POLICY ON DATA PROTECTION ACTS 1988 & 2003
POLICY ON DATA PROTECTION ACTS 1988 & 2003 The objectives of this document are: • • • to give an overview of the Data Protection legislation that applies in the Republic of Ireland to summarise the responsibilities of staff and students within St Patrick’s College and to summarise the rights of individuals under the legislation. Further information is available at: http://www.dataprotection.ie WHAT IS DATA PROTECTION? Data protection addresses the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection Act 1988 and the Data Protection Amendment Act 2003 confer rights on individuals as well as responsibilities on those persons processing personal data. St Patrick’s College, in common with many other organisations such as government bodies, finance houses and other universities etc., gathers and stores data about individuals. This is necessary for the purposes of running the operations of the College. For the purpose of data protection, such organisations or individuals who control the contents and use of personal data are known as DATA CONTROLLERS. The Data Protection Acts 1988 and 2003 impose obligations on data controllers and give rights to individuals relating to their personal data. WHAT TYPES OF DATA ARE INCLUDED? All personal information relating to a living individual is included under the legislation. It covers data that is held on computers as well as data that is held in manual files. Data Protection Policy – St Patrick’s College – December 2014 It applies to all the data that is held - for example it applies to data in emails and copy letters as well as to data on Master Files etc. WHAT ARE OUR RESPONSIBILITIES? Any staff member of St Patrick’s College who is involved in the collection, storage or processing of such data has responsibilities under the legislation. Examples would include staff members involved in the collection of data from individuals applying for courses at St Patrick’s College; those involved in the recruitment of staff, those involved in the processing of fee payments, examination results, Alumni data, etc. The responsibilities of Data Controllers are: • • • • • • • • to obtain and process information fairly to keep it only for one or more specific, explicit and lawful purposes use and disclose only in ways compatible with these purposes to keep it safe and secure to keep it accurate, complete and up-to-date to ensure that it is adequate, relevant and not excessive to retain it for no longer than is necessary for the explicit purpose to give a copy of the data to an individual, upon request (such a request is known as an Access Request). WHAT ARE YOUR RIGHTS AS AN INDIVIDUAL? Please link to www.dataprotection.ie to view your rights as an individual under data protection legislation. This sets out in detail how to exercise these rights and the timelines that must be adhered to by the Data Controller when you seek to determine that your rights are being protected. Under data protection law, you have the right: • • • • • • • • To have your details used in line with data protection regulations To information about your personal details (the data controller must state why they want your details, and must advise you if your personal details are being given to another organisation) To access your personal details (by submitting an Access Request) To know if your personal details are being held To change or remove your details To prevent use of your personal details for purposes other than their main purpose To remove your details from a direct marketing list To object to the use of your details (this right does not apply if you have already agreed that the data controller can use your details, or the data controller needs your details under the terms of a contract to which you have agreed) 2|Page Data Protection Policy – St Patrick’s College – December 2014 • • To freedom from automated decision making To refuse direct marketing calls or mail. _______________________________________________________________________________________________________ St Patrick’s College Research data All research conducted by staff and students of the College is subject to an ethical review process. Research is conducted in accordance with the Code of Good Research Practice (http://www.spd.dcu.ie/site/research/documents/CodeofGoodResearchPracticeSPD_Nov 2013.pdf). The responsibilities and procedures for the storage and disposal of data and samples (including compliance with the requirements of the St Patrick’s College Research Ethics Committee, or any relevant external ethics committee) are made clear at the start of any project . The attention of prospective researchers is drawn to the provisions contained in the Data Protection Acts 1998 & 2003 (http://www.irishstatutebook.ie/2003/en/act/pub/0006/index.html and http://www.dataprotection.ie/viewdoc.asp?DocID=796 ), and the requirement that they at all times act within the provisions of such legislation. Researchers also pay particular attention to any non-disclosure agreements entered into and/or non-disclosure clauses in proposed funding agreements and ensure they do not compromise good practice in data/sample retention and/or publication of research outputs. Transfer of Data between DCU/SPD/Mater Dei/CICE Transfer of data between DCU/SPD/Mater Dei/CICE is subject to a Letter of Agreement between the four institutions. Transfer of Data for International Students St Patrick's College participates in student exchange programmes; receiving students and facilitating College students who participate on exchange programmes abroad. Records related to students on such exchange programmes are maintained electronically in line with the College's records retention policy. Examination results related to such students are retained on the student record system. Examination results are posted to visiting students in hard copy. CCTV recordings St Patrick’s College has closed circuit television cameras (CCTV) located throughout the campus, covering buildings, internal spaces, car parks, roads, pathways and grounds. This is necessary in order to protect against larcency and theft, for the security of staff, students and visitors and for the security of College property. CCTV is monitored by SPD security staff under the supervision of the Head Porter. Access to recorded data is restricted to authorised personnel. CCTV data is retained for 38 days, depending on activity levels, 3|Page Data Protection Policy – St Patrick’s College – December 2014 except when the images identify an issue and are retained specifically in the context of an investigation of that specific issue. CCTV footage is not released to any third party except An Garda Síochána in the case of a disclosure pursuant to Section 8 of the Data Protection Act 1988 (i.e. where it is required for the purpose of preventing, detecting or investigating alleged offences). A listing of camera locations is available on request from the Secretary/Bursar. Signage indicating that CCTV is in use is in place. Information on CCTV operations in the College is available from the Head Porter. Vetting Records Student vetting information stored on the Student Records system is limited to a series of codes, indicating whether the application has been received, processed or completed. No information about convictions is recorded on the Student Records system. The original forms are returned to the College in a sealed envelope to maintain confidentiality; they are retained on file subject to the College’s records retention policy. Staff vetting records are held in line with the College’s records retention policy. Non-disclosure agreements/external contractors External contractors with access to student data must sign a non-disclosure agreement. Contact details: Within St Patrick’s College, the College President has overall responsibility for the implementation of Data Protection policy. Queries and clarifications should be directed to the President’s Office, St Patrick’s College, Drumcondra, Dublin 9, and marked for the attention of the Senior Administrator. For queries relating access to your own personal data, please contact: [email protected] – Telephone 01-8842006. DATA PROTECTION OFFICER – PROFESSOR D KEOGH, PRESIDENT 4|Page
© Copyright 2024