Policy Title:Policy on Disclosure of Information

POLICY TITLE:POLICY ON DISCLOSURE OF INFORMATION

APPROVED BY: Remuneration and Organisational Development Committee / AUTHOR: Tracey Croft
POLICY OWNER: Tracey Croft / POSITION: HR Director / VERSION: 8
LAST UP-DATED: February 2016 / REVIEW DATE:January2019
IMPACT ASSESSMENT
DATE: February 2016

1. / PURPOSE
1.1 / The Data Protection Act 1998 provides individuals (data subjects) with a greater degree of control over the parties to whom their personal data is released. The College must therefore ensure that personal data held on staff, students, volunteers, governors or other individuals is not disclosed to unauthorised third parties.
1.2 / Access to information can also improve public confidence and trust if government and public sector bodies are seen as being open. The Freedom of Information Act therefore places certain obligations on the College, as a public sector body, to share information about its activities unless there are good reasons not to do so.
2. / SCOPE
2.2 / This policy provides instructions to staff on how information, including personal information should be handled and the circumstances under which it may be disclosed outside the College. It applies to all staff, volunteers, governors, contractors and any other parties who at any time have access to the College’s information.
2.3 / It will also assist individuals when making requests under the Freedom of Information Act, providing guidance as to what information is publically available and the procedure to access this.
2.4 / This policy should be read in conjunction with the College's Data Protection Policy, Policy on References (staff) and Archive and Retention Guidelines.
3 / DEFINITIONS
3.1 / Data subject means an individual who is the subject of personal data
3.2 / Personal data means data which relates to a living individual who can
be identified and can include any expression of opinion about the
Individual.
3.3 / Sensitive personal dataincludes information about:

racial or ethnic origins;
political opinions;
religious beliefs;
trade union membership (or non-membership);
physical or mental health or condition;
sex life or sexual orientation;
criminal (or alleged criminal) activities; or
criminal proceedings, criminal convictions (or any sentences imposed by the courts).

4 / FREEDOM OF INFORMATION
4.1 / Runshaw College will follow the Model Publication Scheme for Further Education in England, Wales and Northern Ireland, as acceptable to the Information Commissioner, in order to comply with the Freedom of Information Act 2000.
4.2 / The College’s publication scheme, as detailed in Appendix 1, is available on the College’s website at is a guide to information routinely published by the College.
The Model Publication Scheme consists of the following sections:
- Who we are and what we do - What we spend and how we spend it - What our priorities are and how we are doing - How we make decisions - Our policies and procedures - Lists and registers - The services we offer
4.3 / The Information Commissioner’s Office, the independent body who oversees the Freedom of Information Act, would expect the College to make certain information available unless:
-we do not hold the information
-the information is exempt under one of the Freedom of Information exemptions or Environmental Information Regulations (EIRs) exceptions, or its release is prohibited under another statute
-the information is archived, out of date or otherwise inaccessible; or, it would be impractical or resource-intensive to prepare the material for routine release.
4.4 / Freedom of Information requests for information that is routinely available are likely to be free of charge as it is envisaged that the cost in providing the information will be less than £450 as prescribed in legislation. If it becomes evident that the cost of retrieving information is likely to be above £450, the College will notify the individual of the fees and ascertain whether they wish to proceed or consider refining their request.
4.5 / Many of the routinely published documents are available for free download from the College website ( Where hard copies are required, the College reserves the right to make a small charge to cover costs such as photocopying and postage.
4.6 / Requests for information that is not routinely available should be made in writing to the Data Protection Officer, Runshaw College, Langdale Road, Leyland, Lancashire. PR25 3DQ or by e-mail: is generally expected that the College will respond within 20 working days.
4.7 / In the event an employeereceives a request under the Freedom of Information Act, the date received should be recorded and thenforwarded promptly to the Data Protection Officer for consideration. Under no circumstances should a member of staff respond to such a request directly.
5 / OBTAINING CONSENT
5.1 / Learners will be requested to disclose relevant personal information at application, enrolment and at initial interview. Ongoing opportunities will be available for further disclosure before activities such as trips, visits, work experience and examinations.
5.2 / On appointment, staff will provide their consent to process their personal information for employment purposes as part of their contract of employment.
5.3 / In all situations where personal data is being collected, information will be provided to ensure that meaningful consent is obtained.
6 / DISCLOSING PERSONAL DATA
6.1
6.1.1 / Legitimate disclosure
Personal data may be legitimately disclosed only where specific conditions or exemptions as set out in the Data Protection Act apply. In summary these include:

where the individual has given their consent;
where the disclosure is in the legitimate interests of the College, e.g. disclosures to staff (see 6.3 requests for information within the College);
where the College is legally obliged to disclose the data, e.g. disclosures to the Skills Funding Agency;
where the disclosure of data is required for the performance of a contract, e.g. if a student has a contract with a sponsor and the sponsor needs, therefore, to keep in touch with the student's progress; and
where specific exemptions for disclosure without consent apply (see 6.2Disclosure without consent).

6.2
6.2.1 / Disclosure without consent
Certain disclosures are permitted under the Data Protection Act without consent from the individual provided one or more of the following criteria are met:

for the purpose of safeguarding national security;
for the purpose of preventing or detecting crime including the apprehension or prosecution of offenders;
for the assessment or collection of tax or duty;
to discharge regulatory functions, including securing the health, safety and welfare of persons at work;
for the purpose of preventing serious harm to a third party if the data were not disclosed; and
for the purpose of protecting the vital interests of the individual i.e. release of medical data without which the individual could suffer harm.

6.3
6.3.1 / Requests for information from within the College
Where a College employee requests personal data about another individual, such information should only be released if it is clear that the member of staff requires that information in order to perform his/her official duties. In the case of any doubt, the request should be referred College Management or the Data Protection Policy.
6.4
6.4.1 / Requests for information from outside the College
When an employee receives enquiries as to whether a named person is a student or a member of staff of the College, the enquirer should be asked why the information is required. If the reason is not one that would justify disclosure without consent (see 6.2) the member of staff should decline to comment one way or the other.
6.4.2 / Please remember that merely confirming that an individual is a member of the College may constitute an unauthorised disclosure.If you are in any doubt as to the legitimacy of a disclosure, then no disclosure should be made and further guidance sought from College Management or Data Protection Officer.
6.4.3 / Under normal circumstances, information should not be provided in response to a telephone request as individuals may use deception to gain access to information to which they are not entitled. Bodies/individuals that request personal data should be asked to provide a written or faxed request and/or provide documentary evidence to support their request. A formal request on headed paper and/or an accompanying stamp of the organisation may also assist in confirming the legitimacy of a request. The absence of such documentation should warrant refusal to disclose the requested personal data.
6.4.4 / Extra care must be taken in situations where there may be court order in place that may prevent an individual such as a parent from having contact with their son or daughter. The student record should be checked to ascertain the named parent or guardian which can be undertaken a Head of Studies or Pastoral Mentor.
6.4.5 / A request to disclosure the personal details of a member of staff or student to a third party should either come from the data subject directly, or a statement should accompany the request from the third party from the data subject consenting to the disclosure.
6.4.6
6.5
6.5.1
6.5.2 / The College may be required under the Data Protection Act to release information to the Police without consent of the data subject in limited circumstances. Such disclosures should only be made of the Police confirm that they wish to contact a named individual about a specific criminal investigation and where the College believes that failure to release the information would prejudice the investigation. Staff must not release information to the Police over the telephone and it is likely that they will use a request form that justifies an exemption under the Data Protection Act. All enquiries from the Police should be referred to the College’s Security Co-ordinator or Data Protection Officer.
Subject Access Requests (SAR)
A Subject Access Request is where a Data Subject or someone acting on their behalf, makes a request to access their personal data in accordance with the Data Protection Act. Data Subjects will be invited to complete a ‘Standard Request Form for Access to Personal Data’ although written requests in other formats are also acceptable.
An employee, as a Data Subject, may submit a SAR. Should they receive a request, the date received should be recorded and this should then be promptly forwarded to the Data Protection Officer who will deal with this in accordance with the College’s Data Protection Policy
7 / ACTION WHEN DISCLOSURE IS REFUSED
7.1 / There may be circumstances where the subject matter is of importance and the data subject should be informed of the enquiry. This will allow the Data Subject to contact the enquirer should they so wish.
7.2 / As an alternative to divulging personal data, the College may be willing to accept a sealed envelope which it will attempt to forward to the student or staff member's last-recorded address or to forward an incoming email message.Where the matter is urgent, an attempt should be made to contact the individual by telephone or other means in order to put him/her in touch with the enquirer. Forwarding such information should be done conditionally i.e. 'if the person is a student/staff member' to avoid confirming their presence or absence at the College.
8. / RESPONSIBILITIES
8.1 / It is the responsibility of all College staff members involved with the collection and processing of information to comply with this policy. Wilful disclosure of personal information will be treated as gross misconduct in accordance with the College’s Disciplinary Procedure.
8.2 / The Data Controller is the person or organisation responsible for ensuring that the requirements of the Data Protection Act are complied with. The Runshaw College Corporation, as a corporate body, is the Data Controller under the Act, and the Governors are therefore ultimately responsible for implementation of this policy and for compliance with the Act.
8.3 / The designated Data Protection Officer is the individual or individuals appointed by the College to carry out the day to day duties. The College has two designated Data Protection Officers: the HR Director and the MIS and Data Services Manager. They may be contacted at the Langdale Road Campus, Leyland, Lancashire. PR25 3DQ, by telephone on 01772 622677, or by e-mail ().
9. / MONITORING AND REVIEW
9.1 / This policy will be reviewed at least every three years by the College’s Data Protection Officer, in consultation with Governors who act as Data Controller for the College, or in line with legislative developments and the need for good practice.

APPENDIX 1 – RUNSHAW COLLEGE PUBLICATION SCHEME

Class / Information / How disclosed
1
1.1 / Legal framework / Instrument and articles of government / Website
1.2 / Organisation / Organisation chart
Faculties overview / Intranet
1.3 / Context / Mission statement
Strategic plan
Quality assurance policies and procedures
Teaching & learning policies and strategies / Intranet
Intranet
Intranet
Intranet
1.4 / Management / Governors
Governors’ code of conduct
Committee members
Committee terms of reference
Code of practice for elections
Minutes of corporation and committee meetings / Website
Clerk
Website
Website
Clerk
Website
2
2.1 / Finance / Annual report and financial statements / Website
2.2 / Resource planning / Financial regulations / Intranet
3
3.1 / Employment and employee relations / Recruitment & selection policy
Standard terms and conditions of employment
Pay scales
Consultation arrangements
Grievance procedures
Disciplinary procedures
Whistle-blowing procedure
Job vacancies
Other relevant staff policies / Website
Intranet
Intranet
Intranet
Intranet
Intranet
Intranet
Website/Intranet
Intranet
3.2 / Equal opportunities/diversity / Equality and diversity policy
Equality and diversity strategic goals
Equality and diversity objectives
Equality and diversity reporting cycle
Equality and Diversity Annual Report / Website
Website
Website
Website
Website
3.3 / Human resources strategy / Strategic Plan / Intranet
3.4 / Staff development / Induction programme
Performance management guidelines
Professional development policy / Intranet
Intranet
Intranet
Class / Information / How disclosed
4
4.1 / Estates / Accommodation strategy
Sustainability policy
Health, safety well-being policy
Site maps and addresses / Intranet
Intranet
Intranet
Intranet
5
5.1 / Information on student admission, progression and completion / Student qualifications on entry
Student entrants by age, gender, ethnicity, disability and geographical origin.
Qualifications awarded
Retention data
Satisfaction data
Achievement data
Progression data / Website

Intranet
5.2 / Student accommodation / None provided by the College
5.3 / Student administration / Student records retention policy / Intranet
5.4 / Student admission and enrolment / Admissions policies / Website/Intranet
5.5 / Student discipline / Disciplinary procedure
Complaints procedure / Intranet
5.6 / Student learning support services / SEN policy / Intranet
5.7 / Student liaison / Terms of reference of staff/student liaison committee
Minutes of staff/student liaison committee / Student Services
5.8 / Student policies / Student policies / Intranet
5.9 / Student welfare / Student Services activities
Enrichment activities / Intranet
5.10 / Student activities / Student Union details
Student Council details / Student Services
6
6.1 / Availability and conditions of use of facilities / Opening hours of buildings
Opening hours of libraries
Working hours of helpdesk
IT access, usage and e-safety policy / Intranet
6.2 / Mission statements and related documents / Partnership agreements for IT Services and Libraries / Intranet
6.3 / Policies with regard to data and information / Data protection policy
College archive and data retention guidelines
Policy on disclosure of information / Website
Intranet
Website
6.4 / Procurement and disposal policies / Procurement policy
Disposal policy / Intranet
6.5 / Scope of collections held / Library catalogues / Intranet
Class / Information / How disclosed
7
7.1 / Academic year / Term dates / Website
7.2 / Further course information / Programmes structure
Schools structure
Courses structure
Qualifications
Changing courses
Work experience / Broadsheet
Prospectus
Website
7.3 / Information on internal procedures for assuring academic quality and standards / Programme specifications
Self-Assessment process
Accreditation and monitoring reports
Assessment strategies
Range and nature of student work
Student satisfaction survey results
Self-Assessment data / Website
Intranet
Intranet
Intranet
Intranet
Intranet
Intranet
7.4 / Staffing structure of schools/departments / Organisation chart to School level
Contact details / Intranet
Website
7.5 / Student assessment strategy / Examination dates
Examination regulations
Appeals procedure
Policy on plagiarism
Examination bodies / Intranet
Intranet
Intranet
Intranet
Intranet
7.6 / Tuition fees / Fees policy
Course fees / Intranet
Broadsheet
Prospectus
Website
8
8.1 / Community liaison / External committee memberships / Intranet
8.2 / Fundraising / N/A
8.3 / Government and regulator relations / Inspection reports / Website
8.4 / Marketing and recruitment / Prospectuses
Dates of open days / Broadsheet
Prospectus
Website
8.5 / Public relations / Press releases
Newsletters / Website
Student Bulletin
Staff Update