Data Protection Policy

EAST SUSSEX LOCAL OPTOMETRIC COMMITTEE

Data Protection and Fair Processing Policy

East Sussex Local Optometric Committee (LOC) treats privacy as a key priority and is committed to protecting members’, contactors’ and practitioners’ personal information entrusted to it.

East Sussex LOC complies with the Data Protection Act 1998 (“the Act”) and this policy describes our procedures for ensuring that personal information is processed confidentially, fairly and lawfully.

What personal data do we hold?

In order to fulfil our role, we hold the following personal data:

1. Practice/ Contractor name; address; telephone number and email address.
2. Performers’ name and email address.
3. Details of any lecture evenings and study days attended by contractors and performers.
4. Information relating to further accreditation training. For example those registered for the cataract direct referral

Why do we hold information about you?

We hold this information for the administration and proper management of the work of the LOC.

Staff

All officers and staff are aware of the confidentiality of members’ data and that the data must be processed and stored in a secure manner. Staff have been informed of their obligations in these matters and advised on how to carry them out. All staff are contractually bound for the duration of their contracts and after their termination by a duty of confidentiality, in accordance with the Data Protection Act 1998 and the common law duty of confidentiality. Specifically, they are prohibited from communicating or disclosing to any third party any confidential information and from using such information for their own purposes, unless prior written authorisation has been obtained from the LOC.

We process the data in accordance with the eight Data Protection Act principles

We make sure that that personal information is:

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection
 
Security of information

Personal data about you is held in the LOC’s computer system and/or in a manual filing system. The information is not accessible to the public and only authorised officers and members of staff have access to it. Our computer system has secure audit trails and we back up information routinely.

Disclosure of information

Your information personal data will not be disclosed to third parties without your permission except when required by a court order.

Information Commissioner’s Office

Under the Data Protection Act 1998 the Practice would notify the Information Commissioner’s Office of its processing of data, if required. We have been advised by LOCSU that this is not required.

Confidentiality

In addition to the data protection principles, members’ data are handled in accordance with the common law duty of confidentiality.

Third Parties

Personal data will not be processed or communicated to third parties without the permission of the member or in compliance with a court order in accordance with the Data Protection Act 1998.

By providing your contact details it will be assumed that you give the LOC your permission to disclose email addresses on occasions where it feels it is appropriate, or on legal grounds, for example, when the GP commissioners want to know which practices can provide additional services. This is done using information already available in telephone books and on the internet. For this reason and on the grounds of confidentiality, the LOC advises that email addresses given are for performers/ contractors and where possible are not general ‘family’ email addresses.