PPS Information Charter v2.2
PPS Information Charter
Data Protection Policy statement v2.03
From: IAN HEARST
PPS Information Risk Owner
To: All Staff
Office Notice 12/08: PPS DATA PROTECTION POLICY STATEMENT
The PPS Data Protection Policy statement has now been published. A copy is attached.
- The Data Protection Policy Statement is a key step towards PPS compliance with the Data Protection Act 1998 and towards meeting PPS’s responsibilities as a Data controller under that Act. It has been approved by the Director who has asked that it should be read by every member of PPS staff. Please, therefore, ensure that you acknowledge receipt of this e-mail by 28 November.
- The Data Protection policy statement must be read in conjunction with the PPS “Use of ICT” policy and the PPS Security Guidance, which will be issued soon.
Why do we need a Data Protection Policy Statement?
- The Data Protection Act 1998 requires all organisations holding data about individuals (“personal data”) to comply with some key principles covering the use, privacy and disclosure of that data. Loss, compromise or misuse of personal data could be a breach of the Data Protection Act, which is a criminal offence. Loss, compromise or misuse will also result in serious and unacceptable damage to PPS’s reputation. PPS must take steps to demonstrate that it is complying with the Act and working to eliminate the risk of loss or compromise of information.
Personal Data Held by PPS
- PPS holds significant amounts of personal data about victims, witnesses, defendants, legal representatives, contractors and, of course, our own staff. As an organisation, PPS has a duty to safeguard that data to avoid any compromise of privacy or an individual’s safety.
- Every member of staff in PPS who has access to personal data also has an individual duty to ensure that it is only used for work-related purposes, is kept safely, is not misused or accessed for unauthorised reasons and is not disclosed to unauthorised people.
- The Data Protection policy statement says what PPS will do to become compliant with the Data Protection Act and its principles and how it will meet its responsibilities as a Data Controller. It will be followed up with detailed guidance and with awareness sessions so that anyone in PPS who handles personal data knows what they have to do on a day to day basis to meet the requirements of the Act.
- The Data Protection Policy statement has also been added to the PPS website so that it is accessible to those whose data we hold and to our Criminal Justice partners.
- A number of hard copies will be made available to Assistant Directors for distribution to local partners.
- If you have any queries about data protection generally or about specific data handling issues in PPS, please contact the Data Protection and Security Team in Corporate Services on the following email address: firstname.lastname@example.org.