Associates have the right to expect their personal data to be managed confidentially and securely in line with the Data Protection Act. In respect of any personal data related to the associates for whom you are responsible, you must:
- Be mindful of the clear desk policy and the secure disposal of confidential waste
- Consider system security when away from your desk
- Ensure cabinets and pedestals containing personal data are securely locked
- Ensure sensitive personal data is held centrally in the personnel file of the associate concerned
- Only store personal data for as long as necessary and in line with the retention policy
Occasionally an associate may apply for a Data Subject Access Request (DSAR) this requires Huntswood to disclose all data held on the associate, regardless of the content. Therefore, managers should be mindful of this when keeping notes or writing emails in relation to associates. Never record any information relating to associates which may be considered unfair or inaccurate and which cannot be substantiated by fact.
If a DSAR is requested, the request must be referred to the Data Protection Officer without delay (firstname.lastname@example.org) with a copy to the EM/SDM.