Page 58 - My Clinic Employee Handbook Draft V.1
P. 58
• Obtaining, recording or keeping the data
• Collecting, organising, storing, altering or adapting the data
• Retrieving, consulting or using the data
• Disclosing the data or information by transmitting, disseminating or otherwise making it
available
• Aligning, combining, blocking, erasing or destroying the data
3.17.2 Practical Steps to Protect Data and Privacy
Data protection is everyone’s responsibility and listed below are some practical steps to protect
data and an individual’s right to privacy.
Practical steps for data protection;
• Personal information should not be deliberately or inadvertently viewed by uninvolved parties.
• Staff should operate a clear desk and counter policy at the end of each working day and when away from
the desk or the office for long periods
• Personal and sensitive records held on paper and/or on screens must be kept hidden from customers and
visitors to counters, stores and offices. Remember -
• Records (customer; client or employee files) containing personal information must never be left
unattended where they are visible or maybe accessed by unauthorised staff or members of the public.
• If computers or VDUs are left unattended, staff must ensure that no personal information may be
observed or accessed by unauthorised staff or members of the public.
• The use of secured screen savers is advised to reduce the chance of casual observation.
• Rooms, cabinets or drawers in which personal records are stored should be locked when unattended. A
record tracing system should be maintained of files removed and/or returned.
• It is important to ensure that service user and/or staff information is not discussed in inappropriate areas
where it is likely to be overheard including conversations and telephone calls.
Particular care should be taken in areas where the public may have access – for example a customer, client or
supplier’s representative allowed to wait behind the counter to meet a member of the management team.
Never leave information/data unattended in company vans or private cars
• Staff must not leave laptops/portable electronic devices and/or files containing personal
• information unattended in cars.
• All files and portable equipment must be stored securely. If files containing personal information must
be transported in a car, they should be locked securely in the boot for the minimum period necessary.
3.17.3 How long does the Company keep personal information?
The time period for which we retain information varies according to the use of that information, in some cases
there are legal requirements to keep data for a minimum period. Unless specific legal requirements dictate
otherwise, the Company will retain information no longer than is necessary for the purposes for which the data
were collected or for which they are further processed.
The following is a guideline as to how long information of certain types is kept once you are no longer an
employee of the Company;
• Terms and Conditions of Employment - 3 years
• Data Protection - 1 year
• Equality- 6 years
• Health and Safety records, accident and incident reports - 10 years
Page 57 of 75
ORC.MYC.DV1
