The Care Leavers’ Association takes seriously its obligations under the Data Protection Act 1998. We hold data for the purposes of staff administration, membership administration, fundraising and realising our charitable objectives. Personal data is defined as information about a living individual who is identifiable by that information, or who could be identified by the information combined with other data; it includes recorded opinion about, or intentions regarding, a person. The data falls into two main categories:-

(a) staff data
(b) external data

(a) Staff Data

What

Various data is or will be held on staff members, relating to their employment with the Care Leavers’ Association This data will cover all aspects of recruitment, selection and employment such as the job application form, interview assessments, references, probationary and annual reviews and supervisions, bank details and national insurance number, details of any deductions from pay (e.g. to the courts…or to trade unions), sick notes and medical assessments, details of grievance and disciplinary proceedings including current warnings, reference requests, etc. Much of this data is, by its nature, highly personal and the Care Leavers Association recognizes that it is its duty to safeguard the data by all possible means, and to notify staff about what is kept and why, along with information on how the data can be accessed and by whom.

Why

The data kept on staff is exclusively in relation to their employment with the Care Leavers’ Association; no unrelated data will be kept. The data that is kept will be used for the purpose of administering and managing the employment of the staff member(s).

Where

All personal data is kept in personnel files in the head office and these are locked. Any line managers will also keep staff files covering supervision sessions, plus any job-related information necessary for management. Again, these are kept locked. Computer files (e.g. supervision records,) are passworded and secured.

Whom

Access to staff data is restricted to Management at the appropriate level, to Payroll staff for any issues specifically relating to pay and to Directors. Staff are entitled to see their own personnel files; to do so, they should arrange a mutually convenient time with their line manager.

I.T.

Personal Data held on computers (including files, emails, databases, etc) and personal data downloaded from the web or posted on the web are subject to the same control and restrictions as paper-based data. Staff must take particular care when using any personal data in these contexts. Staff should be aware that the Care Leavers’ Association may monitor use of the internet and/or emails.

Staff Obligations

All staff and Directors of the Association are responsible for ensuring their compliance with this policy – for example, by keeping data they hold both up-to-date and secure (files should be kept locked up and computers should be passworded), by not disclosing personal information or transferring it outside the organization, and by taking particular care when using laptops, etc, in other locations (password protection is essential, and personal information may not be shared; neither screens nor paper files should be left unattended at any time). All data kept must be accurate, current, fair, kept and disposed of safely. Misuse of personal data is a disciplinary offence, and may even constitute a criminal offence.

References

References may be given by line managers at the Care Leavers’ Association. Particular care must be taken when providing references, either employment-related or personal. Information relating to personal data (e.g. attendance records, discipline, etc) must not be provided without the express written consent of the data subject.

Data Storage Time

There are various statutory requirements regarding how long some types of data must be kept: for example, any data relating to health and safety (particularly if this is linked to staff records) must be kept for 40 years. Financial records have varying archive periods, usually of 6 years. Recruitment records are usually kept for 1 year and staff records for 7 years. Archived records must be kept in a locked form of storage at all times.

(b) External Data

The Care Leavers’ Association recognizes its duty to safeguard the data it holds on external groups and individuals. To this end, we have arranged secure storage systems for current data, including locked/passworded storage, and locked archive facilities.