Access to personal accounts and lawful business monitoring
|
|
- Darrell Sharp
- 6 years ago
- Views:
Transcription
1 Access to personal accounts and lawful business monitoring Contents Policy statement... 2 Access to personal s... 2 Manager suspects misuse... 3 Lawful business monitoring... 4 Additional information... 6 Access to personal s and lawful business monitoring Page 1 of 6
2 Policy statement Summary West Yorkshire Police will allow access to personal s that are administered by the force, by a designated person ensuring the efficiency and integrity of the organisations whilst safeguarding the individual from unnecessary access. The force will also have a framework for the ethical monitoring, interception and recording of communications within the workplace which are transmitted using West Yorkshire Police systems. This policy explains how users authorise others to access their personal mailbox, how line managers can access mailboxes in cases such as unplanned absences and how line managers can deal with suspected misuse. The policy also explains the process lawful business monitoring. Scope This policy applies to all individuals who use Force communication systems including police officers, police staff, police community support officers, special constables, volunteers, temporary staff, agency staff, ex-employees and any contractors. Access to personal s Introduction There will be occasions when a mailbox will need to be accessed by your line manager, such as when absence is short notice and unplanned. It is advisable to allow your line manager access, but the authority can be withdrawn at any time. The procedures to be adhered to when requesting access to mailboxes are covered in this policy. Shared mailboxes will already be accessible by line managers and colleagues, the access to these will differ, however a designated person will need to be appointed whilst there is an absence. Principles All Force computer terminals and systems are for business use only. You should not use Force for personal purposes, unless deemed necessary where Force business is involved e.g. sending Force work to your home . The designated person must always consider any issues of confidentiality and legal privilege that may be contained within messages and deal with them accordingly. Any access to mailboxes is granted for 14 days, then a new request must be submitted for further access time. When granted access, items from the mailbox can be forwarded, as required, however items must not be deleted. Access to personal s and lawful business monitoring Page 2 of 6
3 If the owner of the mailbox is a representative of either the: Police Federation; Trade Union; or Superintendents Association, then the Federation or Superintendents Association Chair or Secretary, or the Union Branch Secretary should be consulted before the mailbox is accessed. Line manager responsibilities Line managers are responsible for: submitting a request via the IT Self Service Portal for permission of access; applying an Out of Office reply with appropriate wording; appointing a designated person access to the mailbox to deal with existing messages; ensuring relevant s can be identified and forwarded to the appropriate recipient by the IT Department; reviewing access in respect of necessity, proportionality and collateral intrusion; when access is no longer required, notifying IT Self Service Portal without any undue delay; and informing the owner that you have access their mailbox when they return. Manager suspects misuse Introduction There will be occasions when there is suspected misuse of a mailbox and there will be a need to examine the contents overtly. This must be reported to the Professional Standards Department and the principles and responsibilities below adhered to. Definition Misuse of a mailbox may consist one or more of the following: using the mailbox to abuse position; and not using the system for a policing purpose. Principles Line managers have the discretion to report employees for suspected misuse of a mailbox. Any s containing inappropriate content must be reported to the Professional Standards Department through the Confidential Reporting Procedure or Anonymous Messenger. The Head of Professional Standards Department is responsible for granting access to mailboxes where misuse is suspected. Line manager responsibilities Line managers are responsible for: submitting a report to the Head of Professional Standards Department, requesting access to the mailbox due to suspected misuse. You must consider: o necessity; Access to personal s and lawful business monitoring Page 3 of 6
4 o proportionality; o how collateral intrusion is to be minimised; and o circumstances leading to the request. once authorised, submitting a request, documenting minimal details for access to be granted to a designated person via the IT Self Service Portal NOT including any details of the suspected misuse; and sending information to the IT Security Officer who will co-ordinate the request with the appropriate team. Designated officer The designated officer will then be granted access to the mailbox and their name will appear on the access control list. Lawful business monitoring Introduction The force allows for the monitoring and recording of communication within the workplace that has been transmitted using West Yorkshire Police systems. The aim is to review information for the purposes of training, standards or disciplinary proceedings. Definition Lawful business monitoring means: the obtaining of historic data and information to enable an audit of an individual s activity within the Force s communications systems; and interception, i.e. the live recording of, or the listening to conversations or communications and can involve the recording of anything witnessed. Both can extend to off duty use of Force communications systems. Principles Lawful business monitoring includes electronic communications, e.g. telephone calls, fax transmissions, s and internet access on systems such as (but not limited to) Outlook accounts, storage drives, work mobile phones, electronic pocket notebooks, computer terminals and work laptops. There can be no monitoring or recording of personal or public telephone networks under lawful business monitoring. However, if individuals use a Force device for both private and business purposes then this policy procedure will apply. Lawful business monitoring requires that all individuals who use Force communications systems understand that: o their conversations and all other communications may not be considered private; and o West Yorkshire Police can record and monitor the use of Force communication systems and, as a result of any such monitoring, may instigate any of the below actions: Access to personal s and lawful business monitoring Page 4 of 6
5 review standards of training or service delivery; review standard operating procedures or Force policy, procedures or guidance; or consider or instigate criminal or disciplinary proceedings. Force undertaking All staff should be reassured that monitoring and recording will only be adopted when necessary and the level of intrusion will be proportionate to the issue being considered. In criminal and misconduct cases, lawful business monitoring will be considered on a case by case basis with application, in the first instance, via the PSD s senior leadership team. Professional Standards Department responsibilities Lawful business monitoring as a result of intelligence or as part of a criminal investigation, is the responsibility of Professional Standards Department (PSD). The monitoring will not be speculative or random. PSD will assess intelligence and handle it in accordance with the principles of the Code of Ethics and Data Protection Act 1998 and it will be properly evaluated with regards to the necessity and proportionality of such activity. Applications for intelligence led lawful business monitoring will be made via PSD to a member of the Chief Officer Team. Access to personal s and lawful business monitoring Page 5 of 6
6 Additional information Compliance This Policy complies with the following legislation and guidance: Data Protection Act 1998 Computer Misuse Act 1990 Regulation of Investigatory Powers Act 2000 Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 Human Rights Act 1998 Policy database administration Item Details Document title: Access to personal and lawful business monitoring Owner: Professional Standards Author / Reviewer: Date of last review: 07/03/2016 Date of next review: 07/03/2017 The Equality and Human Rights Assessment for this policy is held on Force Registry which can be accessed via this link. The table below details revision information relating to this document: Topic title Date Policy revised into new format with the addition of 07/03/2016 lawful business monitoring. Agreed by JNCC. Access to personal s and lawful business monitoring Page 6 of 6
Access Control Policy
Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,
More informationResponsible Officer Approved by
Responsible Officer Approved by Chief Information Officer Council Approved and commenced August, 2014 Review by August, 2017 Relevant Legislation, Ordinance, Rule and/or Governance Level Principle ICT
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationInformation Security Incident Response and Reporting
Information Security Incident Response and Reporting Original Implementation: July 24, 2018 Last Revision: None This policy governs the actions required for reporting or responding to information security
More informationPolicy General Policy GP20
Email Policy General Policy GP20 Applies to All employees Committee for Approval Quality and Governance Committee Date of Approval September 2012 Review Date June 2014 Name of Lead Manager Head of Technology
More informationVirginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Personnel Security Standard This standard is applicable to all VCU School of Medicine personnel. Approval
More informationUse of Personal Mobile Phone Whilst on Duty
Use of Personal Mobile Phone Whilst on Duty (Incorporating Smartphones and Hand Held Devices) Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationPolicy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.
London School of Economics & Political Science IT Services Policy Remote Access Policy Jethro Perkins Information Security Manager Summary This document outlines the controls from ISO27002 that relate
More informationPrivacy Impact Assessment
Automatic Number Plate Recognition (ANPR) Deployments Review Of ANPR infrastructure February 2018 Contents 1. Overview.. 3 2. Identifying the need for a (PIA).. 3 3. Screening Questions.. 4 4. Provisions
More informationRMU-IT-SEC-01 Acceptable Use Policy
1.0 Purpose 2.0 Scope 2.1 Your Rights and Responsibilities 3.0 Policy 3.1 Acceptable Use 3.2 Fair Share of Resources 3.3 Adherence with Federal, State, and Local Laws 3.4 Other Inappropriate Activities
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationThe University of British Columbia Board of Governors
The University of British Columbia Board of Governors Policy No.: 118 Approval Date: February 15, 2016 Responsible Executive: University Counsel Title: Safety and Security Cameras Background and Purposes:
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationElectronic Communications with Citizens Guidance (Updated 5 January 2015)
Electronic Communications with Citizens Guidance (Updated 5 January 2015) Overview - Email Activities Outside Of The Scope Of The Policy And This Guidance Requests To Use Email/SMS Outside The Scope Of
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationCorporate Information Security Policy
Overview Sets out the high-level controls that the BBC will put in place to protect BBC staff, audiences and information. Audience Anyone who has access to BBC Information Systems however they are employed
More informationUCL Policy on Electronic Mail ( )
LONDON S GLOBAL UNIVERSITY UCL Policy on Electronic Mail (EMAIL) Information Security Policy University College London Document Summary Document ID Status Information Classification Document Version TBD
More informationInstitute of Technology, Sligo. Information Security Policy. Version 0.2
Institute of Technology, Sligo Information Security Policy Version 0.2 1 Document Location The document is held on the Institute s Staff Portal here. Revision History Date of this revision: 28.03.16 Date
More informationMalpractice and Maladministration Policy
Malpractice and Maladministration Policy Introduction This policy is aimed at our customers, including learners, who are delivering/registered on BCS approved qualifications or units within or outside
More informationICT User Access Security Standard Operating Procedure
ICT User Access Security Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationAcceptable Use Policy
IT and Operations Section 100 Policy # Organizational Functional Area: Policy For: Date Originated: Date Revised: Date Board Approved: Department/Individual Responsible for Maintaining Policy: IT and Operations
More informationIt applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).
Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations
More informationCompany Policy Documents. Information Security Incident Management Policy
Information Security Incident Management Policy Information Security Incident Management Policy Propeller Studios Ltd is responsible for the security and integrity of all data it holds. Propeller Studios
More informationGDPR Draft: Data Access Control and Password Policy
wea.org.uk GDPR Draft: Data Access Control and Password Policy Version Number Date of Issue Department Owner 1.2 21/01/2018 ICT Mark Latham-Hall Version 1.2 last updated 27/04/2018 Page 1 Contents GDPR
More informationINFORMATION TECHNOLOGY SECURITY POLICY
INFORMATION TECHNOLOGY SECURITY POLICY Author Responsible Director Approved By Data Approved September 15 Date for Review November 17 Version 2.3 Replaces version 2.2 Mike Dench, IT Security Manager Robin
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationData Protection Policy
Data Protection Policy Introduction Stewart Watt & Co. is law firm and provides legal advice and assistance to its clients. It is regulated by the Law Society of Scotland. The personal data that Stewart
More informationIEEE Electronic Mail Policy
IEEE Electronic Mail Policy 1. Policy Responsibility and related documents This policy is maintained by the IEEE Information Technology Strategy Committee (ITSC), with revisions submitted to the Board
More informationPolicy & Procedure Privacy Policy
NUMBER POL 050 PAGES 12 VERSION V3.8 CREATED: LAST MODIFIED: REVISION: 05/11/2009 06/06/2018 06/06/2019 DOCUMENTS: Authority to Exchange Information Media Authority Student Staff Privacy Agreement REFERENCES:
More informationNotebooks and PDAs. Standard Operating Procedure
Notebooks and PDAs Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised
More informationSCOTTISH ENVIRONMENT PROTECTION AGENCY. Information Technology Acceptable Use Procedure. Final Version 5.10 Page 1 of 7
SCOTTISH ENVIRONMENT PROTECTION AGENCY Information Technology Acceptable Use Procedure Final Version 5.10 Page 1 of 7 SCOTTISH ENVIRONMENT PROTECTION AGENCY Information Technology Acceptable Use Procedure
More informationMobile Communication Policy
Mobile Communication Policy Document Type Author Owner (Dept) Mobile Communication Policy Chief Executive Health & Safety Date of Review June 2015 List of Contents Page No 1. Summary of Duties... 3 2.
More informationDATA SUBJECT ACCESS REQUEST PROCEDURE
DATA SUBJECT ACCESS REQUEST PROCEDURE DATA PROTECTION ACT 1998 This procedure seeks to ensure that the Transport Executive receives and processes Data Subject Access Requests in accordance with the Data
More informationThis procedure sets out the usage of mobile CCTV units within Arhag.
CCTV PROCEDURE Statement This procedure sets out the usage of mobile CCTV units within Arhag. Arhag is a registered charitable housing association and is not considered an appropriate authority with regards
More informationACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010
INFORMATION SECURITY POLICY EMAIL ACCEPTABLE USE ISO 27002 7.1.3 Author: Owner: Organisation: Document No: Chris Stone Ruskwig TruePersona Ltd SP-7.1.3 No: 1.0 Date: 10 th January 2010 Copyright Ruskwig
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationDATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:
DATA PROTECTION SELF-ASSESSMENT TOOL Protecture: 0203 691 5731 Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should
More informationWe reserve the right to modify this Privacy Policy at any time without prior notice.
This Privacy Policy sets out the privacy policy relating to this site accessible at www.battleevents.com and all other sites of Battle Events which are linked to this site (collectively the Site ), which
More informationINFORMATION TO BE GIVEN 2
(To be filled out in the EDPS' office) REGISTER NUMBER: 1423 (To be filled out in the EDPS' office) NOTIFICATION FOR PRIOR CHECKING DATE OF SUBMISSION: 03/01/2017 CASE NUMBER: 2017-0015 INSTITUTION: ESMA
More informationXpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;
65 Gilbert Street, Adelaide SA 5000 Tel: 1300 216 890 Fax: 08 8221 6552 Australian Financial Services Licence: 430962 Privacy Policy This Privacy Policy was last updated on 27 February 2017. Our Commitment
More informationData Breach Notification Policy
Data Breach Notification Policy Policy Owner Department University College Secretary Professional Support Version Number Date drafted/date of review 1.0 25 May 2018 Date Equality Impact Assessed Has Prevent
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationData Encryption Policy
Data Encryption Policy Document Control Sheet Q Pulse Reference Number Version Number Document Author Lead Executive Director Sponsor Ratifying Committee POL-F-IMT-2 V02 Information Governance Manager
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationSpringfield, Illinois Police Department
Directive Number: ADM-46 01-084 Issue Date: 05/28/01 Distribution: C,E* Revision Dates: 06/01/01 Effective Date: 06/01/01 Related CALEA Standards: 82.1.7 References: CALEA Standards Manual Rescinds: ADM-46/01-015
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationPS 176 Removable Media Policy
PS 176 Removable Media Policy December 2013 Version 2.0 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data
More informationII.C.4. Policy: Southeastern Technical College Computer Use
II.C.4. Policy: Southeastern Technical College Computer Use 1.0 Overview Due to the technological revolution in the workplace, businesses such as Southeastern Technical College (STC) have turned to computer
More informationEco Web Hosting Security and Data Processing Agreement
1 of 7 24-May-18, 11:50 AM Eco Web Hosting Security and Data Processing Agreement Updated 19th May 2018 1. Introduction 1.1 The customer agreeing to these terms ( The Customer ), and Eco Web Hosting, have
More information2.1 The type of personal information that auda collects about you depends on the type of dealings you have with us. For example, if you:
auda PUBLISHED POLICY Policy Title: PRIVACY POLICY Policy No: 2014-01 Publication Date: 11/03/2014 Status: Current 1. BACKGROUND 1.1 This document sets out auda's privacy policy, drafted in accordance
More informationREGULATION BOARD OF EDUCATION FRANKLIN BOROUGH
R 3321/Page 1 of 6 The school district provides computer equipment, computer services, and Internet access to its pupils and staff for educational purposes only. The purpose of providing technology resources
More informationLeiden University Regulations on ICT and Internet Use. Version
1 Leiden University Regulations on ICT and Internet Use Version 1.0 4-11-2014 These Regulations state the rules regarding the use of ICT and internet facilities offered by Leiden University to its students,
More informationDATA PROCESSING TERMS
DATA PROCESSING TERMS Safetica Technologies s.r.o. These Data Processing Terms (hereinafter the Terms ) govern the rights and obligations between the Software User (hereinafter the User ) and Safetica
More informationThe Apple Store, Coombe Lodge, Blagdon BS40 7RG,
1 The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union ( EU ) and will be directly applicable in all EU Member
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Introduction The purpose of this document is to provide a concise policy regarding the data protection obligations of Youth Work Ireland. Youth Work Ireland is a data controller
More informationSevern Trent Water. Telecommunications Policy and Access Procedure
Severn Trent Water Telecommunications Policy and Access Procedure Contents STW Telecommunications Policy: 5-12 Health and Safety: 13-18 Access Procedures:19-30 2 STW LSH Sites Access Policy [Controlled
More informationICT User Policy. for use in Essa Academy Essa Primary Academy Essa Nursery and Support Services
ICT User Policy for use in Essa Academy Essa Primary Academy Essa Nursery and Support Services For approval and adoption by the Board of Directors- 7 July 2017 For adoption by Essa Academy LGB- 19 September
More informationUWC International Data Protection Policy
UWC International Data Protection Policy 1. Introduction This policy sets out UWC International s organisational approach to data protection. UWC International is committed to protecting the privacy of
More informationUniversity of Ulster Standard Cover Sheet
University of Ulster Standard Cover Sheet Document Title AUTHENTICATION STANDARD 2.0 Custodian Approving Committee ISD Heads ISD Committee Policy approved date 2011 10 13 Policy effective from date 2011
More informationINFORMATION CODE OF CONDUCT
Title & Version Contact Point Information Compliance, DoI 2(3), (020) 7091 5084 (Internal Network 78-5084) Location Summary Room 1 East, Edinburgh House The Information Code of Conduct sets out the policy
More informationAccess to University Data Policy
UNIVERSITY OF OKLAHOMA Health Sciences Center Information Technology Security Policy Access to University Data Policy 1. Purpose This policy defines roles and responsibilities for protecting OUHSC s non-public
More informationState of West Virginia Department of Health and Human Resources (DHHR) Office of Management Information Services (OMIS)
1.0 PURPOSE Periodic security audits, both internal and external, are performed for the benefit of the and its employees to: (1) identify weaknesses, deficiencies, and areas of vulnerability in operations;
More informationUCSU Student and Applicant Data Privacy Statement
UCSU Student and Applicant Data Privacy Statement Version number: 1.0 Policy Owner: Data Protection Officer Last Revised: May 2018 Review Date: July 2018 This document is to be reviewed biannually (January
More informationICT Acceptable Use Policy (AUP)
ICT Acceptable Use Policy (AUP) ICT AUP v 5.1 DRAFT Page 1 of 14 Version Control Version Revision Date Author (s) Distributed Notes 1.2 Issued 02/02/2000 1.3 Issued 05/02/2010 Judy Wyld/Jon Shepherd/Vicki
More informationCommunication and Usage of Internet and Policy
Communication and Usage of Internet and Email Policy Policy Category Administration Policy Code ADM HE 27 Policy owner Chief Executive Officer Responsible Officer Chief Executive Officer Approving authority
More informationBrasenose College ICT Systems Privacy Notice (v1.2)
Brasenose College ICT Systems Privacy Notice (v1.2) A summary of what this notice explains Brasenose College is committed to protecting the privacy and security of personal data. This notice applies to
More informationCardiff University Security & Portering Services (SECTY) CCTV Code of Practice
Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice Document history Author(s) Date S Gamlin 23/05/2018 Revision / Number Date Amendment Name Approved by BI annual revision Date
More informationArticle I - Administrative Bylaws Section IV - Coordinator Assignments
3 Article I - Administrative Bylaws Section IV - Coordinator Assignments 1.4.1 ASSIGNMENT OF COORDINATORS To fulfill the duties of the Fiscal Control and Internal Auditing Act (30 ILCS 10/2005), the Board
More informationInformation Governance Incident Reporting Procedure
Information Governance Incident Reporting Procedure : 3.0 Ratified by: NHS Bury CCG Quality and Risk Committee Date ratified: 15 th February 2016 Name of originator /author (s): Responsible Committee /
More informationInformation Governance Incident Reporting Policy and Procedure
Information Governance Incident Reporting Policy and Procedure Policy Number Target Audience Approving Committee IG007 CCG/GMSS Staff CCG Chief Officer Date Approved February 2018 Last Review Date February
More informationInformation Governance Incident Reporting Policy
Information Governance Incident Reporting Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 29 th November 2017 Name of originator
More informationPCA Staff guide: Information Security Code of Practice (ISCoP)
PCA Staff guide: Information Security Code of Practice (ISCoP) PCA Information Risk and Privacy Version 2015.1.0 December 2014 PCA Information Risk and Privacy Page 1 Introduction Prudential Corporation
More information1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.
1 Introduction 1.1 Article 15 of the General Data Protection Regulations (GDPR) provides individuals (Data Subjects) with the right to access personal information so that they are fully informed of the
More informationStandard for Security of Information Technology Resources
MARSHALL UNIVERSITY INFORMATION TECHNOLOGY COUNCIL Standard ITP-44 Standard for Security of Information Technology Resources 1 General Information: Marshall University expects all individuals using information
More informationE RADAR. All Rights Reserved. Acceptable Use Policy
Email Acceptable Use Policy For further help, please contact support@eradar.eu Item Number LD 0002 Author E RADAR LIMITED Disclaimer This template is provided with the understanding that the publisher
More informationma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018
ma recycle.com Rely and Comply... GDPR Privacy Policy Policy Date: 24 May 2018 Max Recycle Hawthorne House Blackthorn Way Sedgeletch Industrial Estate Fencehouses Tyne & Wear DH4 6JN T: 0845 026 0026 F:
More information1 Privacy Statement INDEX
INDEX 1 Privacy Statement Mphasis is committed to protecting the personal information of its customers, employees, suppliers, contractors and business associates. Personal information includes data related
More informationAcceptable Usage Policy (Student)
Acceptable Usage Policy (Student) Author Arthur Bogacki Date 18/10/2017 Version 1.1 (content sourced and consolidated from existing Email and Electronic Communication, and User Code of Practice policies.)
More informationIT Appropriate Use - Best Practice for Guidelines. Section 1 - Purpose / Objectives. Section 2 - Scope / Application. Section 3 - Definitions
IT Appropriate Use - Best Practice for Email Guidelines Section 1 - Purpose / Objectives (1) Email is used at Victoria University as a business communication tool and users are obliged to use this tool
More informationInformation Technology Access Control Policy & Procedure
Information Technology Access Control Policy & Procedure Version 1.0 Important: This document can only be considered valid when viewed on the PCT s intranet/u: Drive. If this document has been printed
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationICT Portable Devices and Portable Media Security
ICT Portable Devices and Portable Media Security Who Should Read This Policy Target Audience All Trust Staff, contractors, and other agents, who utilise trust equipment and access the organisation s data
More informationNetwork Account Management Security Standard
TRUST-WIDE NON-CLINICAL DOCUMENT Network Account Management Security Number: Scope of this Document: Recommending Committee: Approving Committee: SS06 All Staff/ Services Users Joint Information Governance
More informationThe John Fisher School ICT Policy
The John Fisher School ICT Policy Responsible: Governors Resources Committee Review Date: May 2018 The need for a policy All The John Fisher School s information communication technology (ICT) facilities
More informationEnterprise Income Verification (EIV) System User Access Authorization Form
Enterprise Income Verification (EIV) System User Access Authorization Form Date of Request: (Please Print or Type) PART I. ACCESS AUTHORIZATION * All required information must be provided in order to be
More informationLifeWays Operating Procedures
07-02.08 EMAIL GUIDELINES AND REQUIREMENTS I. PURPOSE To define the security, privacy and professional standards and considerations regarding electronic mail communication. II. SCOPE This procedure covers
More informationDCU Guide to Subject Access Requests. Under Irish Data Protection Legislation
DCU Guide to Subject Access Requests Under Irish Data Protection Legislation Context Under section 4 of the Irish Data Protection Acts 1988 & 2003 an individual, on making a written request to DCU, may
More informationThe General Data Protection Regulation
PRIVACY NOTICE INFORMATION FOR (a) APPLICANTS TO AND USERS OF CHS COMMUNITY SUPPORT SERVICES; (b) OTHER STAKEHOLDERS CHS is committed to protecting your personal data. This privacy notice sets out how
More informationPolicy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018
Policy Title; Business Continuity Management Policy Date Published/Reviewed; February 2018 Business Lead; Head of Strategic Governance CCMT sponsor; Deputy Chief Constable Thames Valley Police ensures
More informationComplaints and Compliments Policy. Date Approved: 28 September Approved By: Governing Body. Ownership: Corporate Development
Complaints and Compliments Policy Date Approved: 28 September 2016 Approved By: Ownership: Governing Body Corporate Development Date of Issue: August 2017 Proposed Date of Review: August 2019 Date of Equality
More informationNWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2
NWQ Capital Management Pty Ltd Privacy Policy March 2017 Page 1 of 8 Privacy and Spam Policy NWQ Capital Management Pty Ltd s Commitment NWQ Capital Management Pty Ltd (NWQ) is committed to providing you
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationTo use centralised systems for remote control of computers and deployment of software, system images and security updates.
JOB DESCRIPTION POST: First Line Support Desk Analyst GRADE: Support Staff Grade 2/3 RESPONSIBLE TO: KEY PURPOSE: IT Manager To work as part of the ilrc team to provide on-going proactive technical and
More informationTELEPHONE AND MOBILE USE POLICY
TELEPHONE AND MOBILE USE POLICY Date first approved: 9 December 2016 Date of effect: 9 December Date last amended: (refer Version Control Table) Date of Next Review: December 2021 First Approved by: University
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More information