Personal Information Handling Policy Statement For A Managing Research And Information Task

2018 words - 9 pages

Task 2 - Personal Information Handling Policy Statement for Members of Staff OnlyPurpose & ObjectivesThis policy covers all standards and procedures consisting of 'Processing and Controlling' personal data, staff understanding their roles and responsibilities, staff training, following the Health and Safety policy during beauty treatments, monitoring and reviewing individuals and the eight data principles that governs all use of personal information which the Spa must comply unless an exemption applies.The policy helps to promote the business by attracting all types of customers in all advertising and marketing purposes, all client database is protected, making sure that each employee understands all terms and conditions of the Spa. The risk assessment carried out must ensure all products and safety procedures are used correctly within the organisation as this helps to reduce the possible chances by having to pay fines, being sued or even breaching an act under the Health and Safety at Work Act 1974 . (UK Hairdressers (2000) Health and Safety. Para. 3, pg.2).The key performance for this policy is to make sure our staff are aware about allHealth and Safety procedures, regular monitoring staff, reviewing the performance of the whole organisation and updating personal data. The Health and Safety rules are fundamental to achieve for continual improvement of the organisation and providing feedback from all customers who understand all terms of conditions of the Spa to build up an effective relationship between others (Bali Spa & Wellness (2006a) Objectives & Programs, para. 1-7 pg.1).improving staff knowledge, technical skills and professionalism when undertaking high standards of training that involves first aid training and moremonitoring all systems on a check list provided ensures controlling the correct temperatures of all facilities (e.g. saunas, steam rooms) (Bali Spa & Wellness (2006a) para. 1-7 pg.1)Data Protection Act (1998) and DefinitionsThe purpose of the Data Protection Act (1998) is to protect the rights and privacy of all individuals and to ensure that data about individuals are not processed without their knowledge and are processed with their consent whereas possible (http://www.soas.ac.uk/infocomp/dpa/policy/overview/ pg.1). The act also covers personal data stored electronically on a database with all client confidential details. The Data Protection Act 1998 has been replaced by DPA 1984 which officially came in the legislation on the 1st March 2000. This act applies on processing personal information manually on paper records and storing personal data electronically on the system (Fda Managing Research Information - DPA Handout (pdf) pg.1).This legislation sets out requirements and rules for processing data. The key terms are written in bold text. These are:'Personal Data' is information about individuals stored manually on paper records, the same use as they are stored electronically on computer systems. 'Data Subject' is the main person of the personal data.Those who decide how and why the personal data is stored and processed are the 'data controllers'. Data controllers must comply with good information handling which are outlined in the eight 'data protection principles'.Personal data covers both facts and opinions about an individual. This includes information about the intentions of the data controller towards the individual. (University of London (2008) para.1 pg. 1)'Processing' means obtaining, holding and disclosing personal data. Processing data is necessary for the performance of a contract with the individual and to protect the information (Fda Managing Research Information - DPA Handout (pdf) pg. 2). Data Protection Principles 1. Processed fairly and lawfully - Processing data depends on how efficient the business is and how you should store the information by law and accurately. 2. Held and used only for specified and lawful purposes - Data must be used for business purposes unless this is done with the consent of the data subject. 3. Adequate, relevant and not excessive - When booking treatments as packages, family names will be only processed into one data only or separate if it is relevant and to those who have paid their balances and deposits. 4. Accurate - The spa must ensure that all personal data is up-to-date by the customers to help reduce errors and legally inform the client about the changes made. The possible checks can be made such as pilot testing, validation checks (restricting the minimum characters and the order the data should be in, verification check (verifying the password) 5. Not to be kept for any longer than necessary - Organisations must ensure that personal data are not kept for longer than that is required. 6. Processed in accordance with the rights of the individual (the data subject) - Organisations will ensure that personal data are processed under the DPA. This includes one of the rights to prevent processing for the purpose of direct marketing and suing for compensation if it has caused or suffered any damage through contravention of the Act. 7. Data user shall keep the information secure - When processing data on the system, each individual data must be secure to prevent any loss or damage and access to all personal data must be restricted. 8. Not be transferred to countries without adequate data protection - Personal data must not be sent outside of any countries providing given consent by the individual unless this will be transferred under the DPA to the Information Commissioner. (FdA Managing Research Information lecture notes, 2011) (University of London (2008) para.1-8 pg.3). Rights of Data Subjects are: 1. Access to data - This allows all individuals to access information about themselves on the system and some paper records. 2. Prevent processing likely to cause damage or distress (and to take action in event of some) - If data has been processed without the customers consent then the customer has the right to complain to the company. 3. Prevent processing for direct marketing - A data subject has the right to ask the data controller to stop or not to begin processing data about themselves for direct marketing purposes. 4. To prevent purely automated decision taking - The spa should set clear policies, share responsibilities between staff and must change passwords often. 5. Right to compensation for inaccuracy of data / loss or destruction of disclosure of data to unauthorised people - Compensation can be claimed by the data subject from a data controller for any damage or distress caused by the breach of the act. 6. Right to get inaccuracies put right and sometimes to have it erased - This allows the individual to take action on the organisation if data has inaccurate information and this may be destroyed by applying to the Court to take action. (FdA Managing Research Information lecture notes, 2011) (Fda Managing Research Information - DPA Handout (pdf) pg. 4).Roles and ResponsibilitiesThe job roles and their responsibilities within the Organisation of the Spa are: - Data Controller: Within the Spa organisation, data controllers have a responsibility under the DPA (1998) to ensure that they hold appropriate and sufficient security on personal data of customers and staff as much as they can. If the Data Controller breaches this policy in loss, damage or corruption of any personal data, the Commissioner Officer would face penalties by the Manager. - Manager: The important part of being a spa manager is selecting the right candidates for the organisation. They would take a lot of time dealing with the whole of the organisation e.g. advertising, staff rota, health and safety, meetings etc. It is up to the manager whether the role of a member of staff face penalties depending what has been occurred (The Good Spa Guide (2002) para.3 pg.1). - Administration Staff: Within the Spa Organisation, administrative takes on the role of office support activities on behalf of the manager. In absence of the Spa Manager, maintain the procedures manually to ensure the day-to-day running of the spa is running efficiently e.g. handling all inquiries, arranging call-backs, supervise all the staff, booking in clients. In appropriate usage would give the administrative a dismissal. - Treatment Staff: Providing a pleasant atmosphere, excellent knowledge on retail products to all clients, making sure all treatments are carried out effectively and booking in clients accurately. If any breach is made regards to inaccurate data or insufficient customer service, a verbal warning may be given or the preventing any damage can persist to suing the employee.Standards and ProceduresAll legal rules will stay the same online and face-to-face, making sure the business does not overstep federal and state statutes and regulations which therefore makes them (the business) legally binding on all customers (Steingold. F, 2011 pg.325). To check how well the business is going, summarising a report shows the difference between products and services including costs and total spending's (view Appendix 6). The report will show how well the Spa is doing including all top services and the services that may need to be improved. The business can be monitored and reviewed annually to check on the performance. When customers are booking in for their treatments, the main details will be processed on the system in the customer booking form (view Appendix 3). All customers name and full address, treatment, dates and payment is electronically transferred on the system and to secure the data this should be protected with a password to ensure any loss or damage. As staff access information in the database, the system will be monitored and recorded on a day-to-day basis by the manager. Making regular checks on the data, customers can be contacted via email or letters to confirm their details and if any details are changed, they should contact the Spa to avoid any errors, as this is the responsibility of the customer (view Appendix 5). Staff will be trained once or twice a week to update their knowledge and skills by guest speakers from professional spas and bodies including the manager just to gear the staff to strive for excellence and business. Customer's data will be kept on the database for as long as is necessary.ReferencesBali Spa & Wellness (2006a) Objectives & Programs http://www.balispawellness-association.org/objectives-programs.html - accessed 10/11/11 [i.p. 1]FdA Managing Research Information - DPA Handout (pdf) Semester 1 [i.p. 2 - 3]FdA Managing Research Information lecture notes, Semester 1 2011 (24/10/11) [i.p. 3 - 5]Steingold, F (2011) Legal Guide for Starting & Running a Small Business [i.p. 6]The Good Spa Guide (2002) Working in the Spa Industry http://www.goodspaguide.co.uk/questions/Working-in-the-spa-industry/116-What-is-the-role-of-a-spa-manager.cfm - accessed 10/11/11 [i.p. 6]Turn 2 Us (2009) The Data Protection Act (DPA) 1998 - Definitions http://www.turn2us.org.uk/confidentiality__privacy/data_protection_policy.aspx - accessed 10/11/11 [i.p. 3]UK Hairdressers (2000) Health and Safety. http://www.ukhairdressers.com/starting%20your%20own%20salon/Health%20and%20Safety.asp - accessed 10/11/11 [i.p. 1 - 2]University of London (2008) Data Protection Policy: Overview of the Data Protection Act 1998 http://www.soas.ac.uk/infocomp/dpa/policy/overview - accessed 10/11/11 [i.p. 2 - 3]

RELATED

HHS Privacy Policy: Personal Health Information - Health Science- UWO - Assignment

1357 words - 6 pages hospital visits are also collected. Why does the hospital need this information? We use and disclose your PHI to: • Treat and care for you • Get payment for treatment and care from OHIP,WSIB • Plan, administer and manage our internal operations • Conduct risk management activities • Conduct quality improvement activities • Compile statistics • Fundraise to improve our health care service and programs • Conduct research • Teach • Notify a

Analyse And Present Research Information - An Investigative Report On Training And Development In A Catholic College

4418 words - 18 pages Free aspirations of the diocesan Vision Statement..." and appears to cover a range of contempory issues, as "...schools select courses and in-services from the program which meet current needs" and are "congruent with the schools Personal Development Program" (Ibid, pii)The courses offered are categorized in terms of who they are aimed at, for example. Primary, Secondary, Religious, IT, Leadership, Personnel (orientation), School Review Development

Management Information System For Clinic

4228 words - 17 pages system for the patients' basic information and previous medical history. Furthermore, even though the employees are computer literate, they have become 'too comfortable' with the current system and there is lack of willingness for change. This could pose as problem for the company advancement since the digital trend has become more prevalent in the current years. Until this point, we haveIn terms of opportunities and threat, there is a potential

Research information assessment - Cibt - assignment

1389 words - 6 pages Analyse and present research information Table of Contents Introduction 1 Research objectives 1 Legislation 1 Company policy and procedures 1 Online sources 1 Provide evidence for the investigation 1 Gathered information for problem analysis, interpretation and dissemination 1 Used a range of business technology to gather, collate and analyse information 1 Modified, maintained or stored the information that is relevant to the 1 Introduction

Blockchain Information -- Research Paper - Miami Dade - Research

1309 words - 6 pages exchange money or other values in a transparent, secure and trustable way (as described above, where the information goes from node to node using the proof of concept to validate the flow). As the intermediaries’ oversight and intervention get minimized, the costs related to them also reduce, and in some cases they even get eliminated. Prableen Bajpai, founder and managing partner of FinFix Research and Analytics, wrote for Nasdaq, in June 2017, that

Managing organizations and leading people - WGU C200 Task 1 - Essay

2847 words - 12 pages . Negative habits and traits are often past down from manager to manager. Providing increased opportunities for leadership development starting at the base of the organization would help improve the overall culture of management at the facility. Improving employee engagement and involvement is another opportunity for Hospital A. Research shows that employees that are engaged and feel connected to their employers often perform at a higher than expected

A Guide To Accuracy Of Information

1496 words - 6 pages Free & not influence, making them accurate & reliablePersonal primary sources-Include-- private diaries- personal lettersthis type of source is amongst most reliable evidenceContains information that is not meant for publication. These sources must be considered within their context- A person may not be honest in a letter to a friend ie. Letter to family from soldier may be deliberately played with (censorship).Secondary sources

information and/or problems of teen pregnancy - English or psychology - research paper

526 words - 3 pages Free they are less likely to be physically developed enough to sustain a healthy pregnancy or to give birth. For girls aged 15–19 risks are associated more with socioeconomic factors than with the biological effects of age. Risks of low birth weight, premature labor, anemia, and pre-eclampsia are connected to the biological age, being observed in teen births even after controlling for other risk factors (such as accessing prenatal care etc.) When

Information Technology In Banking And Financial Institutions

1614 words - 7 pages both the leading bank branches in Malta. They seem to be competing by offering new I.T. bank services. For example Bank of Valletta started using mobile banking while HSBC are launching this service in March 2005. Mobile and wireless technology enable banks to satisfy clients who demand real-time information and mobile payment accessibility for example buying top-up cards for your mobile. To access mobile banking you will need a WAP-enabled mobile

computer hardware for information technology & computer science - Information technology level 2 - code

847 words - 4 pages FIVE MAJOR COMPUTER COMPONENTS 1. MOTHERBOARD 2. CPU(CENTRAL PROCESSING UNITS) 3. POWER SUPPLY UNIT 4. RAM(RANDOM ACCESS MEMORY) 5. HARD DRIVE 1. MOTHERBOARD CLASSIFICATION OR TYPE · Hardware · Integrated and non-integrated FUNCTION · The basic function for which a motherboard is used in a computer is that it holds the important electronic components of the system including the memory and central processing unit and helps in establishing some

cambridge halls and houses price - information - price

735 words - 3 pages Cambridge halls and houses - January 2019 intake (this document is for guidance only and is subject to change) All content is subject to change The Railyard Off-campus Peter Taylor House On-campus Swinhoe Hall On-campus Anastasia House Opposite campus Collier Rd houses* Adjacent to campus University houses Off-campus YMCA Off-campus Sedley Court Off-campus Harston House** Off-campus Cost per week £175.08 £141.96 Standard: £128.73 Large: £137.62

personal statement for all english classes - eshs english 12 - essay

814 words - 4 pages global economy operates. Moreover, I have done several research projects independently, carrying out comprehensive research using both quantitative and qualitative techniques, to work effectively on group projects and to make comprehensible presentations as well as logical corporate reports. Hence, I believe that all these skills provide an exceptional base for both future employment and a postgraduate degree. For my final year dissertation, it

The Facebook Data Leak and is it okay for Companies to Sell our Data? - Management Information Systems - Essay

2444 words - 10 pages Free various peer-reviewed sources to determine the best answer to my research question and support my hypothesis. Review of the Literature The first source I read was an article on the upsides of data privacy. This helps to explain how user privacy would be a good thing and something we should strive for as users. This article uses information derived from research literature to discuss how companies who value their customer relationships should

Information on three mile island - APUSH - Research Paper

1921 words - 8 pages of a President - 5 men attempted to wiretap headquarters of the Democratic National Committee - Masterminds were working for Nixon’s Committee - Marked wider campaign of dirty tricks and pattern of abuse by white house obsessed with enemies - Paid off burglars to not talks and instructed CIA to stop investigating obstructing Justice - VP Ford became president after Senate implicated Nixon and he pardoned him - Congress passed laws against Nixon

information technology management - create a hypothetical business - project

696 words - 3 pages Information Technology Management (ITM 211) Guidelines for the group project The purpose of this project is to test the students’ understanding of the material covered in ITM 211. Hence, students are asked to show how the material and concepts discussed in this course relate and can be applied in a practical manner and real life situations. As such, each group will be required to develop a hypothetical business and incorporate all applicable