This organisation is committed to protect the privacy of all individuals including staff,
suppliers and clients by ensuring correct use of their personal information in accordance
with the Data Protection Act. The organisation will ensure this policy is implemented by
all staff. Any failure by employees to follow this policy may result in disciplinary
It is imperative that storage of data complies with data protection requirements i.e. all information captured and processed must be stored and processed in a manner complying with the Act.
To ensure compliance there is a legal obligation to take “appropriate technical and organisational measures” against unauthorised or unlawful processing, which also includes ensuring that those who have no right to access the personal information do not access it.
One key to compliance is accepting that there is a difference between needing access to personal information and wanting access to personal information.
To ensure that the method of handling personal information complies with the legislation the Organisation will ensure:
- Clear identification of the personal information that is being collected;
- Clear identification of how that information is intended to be used;
- Clear identification of whom the information is to be shared with;
- Clear outline of what safeguards are in place to protect the personal information from loss, misuse or alteration;
- That explicit consent is obtained from staff, clients or others to gather their personal information; and
- That procedures are in place to govern whom the information can be released to.
Data Protection compliance will take time and effort but it will create an increased confidence in the activities of the Organisation.
Requests for information held on record by the Organisation should be submitted in writing to the Manager. Care will be taken to ensure that the Data Protection Principles are not breached.