eye icon Images
Map of South London CVS Partnership link to Community Links Bromley Link to Croydon Voluntary Action Link to Richmond Council for Voluntary Service Link to Kingston Voluntary Action Link to Sutton Centre for Voluntary Service Link to Merton Voluntary Service Council
Partnership Map
partnership icon

Data protection policy

Policy Statement | Legal Requirements | Managing Data Protection | Data Protection Principles | Sensitive Data | Disclosure Requests | Employee/Volunteer Monitoring | Records | Exemptions

1. Policy Statement

Richmond Council for Voluntary Service (RCVS) is fully aware of the legal requirements for the storage and management of data (both manual and computerised) and adheres rigorously to all legislation principles.

2. Legal Requirements

Data is protected by two Acts:

  • The Data Protection Act 1984 (for electronic information)
  • The Data Protection Act 1998 (the 1984 Act extended to include manual records

The requirements of the 1998 Act came into force on 1 March 2000, extending the definition of ‘data’ to cover manual filing - systems structured by reference to individuals and readily accessible, for example card indexes and microfiches.

The Act requires employers to register the fact that they hold personal data and to acknowledge the right of ‘subject access’ - employees and volunteers must have the right to copies of their own data.

3. Managing Data Protection

The Information Manager will ensure that the business is either exempt from the requirement to notify or has a valid entry in the register kept by the Data Protection Commissioner.

4. Data Protection Principles

The Data Protection Act lists eight main principles relating to the processing of personal data. Any personal data held on an employee’s or volunteer’s personal file - or any associated file or computerised record - must therefore:

  • be obtained fairly and lawfully with the subject’s full consent
  • not be held on file other than for legitimate purposes or be used for any other purpose
  • be adequate, relevant and not excessive in relation to the purpose or purposes for which it is kept
  • be accurate and, where necessary, kept up to date
  • not be kept for longer than is absolutely necessary
  • be held in compliance with an employee’s or volunteer’s rights of access to personal data
  • not be processed in a way calculated or likely to cause damage or distress to an employee or volunteer
  • be corrected, erased or destroyed if inaccurate or no longer relevant
  • be protected by the best available means against unauthorised access or disclosure, against accidental loss, damage or destruction and treated as confidential by the staff members to whom it is entrusted
  • not be transferred to any country or territory (e.g. to a parent or controlling company) outside the European Economic Areas where data protection laws may be inadequate. Exceptions are where the employee or volunteer agrees otherwise or where the transfer is necessary for employment purposes, such as a proposed transfer or secondment overseas

5. Sensitive Data

Where personal data is considered ‘sensitive’ it must only be processed with the explicit consent of the subject, or where there is a legal requirement. Whilst it is accepted that data of this nature may sometimes be used for monitoring purposes, strict safeguards will always be in place to ensure that individuals cannot be identified.

Sensitive Personal Data is defined under the Act as information relating to:

  • racial or ethnic origin
  • political opinion
  • religious or spritual beliefs
  • trade union membership
  • physical and mental health
  • sexual orientation
  • commitment (or alleged commitment) of any offence
  • outcomes of proceedings for any offence committed (or allegedly committed), the disposal of the proceedings or the sentence of the court

6. Disclosure Requests

Richmond Council for Voluntary Service has a responsibility to its employees/volunteers to be cautious about any external requests for information about them. The Data Protection Act does not require positive responses to such requests. Occasionally, other legal duties may mean that there is no choice but to respond. In some cases the Data Protection Act will not stand in the way of disclosure but the choice will ultimately be one for Richmond Council for Voluntary Service to make. In other cases compliance with the Data Protection Act will be a barrier to disclosure.

If Richmond Council for Voluntary Service receive requests for information from, for example, debt collectors, Inland Revenue or other parties a response will not be made to any such telephone requests. To be consistent and to ensure the validity of the caller Richmond Council for Voluntary Service will always ask for such requests in writing on the appropriate headed paper. Exceptionally, it may be appropriate to respond to a caller, but checks must be taken such as calling them back on a known number.

Employees/volunteers will be informed of any disclosures made, unless Richmond Council for Voluntary Service is prevented from doing so by law, for instance if informing the employee/volunteer would constitute a ‘tip off’ prejudicing the outcome of any investigation. All requests for information and the responses given will be kept in an appropriate place – preferably the personal file. Should verbal requests have been answered a record of the request and the response given will be noted and retained on file.

Staff should note that it is a criminal offence to knowingly or recklessly disclose information about employees/volunteers without the employer’s consent.

When an employee/volunteer leaves they will be kept informed about how requests for information in the future will be dealt with. It is recommended that their consent be obtained when they leave to enable responses to references to be made when required rather than have to obtain their consent at some time in the future.

7. Employee/Volunteer Monitoring

Monitoring of work to check on the quantity and quality of work produced is a recognised component of the employer and employee/volunteer relationship. Staff/volunteers will understand that their work is to be monitored from Day One of employment. Such information will usually be discussed during Induction and/or support and supervision sessions.

Other forms of monitoring are generally conducted to check on the staff/volunteers conformity with Richmond Council for Voluntary Service rules and standards of conduct. Should such monitoring by necessary staff/volunteers will be advised that this is the case. Other powers for monitoring are dealt with under the Regulation of Investigatory Powers Act 2000 (RIPA).

8. Records

Richmond CVS will retain records as required by law, the basic guidelines are:

Application form - Duration of employment
References received - 1 year
Payroll and tax information - 6 years
Sickness records - 3 years
Annual leave records - 2 years
Unpaid leave/special leave records - 3 years
Annual appraisal/assessment records - 5 years
Records relating to promotion, transfer, training, disciplinary matters - 1 year from end of employment
References given/information to enable reference to be provided - 5 years from reference/ end of employment
Summary of record of service eg name, position held, dates of employment - 10 years from end of employment
Records relating to accident or injury at work - 12 years

9. Exemptions

download moviesdvd downloadcamel tobaccodownload mp3download mp3 online

There are a number of exemptions from the subject access provisions including employment references supplied in confidence and for records of the intentions of the data controller in relation to any negotiations with the data subject (e.g. pay increases or promotion). However, the previous exemptions for payroll and pensions no longer apply; such information is now treated in the same way as other personal data.

"back to top