Page 61 - DIFC EHB 1218 V.1
P. 61

7.2 PRACTICAL STEPS TO PROTECT DATA AND PRIVACY


                       Data protection is everyone’s responsibility and listed below are some practical steps to
                       protect data and an individual’s right to privacy.



               Practical steps for data protection;
               •  Personal information should not be deliberately or inadvertently viewed by uninvolved parties.
               •  Staff should operate a clear desk and counter policy at the end of each working day and when
                   away from the desk or the office for long periods
               •  Personal  and  sensitive  records  held  on  paper  and/or  on  screens  must  be  kept  hidden  from
                   customers and visitors to counters, offices and offices. Remember -
               •  Records (customer; client or employee files) containing personal information must never be left
                   unattended where they are visible or maybe accessed by unauthorised staff or members of the
                   public.
               •  If computers or VDU’s are left unattended, staff must ensure that no personal information may
                   be observed or accessed by unauthorised staff or members of the public.
               •  The use of secured screen savers is advised to reduce the chance of casual observation.
               •  Rooms,  cabinets  or  drawers  in  which  personal  records  are  stored  should  be  locked  when
                   unattended. A record tracing system should be maintained of files removed and/or returned.
               •  It  is  important  to  ensure  that  service  user  and/or  staff  information  is  not  discussed  in
                   inappropriate areas where it is likely to be overheard including conversations and telephone calls.

               Never leave information/data unattended in company vans or private cars

                   •  Staff must not leave laptops/portable electronic devices and/or files containing personal
                   •  information unattended in cars.
                   •  All  files  and  portable  equipment  must  be  stored  securely.  If  files  containing  personal
                       information must be transported in a car, they should be locked securely in the boot for the
                       minimum period necessary.
               7.2.1 How long does the Company keep personal information?
               The time period for which we retain information varies according to the use of that information, in
               some cases there are legal requirements to keep data for a minimum period. Unless specific legal
               requirements dictate otherwise, the Company will retain information no longer than is necessary for
               the purposes for which the data were collected or for which they are further processed.

               The following is a guideline as to how long information of certain types is kept once you are no longer
               an employee of the Company;

                          •  Terms and Conditions of Employment - 3 years
                          •  Data Protection - 1 year
                          •  Equality- 6 years
                          •  Health and Safety records, accident and incident reports - 10 years
                          •  Leave of Absence - 8 years
                          •  Termination of Employment - 3 years
                          •  Transfer of Undertakings - 1 year



                                                                                             Page 60 of 66
   56   57   58   59   60   61   62   63   64   65   66