected] – Telephone 01-8842006.
DATA PROTECTION OFFICER – PROFESSOR D KEOGH, PRESIDENT
4|Page