Keeping a file on me: : my rights and my data

  • What are your institution’s rules about maintaining individual and commercial confidentiality?
  • Do you make sure students and employees can find these easily on the institution’s website?
  • What is your practice about retaining discharged ‘warnings’ in employees’ files indefinitely?  Is there a regular check to make sure these have been removed?
  • Do you ensure that managers and heads of department and academic staff are aware that their emails may be disclosable to data subjects?
  • Do you have a code of conduct about sharing or forwarding emails without the knowledge of the author and ensure that managers and heads of department and academic staff are aware of it?
  • Do you always take the full forty days allowed by law to fulfil a data subject access request?

A good example of  a university Policy on Data Protection may be found at

http://www.admin.ox.ac.uk/councilsec/dp/policy.shtml

and a list of definitions of terms at

http://www.admin.ox.ac.uk/councilsec/dp/defs.shtml