Data Protection Act: University Policy, Procedures and Guidelines

Contents

1. Introduction

1.1 Background
1.2 The 8 Data Protection Principles
1.3 Definition of 'data'
1.4 University registration
1.5 Making a 'subject access request'

2. General Guidelines

2.1 Procuring personal data
2.2 Storing personal data
2.3 Disclosing personal data
   2.3.1 Employment agencies and prospective employers
   2.3.2 Departmental policies and practices
   2.3.3 Enquiries from Embassies and High Commissions
   2.3.4 Emergencies and dealings with the police
2.4 Protecting third parties
2.5 Disposal of personal data
2.6 Agendas and minutes of meetings

3. Teaching and Examining

3.1 Exam scripts and comments on scripts
3.2 Theses and dissertations
3.3 Publishing examination results
3.4 Feedback on teaching and training

4. Supplying, requesting and receiving 'confidential' references

4.1 Supplying personal references
4.2 Requesting and receiving a reference
4.3 Internal references
4.4 UCAS/Schools references
4.5 References for former students

5. Applications and Interviews

6. Photographs, Videos and Closed-Circuit Television

7. Marketing Information

8. Research involving data gathering from human participants or from records

8.1 The status of personal data processed for research purposes only
8.2 Archiving personal research data
8.3 Limiting the nature of personal data collected
8.4 Use of anonymous data
8.5 Disclosing research data
8.6 Transferring research data

9. Medical Data and Sickness Records

10. Responsibilities of staff and students

Appendix 1