Confidentiality and Data Protection Policy 2019
INTRODUCTION
PCS holds personal and confidential information about its customers, board members, employees, employment applicants and suppliers. All individuals have a right to privacy and PCS is bound by the Data Protection Act 1998.
This policy is concerned with the storage, processing and accessibility of all personal information held by PCS. It outlines the position of PCS with regard to the nature of data to be held, the fair and lawful processing of such data, and deals with issues relating to the confidentiality of information and its availability to our customers. PCS welcomes the objectives of Data Protection legislation, recognising that personal information is confidential and that unauthorised disclosure may constitute a breach of contract and an offence under the Data Protection Act.
POLICY STATEMENT
The aims of this policy are as follows: • To ensure that PCS complies with the legal requirements set out by the Data Protection Act 1998 and other relevant legislation • To set out the principles of the PCS’s approach to data privacy and protection • To outline the rights of customers with regard to access to information, and their entitlement to confidentiality • To specify responsibilities for ensuring compliance with the policy
IMPLEMENTATION The Senior Management team (SMT) of PCS is responsible for implementation of this Policy.
1. Guiding Principles In adopting this Policy, PCS shall be guided by the following broad Data Protection principles:
Personal data shall be processed fairly and lawfully Personal data shall be obtained only for one or more specified and lawful purposes, as set out in PCS’s registration entry with the Information Commissioner, and shall not be further processed in any manner incompatible with that purpose or those purposes
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
Personal data shall be accurate and, where necessary, kept up to date
Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose
Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
In addition to these, PCS shall also recognise the following:
Individuals have the right to access information that PCS holds on them subject to certain exceptions permitted by law
Individuals have the right to expect that PCS shall keep such personal information confidential, unless specific circumstances apply that determine this would be inappropriate. These specific circumstances shall be defined within the “Access to Personal Information Procedure”
2. Individual Data Subjects: Information Access
Individuals may request a copy of information held upon them by PCS, and can seek its amendment / erasure if this is inaccurate or no longer required.
The procedure for dealing with such requests is set out in the “Access to Personal Information Procedure”..
3. Duties of Employees and Board Members
It is the responsibility of all staff and board members to maintain confidentiality as set out within this policy. A breach of confidentiality is a serious offence.
Staff and Managers will receive appropriate training on the provisions and implementation of Data Protection Legislation.
It is the responsibility of all staff to inform a senior manager when they are made aware of a breach of confidentiality. The senior manager is then responsible for taking appropriate action when they are made aware of such a breach.
DISCLOSURE OF INFORMATION
Information on individuals shall be considered confidential, and will only be passed to other organisations with the express written consent of the individual concerned, unless there are exceptional circumstances. Such circumstances include:
Where there is clear evidence of fraud
To comply with the law
In connection with legal proceedings Where it is essential and lawful to enable PCS or other agencies with which PCS co-operates to carry out their duties
Requests from third parties for such access shall only be considered where these are made in accordance with the process specified in the “Access to Personal Information Procedure”.
MONITORING AND RESPONSIBILITIES
It is the responsibility of the Board to ensure that implementation of the Data Protection and Confidentiality Policy is monitored.
PCS shall ensure that it has a named Data Controller, who will offer advice to employees, board members and customers on the implementation of this Policy.
The capture, availability, processing, and purging of personal data shall comply with Corporate policies and all appropriate legislation, and will be monitored and managed by the Data Controller
Last revised: 12th September 2019
Cert No. 11012