DATA PROTECTION POLICY



1.     Introduction

1.1   Purpose

     ENSAFE: INSTITUTE FOR HEALTH, SAFETY & COUNSELLING TRAINING LTD (hereinafter known as “the institution”) is committed to a policy of protecting the rights and freedoms of individuals with respect to the processing of their personal data. In regards to this view, the institution follows the Trinidad and Tobago Freedom of Information Act 2003, Chapter 22:02; Part IV, 30-32 and the Trinidad and Tobago Computer Misuse Act 2000, Chapter 11:17; Part II, 3-11.
     These two Acts protect the rights and privacy of individuals and ensure that data about them are not processed without their knowledge. It will apply to information regardless of the way it is collected, used, recorded, stored and destroyed, and irrespective of whether it is held in paper files or electronically. All staff involved with the collection, processing and disclosure of personal data will be aware of their duties and responsibilities by adhering to these guidelines.
    

1.2   Scope

      ENSAFE: INSTITUTE FOR HEALTH, SAFETY & COUNSELLING TRAINING LTD collects a large quantity of information relating to staff records, names and addresses of those registering for different courses, examination marks, references, fee collection as well as any research data gathered by the institution.
      The Data Protection Policy applies to both electronic and paper records held in structured filing systems containing personal data which relates to individuals who can be identified from the data. This would include any expression of about any individuals and/or intentions about any individuals. It also applies to personal data held in pictures, video clips and/or sound recordings.
           Data protection means that the institution must:-
§  Manage and process personal data in a confidential manner
§  Protect the individual’s right to privacy
§  Provide an individual with access to all personal information held on them.

1.3   Inquiries

EN-SAFE: INSTITUTE FOR HEALTH, SAFETY & COUNSELLING TRAINING LTD
San Fernando
Tel#: 652-9559
    Email: ensafe786@gmail.com

2.     Procedure

2.1   Identification

Step 1         Personal data is collected mainly the use of Participant’s Registration Form (Appendix A) as well as the Programme Registration Form (Appendix B) which is adequate and not excessive for the institute’s needs.
Step 2         Personal data shall be processed fairly and lawfully;
Step 3         Personal data shall be obtained only for one or more specified and lawful purposes
Step 4         Personal data shall be accurate and where necessary, kept up to date;


2.2   Storage and protection

Step 1   Personal data shall be kept in filing cabinets in alphabetical order;
Step 2   Personal data process for and purpose shall not be kept for longer than is                 a        necessary for that purpose or those purposes; 
Step 3   Personal data is to be kept in locked filing cabinets away from the public’s eye  which would ensure that it is protected from loss, thief and unauthorisede disclosure;    
Step 4  Share information with others only when it is legally appropriate to do so;
Step 5  Set out procedures to ensure compliance with the duty to respond to  requests for access to personal information, known as Subject AccessaRequests (Appendix C)
Step 6  Unavoidable disclosure, for example to an engineer during maintenance of the ncomputer system. In such circumstances the engineer would be required to sign a nform promising not to disclose the data outside the school;
Step 7  Data used within the school by administration staff, teachers and counsellors will  bonly be made available where the person requesting the information is a bprofessional legitimately working within the school who need to know the binformation on order to do their work;


                                                                                   

2.3   Retrieval

Step 1   Personal data shall be stored in alphabetical order so that it would beceasy to retrieve whenever necessary.  
Step 2         Personal data shall also be stored as soft copies on computer systems where only authorised persons would have access. As such, personal data would be able to be accessed easily.

2.4   Retention time

Step 1         Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose or those purposes;
Step 2         It is intended that information on students, hard copies be stored for at least five years;
Step 3         After the five years, soft copies will be saved and hard copies will be incinerated for those documents that have reached the five years limit.

2.5   Disposition of records of assessment

Step 1         Data related to the student’s coursework will be made available to students from their lecturers.

Step 2         Data related to the records of assessment will be made available to students at least two months after their final assessments.

Step 3         Information can also be made available (under cover) if necessary to employers.


No comments:

Post a Comment

Subscribe to: Posts (Atom)