Data Protection

1. Introduction

Medipathways College recognises its obligation to comply with the Data Protection Act 1998. All information kept on staff, students, and other users for administrative purposes, and in order to monitor performance, achievements, and progression must therefore be collected and used fairly, stored safely, and not disclosed to other persons unlawfully (ICO No: 8017402).
These state that personal data shall:
• be obtained and processed fairly and lawfully and shall not be processed
unless certain conditions are met;
• be obtained for a specified and lawful purpose and shall not be processed in
any manner incompatible with that purpose;
• be adequate, relevant and not excessive for those purposes;
• be accurate and kept up to date;
• not be kept for longer than is necessary for that purpose;
• be processed in accordance with the data subject’s rights;
• be kept safe from unauthorised access, accidental loss or destruction;
The College and all staff or others who process or use any personal information must
ensure that they follow these principles at all times.

2. Status of the Policy

All staff are made aware of their obligations to adhere to these principles, and a failure to do so can result in disciplinary action. Any staff who suspect that data protection is being compromised should report this to the Chairman.

3. Notification of Data Held and Processed

All staff, students and other users are entitled to:
• know what information the College holds about them and why;
• know how to gain access to it;
• know how to keep it up to date;
• know what the College is doing to comply with its obligations under the 1998 Act.

4. Responsibilities of Staff

All staff are responsible for:
·      ensuring that all information that is provided to the College is accurate and kept up to date;
·      ensuring that all personal data is kept securely and that it is not disclosed to any unauthorized third party, either in a locked cabinet or, in the case of computerized information, be password protected;
·      to follow College guidelines when writing sending references or progress reports.

Staff Checklist for Recording Data

• Do you really need to record the information?
• Is the information ‘standard’ or is it ‘sensitive’?
• If the information is sensitive, do you have the data subject’s express consent?
• Has the student been informed that this type of data will be processed?
• Are you sure that the data is secure?

5. Responsibilities of Students

Students must ensure that all personal data provided to the College is accurate and up to date. They must ensure that changes of address, etc, are notified to the Registry.

6. Rights to Access Information

Staff, students and other users of the College have the right to access any personal data that is being kept about them either on computer or in certain files. The College will comply with requests as quickly as possible and in no more than 14 days.

7. Information Supplied to External Bodies

The College may pass on information to external bodies such as regulatory bodies or other universities which students have applied to. In some cases, if the data is sensitive, express consent must be obtained. Agreement to the College processing some specified classes of personal data is a condition of acceptance of a student onto any course, and a condition of employment for staff.

8. Retention of Data

Information about students will be kept for a maximum of six years after they leave the College. This will include:
• name, address, date of birth, nationality;
• assessment information;
• copies of references