Data Protection Policy
NATIONAL ASSOCIATION OF MUSIC EDUCATORS (NAME)
DATA PROTECTION POLICY
1. The Policy
NAME collects and uses certain types of personal information about members, freelance workers and other individuals who come into contact with the Association in the course of fulfilling its aim of developing high quality music education accessible to all.
This policy is intended to ensure that personal information must be dealt with properly and securely and in accordance with the Data Protection Act 1998 and other related legislation. It will apply to information regardless of the way it is used, recorded and stored and whether it is held in paper files or electronically.
2. Data Protection Principles
The Eight Data Protection Principles as laid down in the 1998 Data Protection Act must be followed at all times:
2.1. Data must be processed fairly and lawfully.
2.2. Personal data shall be obtained only for one or more specific and lawful purposes.
2.3. Personal data shall be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
2.4. Personal data shall be accurate and where necessary kept up to date.
2.5. Personal data processed for any purposes(s) shall not be kept for longer than is necessary for that purpose.
2.6. Personal data shall be processed in accordance with the rights of data subjects under the 1998 Data Protection Act.
2.7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damanage, personal data.
2.8. Personal data shall not be transferred to a country outside the EEA, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
NAME is committed to maintaining those principles at all times.
This means NAME will:
• Indicate to the data subject for what purposes the collected information will be used.
• If information is to be shared, indicate to the data subject why, with whom and under what circumstances.
• Check the quality and accuracy of the information held.
• Apply records management policies and procedures to ensure information is not held longer than is necessary.
• Ensure that when information is authorised for disposal it is done appropriately.
• Ensure appropriate security measures to safeguard personal information, whether that is held in paper files or on NAME’s computer system.
• Share personal information with others, when it is necessary and legally appropriate to do so.
• Set out clear procedures for responding to requests for access to personal information (referred to as subject access in the Data Protection Act).
• Where appropriate train freelance workers and officers so they are aware of NAME’s policies and procedures. This policy will be updated as necessary to reflect best practice or amendments made to the Data protection Act 1998.
3. Complaints
Complaints under this policy should be made to NAME Chair.
4. Contacts
Concerns or questions in relation to this policy should be addressed to the NAME Administrator, who will also act as the contact point for any requests under the Data Protection Act.
Appendix
1. Procedures for Managing NAME Database
1.1. The NAME Database records details of current and past members. It is stored on the NAME Business Manager’s and NAME Administrative Assistant’s individual computer systems.
1.2. The database is updated every week by NAME’s Administrative Assistant, who forwards an abstract of the updated version to the NAME Business Manager. This abstract comprises members’ contact information and excludes their bank details. Every month the Administrative Assistant delivers to the NAME Business Manager a back-up copy of the complete up-to-date database.
1.3. Contact details for terminated members will be maintained on the database but their bank details
will be removed. No information about any terminated member will be released to a third party.
1.4. At regular intervals the NAME Administrative Assistant forwards a relevant abstract of updated databases of current NAME members to each regional representative and focus group chair. This abstract comprises only members’ contact information. She will remind recipients that they must treat the information as confidential and not pass it on to any third party.
1.5. Names of members who have signed data protection declarations (either hard copy or online) are listed in and can be contacted direct through the members-only section of the NAME website
1.6. The Business Manager and Administrative Assistant will ensure database files are password protected.
1.7. Members will asked if they agree to their details being included in lists supplied on request to full corporate members of NAME.
2. Procedures for Responding to Requests for Personal Information in Accordance with the Data Protection Act (1998)
2.1. Anybody who makes a request to see their file or other personal data held on them is making a request under the Data Protection Act 1998. All information should be considered for disclosure.
2.2. Dealing with a Data Protection Request
• A request under the Data Protection Act must be made in writing.
• Requests should be addressed to the NAME Business Manager.
• The NAME Business Manager must be confident of the identity of the individual making the request.
• An individual only has the automatic right to access information about themselves.
• NAME will make use of exemptions under the Act, as appropriate.
• The applicant should be told the data that NAME holds, be given a copy of the data, be told the purposes for which it is processed and whether it has been shared with any other party.
• Where all the data in a document cannot be disclosed, a permanent copy should be made and the data obscured or parts of the data retyped if this is more sensible. A copy of the full document (before obscuring) and the altered document should be retained together with an explanation as to why the document was altered.
• The means of providing the information requested will be subject to negotiation. Any codes, technical terms or abbreviations should be explained to the enquirer and any data difficult to read or illegible should be retyped.
• NAME will monitor the number of requests received and document how they are dealt with.
• The Act applies only to living individuals.
3. Complaints
Complaints about the operation of these procedures should be made to NAME Chair.
4. Contacts
Concerns or questions relating to these procedures should be addressed to the NAME Business Manager.
Approved by NAME Directors
16 May 2007
Updated by HF 8.12.08
Updated by HF 4.3.10
Updated by HF 26.5.10
Regions
Select a region
NAME Region: East Midlands
Covers:- Derbyshire, Leicestershire, Lincolnshire, Northamptonshire, Nottinghamshire and Rutland
Anthony Anderson
NAME Region: North West
Covers:- Cumbria, Lancashire, Greater Manchester, Merseyside, Cheshire
Catherine Preston
NAME Region: London
Covers:- Inner and Greater London boroughs
Emily Keeler
NAME Region: South West
Covers:- Bournemouth, Dorset & Poole, Cornwall & the Isles of Scilly, Devon, Gloucestershire, Somerset, West of England, Wiltshire & Swindon
Christine Wright
NAME Region: Yorkshire the Humber
Covers:- North Yorkshire, South Yorkshire, West Yorkshire, Humberside
Tim Brooks
NAME Region: West Midlands
Covers:- Shropshire, Staffordshire, Warwickshire and Worcestershire; the unitary authorities of Herefordshire, Stoke-on-Trent and Telford and Wrekin; and the seven metropolitan districts of Birmingham, Coventry, Dudley, Sandwell, Solihull, Walsall and Wolverhampton
Keith Stubbs
NAME Region: South East
Covers:- Berkshire, Buckinghamshire, East Sussex, Hampshire, the Isle of Wight, Kent, Oxfordshire, Surrey and West Sussex
Carolyn Cooke
NAME Region: North East
Covers:- Northumberland, Tyne & Wear, County Durham, Tees Valley
Jane Lindenberg
