THE OLD BANK, CAMELFORD
DATA PROTECTION POLICY
Data Protection Act 1998
The Data Protection Act 1998 took effect on 1 March 2000, and supersedes the Data Protection Act 1984. The Act protects a data subject (any individual on whom data is held) from unlawful processing of data, and gives right of access to that data.
Under the new Act, essentially all aspects of handling data qualify as processing. Any data user involved, for example, in the collection, storage, retrieval, alteration, destruction or erasure of data will need to work within the requirements of the Act. In addition, the definition of data is no longer restricted to automatically processed information but also includes manual records.
Remember Data Protection now applies to some paper documents
THE OLD BANK, CAMELFORD
- THE OLD BANK, CAMELFORD recognises the public’s and voluntary/community sector’s expectation that their personal information will be handled in accordance with the law.
- THE OLD BANK, CAMELFORD regards the lawful and correct treatment of personal information as important to successful operations and to maintaining the confidence of those people it deals with.
- THE OLD BANK, CAMELFORD fully endorses and will adhere to the eight principles of the Data Protection Act 1998. See Appendix 1 for the Eight Principles.
- You should familiarise yourself with Codes of Practise and Operating Guidelines relevant to you and implement them.
- Breaking data protection law could lead you into prosecution and dismissal!
6. Disclosure of Personal Information
- DO treat personal data with care
- DO check identities of people by either asking a question that only a bone-fide caller would know before
- Disclosing information by phone
or ask to see some form of identification before
- Disclosing information by interview
- DO check there is a need to know basis before disclosing to colleagues
- DO use confidential waste to dispose of documents containing personal data
- DO ensure other people cannot see personal data on your computer system or the documents you are using if they have no need to
- DO not leave personal data on your desk when you are not there
- DO make sure you have adequate secure storage for documents
- DO use passwords to protect the data on your computer system and don’t share your login and password
- ONLY use personal data for the purpose it was collected
- ONLY disclose personal data to those people who have a right and a need to know
- ONLY disclose personal data to authorised third parties
- If You Are In Any Doubt, Don’t Disclose, Seek Advice
|Equality and Diversity|
|We aim to be an organisation that values, recognises and responds to the diverse needs of members and those we serve. We adhere to the Equality Act 2010 and will not discriminate against any person or other organisation with particular reference to the protected characteristics|
|Monitoring and Review|
|The Trustees will regularly review the operation of this policy.|
|Agreed by THE OLD BANK, CAMELFORD|
31st January 2017
Review date Jan 2018
Appendix 1 – The Eight Principles of the Data Protection Act:
Data must be:
- used fairly and lawfully
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside theEuropean Economic Area without adequate protection
THE OLD BANK, CAMELFORD
Aim of Policy
THE OLD BANK, CAMELFORD is committed to maintaining high standards of confidentiality in all aspects of our work. The organisation holds some confidential information. This is provided by, or derived from, voluntary/community organisations, members of the public, third parties and staff.
- Objectives of Policy
- To ensure that confidential records are properly managed.
- To ensure that confidential information is only released in accordance with our Data Protection Policy, legislative considerations, best practice and strict guidelines of the organisation.
- To ensure that information is only disclosed with the informed consent of the person or organisation to whom the information relates, with the following exceptions:
- when, by law, we must share information, for example with the Council Tax Office and Inland Revenue;
- in an emergency, when public safety is at risk and when information is required by the police to prevent or detect crime.
- To promote a policy that respects commercial sensitivity
- The information that THE OLD BANK, CAMELFORD collects and processes will be used to provide a service or carry out an authorised or requested transaction.
- THE OLD BANK, CAMELFORD will not sell, trade, rent or lend confidential information to anyone.
- THE OLD BANK, CAMELFORD does use specified information to provide a Directory of Voluntary/Community Organisations where only permitted contact details and essential information to delivering the service will be provided. No confidential individual information will be included.
- THE OLD BANK, CAMELFORD may become privy to certain business information, which will be treated in the same confidential manner as person specific information.
2.5 Confidentiality is essential because we recognise:
- The possible consequences for the organisation or individual if it is breached;
- The rights of organisations and individuals to have control over information about them;
- The duties placed on us whereby breaches of confidentiality could lead to formal complaints, grievance or disciplinary actions, or even legal action against us;
- Good practice and our standards for Customer Care.
- Policy Principles
- Justify the purpose – Every proposed use or transfer of information will be clearly defined and scrutinised, with continuing uses regularly reviewed by the trustees.
- Not give organisation specific data to a third party.
- Not use person specific information (unless absolutely necessary) – Person specific information will not be used unless there is no alternative.
- Allow access to information on a strict need to know basis – Only those individuals who need access to organisational, personal and commercially sensitive information will have access to it, and they will only have access to the information items that they need to see.
- Ensure everyone at THE OLD BANK, CAMELFORD is aware of their responsibilities – Procedures are in place to ensure that those handling information are aware of their responsibilities and obligations – trustees must all be familiar with this policy.
- Understand and comply with the law – THE OLD BANK, CAMELFORD complies with the Data Protection Act 1998 in processing information. This policy will be reviewed regularly, ensuring that the organisation complies with all legal requirements.
- Hold all confidential and personal information under secure and restricted conditions within the office or secure online storage.
The three main principles of the confidentiality policy are “informed consent”, “need to know” and “third party disclosure”. These principles apply both to members of the public and to members of staff.
4.1 Informed Consent
- Disclosure of personal information will only take place with the informed consent of that person. For consent to be informed, we will tell the member of the public/staff why there is a need to share information, with whom it will be shared and the likely consequences of agreeing or not agreeing to disclosure.
- We will state clearly that the information given may need to be shared with others in order to be able to provide the service requested and that non-disclosure could mean that a person would not gain access to a service or to support to which they might otherwise have been entitled.
- We will inform members of the public of our Confidentiality Policy at the first point of contact and ask them to give their consent to permit the passing on of any personal information given, if necessary, on a “need to know” basis.
4.2 Need to Know
- The transfer of personal information relating to a member of the public/staff will be kept to a minimum on a “need to know” basis. Only those staff or other service providers who have a need to know, in order to provide relevant services, will share information and only after informed consent has been given.
4.3 Disclosure to Third Parties
- Personal information will only be disclosed to third parties with the express, written or oral, consent of the person(s) who is (are) the data subject(s). Disclosure will only be considered, and consent sought, where there are clear reasons why this should happen.
- We will ensure that the recipient understands the need for confidentiality and that disclosure only takes place on the terms agreed with the person it concerns.
- On any occasion when confidential information is provided by way of a written or an oral response, we will state that the information provided is CONFIDENTIAL and should be respected as such.
- Procedure for Dealing with Breaches of this Policy
Any breach of this policy, intended or accidental, is not acceptable. Infringements of this policy will be dealt with seriously as a disciplinary matter. (See also Complaints Policy.)
The Policy in Practice
|1.||A client’s visit or telephone call to the Old Bank is completely CONFIDENTIAL. Information is only ever shared on a ‘need to know’ basis see 4.2. This is the case regardless as to whether the person in question is known to us or not, or of who is enquiring. In quoting confidentiality, staff use the following statement:
|1.1||“THE OLD BANK, CAMELFORD operates a policy of confidentiality and I can therefore neither confirm nor deny that this person is known to THE OLD BANK, CAMELFORD. However, I can take a message and, should this person contact the Centre I will pass this message on to them.”
|5. Details of counselling sessions or other support sessions are confidential to the staff/volunteer team. Such information will not be passed on to any third party, without exception unless the client concerned specifically requests this to be so.|
|Information discussed during meetings where third parties may be present should be treated with the same level of confidentiality.
|4.||CONFIDENTIALITY WILL ONLY BE BREACHED IN THE FOLLOWING CIRCUMSTANCES:|
|4.1||In certain circumstances THE OLD BANK, CAMELFORD is legally and ethically obliged to share information, e.g. if it is needed for a police enquiry.
|4.2||THE OLD BANK, CAMELFORD works in accordance with Safeguarding Children and Vulnerable Adults and will share information according to these policies. Any concerns regarding child or vulnerable adult protection shall be bought to the attention of management or the Children and Families specialist, for their immediate action. (See also Safeguarding Policy.)|
|4.3||The policy on confidentiality exists to protect people. In certain circumstances keeping confidentiality may result in harm to a client (or other person). Staff must bring all concerns to the Trustees for an appropriate course of action to be agreed.
|4.4||All concerns and action regarding the necessary breach of confidentiality shall be recorded.
Equality and Diversity
|We aim to be an organisation that values, recognises and responds to the diverse needs of members and those we serve. We adhere to the Equality Act 2010 and will not discriminate against any person or other organisation with particular reference to the protected characteristics.
|Monitoring and Review|
|The trustees will regularly review the operation of this policy, at least annually.
|Agreed by THE OLD BANK, CAMELFORD|
Review date: March 2018
The Old Bank, Camelford
Charity No. 1171931
Financial Controls Policy
Financial Records and Accounts
1 Financial records must be kept so that:
- The Charity meets its legal and other statutory obligations, such as any Charity Acts, Her Majesty’s Revenue & Customs and common law.
- The trustees have proper financial control of the organisation.
- The organisation meets the contractual obligations and requirements of funders.
2 The books of accounts must include:
A cashbook analysing all the transactions appearing on the bank account.
A petty cash book if cash payments are being made.
Inland Revenue deduction cards P11 (if registered for PAYE – N/A at present).
3 Accounts must be drawn up at the end of each financial year within three months of the financial year end and presented to the next Annual General Meeting.
4 Prior to the start of each financial year, the trustees will approve a budgeted income and expenditure account for the following year.
5 A report comparing actual income and expenditure with the budget should be presented to the trustees every three months or whenever meetings take place.
6 The AGM will appoint an appropriately qualified auditor to audit or examine the accounts for presentation to the next AGM.
1 The Charity will bank with the Co-operative Bank. An account will be held in the name of
The Old Bank, Camelford.
2 The bank mandate (list of people who can sign cheques on the Charity’s behalf) will always be approved and minuted by the trustees as will any changes to it.
3 The charity will require the bank to provide online statements and each month these will be printed and reconciled with the cash book.
4 The charity will not use any other bank or financial institution or use overdraft facilities or loan without the agreement of all the trustees.
All monies received will be recorded promptly and banked without delay (this includes sundry receipts such as payment for telephone calls, photocopying etc.) These records will be transferred to the cashbook and Charity will maintain files of documentation to back this up.
The aim is to ensure that all expenditure is on the Charity’s business and is properly authorised and that this can be demonstrated. The latest approved budget provides the cheque signatories with authority to spend up to the budgeted expenditure, not beyond it.
1 The Treasurer will be responsible for holding the cheque book which should be kept safe at all times.
2 Blank cheques will NEVER be signed.
3 The relevant payee’s name will always be inserted on the cheque before signature and the cheque stub will always be properly completed.
4 No cheques should be signed without original documentation (see below).
1 Every payment out of The Old Bank, Camelford’s bank account will be evidenced by an original invoice. The original invoice will be retained by the charity and filed. The cheque signatory should ensure that it is referenced with:
- Cheque number
- Date cheque drawn
- Amount of cheque
- Who signed the cheque.
2 The only exceptions to cheques not being supported by an original invoice would be for such items as advanced booking fees for a future course, deposit for a venue, etc. Here a cheque requisition form will be used and a photocopy of the cheque kept.
3 Expenses. The Charity will, if asked, reimburse expenditure paid for, providing:
- Expenditure is evidenced by original receipts.
- Car mileage is reimbursed at 30p per mile.
- No cheque signatory signs for the payment of expenses to themselves.
Cheque Signatures and cash cards
1 Each cheque will be signed by at least two people.
2 A cheque must not be signed by the person to whom it is payable. Debit card payments will be required to be authorised in advance. In special circumstances the Debit card may be used before authorisation, but other Trustees will be informed as soon as possible after the event.
- The Charity does not accept liability for any financial commitment unless properly authorised. Any orders placed or undertakings given, the financial consequences of which are likely to exceed £5.00 per item, must be authorised by the trustees. An exception to this rule is the printing costs which must not exceed £250.00 per month without the Treasurer’s approval.
- All fundraising and grant applications undertaken on behalf of the organisation will be done in the name of the Charity with the prior approval of the trustees or in urgent situations the approval of the Chairperson who will provide full details to the next trustee’s meeting.
- The Charity will adhere to good practice in relation to its finances always. For example, when
relevant it will set up and maintain a fixed asset register stating the date of purchase, cost,
serial numbers and normal location. Additionally, the Charity will maintain a property record
of items of significant value, with an appropriate record of their use.
|Reviewed by:||Signed by:||Date:|
To be reviewed January 2018