Ages 3 to 16
Enrol with ease
Discover us & the campus
Where confidence grows
Discover what's happening
Languages
Summer Society: from 14 July to 15 August
Straits International School, MalaysiaPersonal Data Protection Policy: January 2014
The Personal Data Protection Act 2010 gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
The Act gives the public a general right of access to information held by public bodies and outlines the requirements that must be followed when responding to requests. It also outlines reasons for withholding information, which are known as exemptions from the right to know.
Straits International School aims to fulfill its obligations under the Personal Data Protection Act 2010 by ensuring that anyone who processes personal information complies with the Act.
To ensure the implementation of the Act, a Data Protection Officer will be appointed in Straits International School and within the Corporate Office.
The Act states that anyone who processes personal information must comply with eight principles, these are that personal information is:
The school has procedures in place to ensure appropriate use, disclosure and protection of personal data, including sensitive data relating to members of staff and students’ records. The school uses physical and electronic safeguards to ensure the security of data.
These include:
This includes, but is not limited to:
Sensitive data can only be processed if the information has been lawfully and fairly obtained and that the subject has consented, sensitive data includes:
The School’s Data Protection Officer is responsible for deciding how any personal data is to be processed and ensuring that it complies with the Personal Data Protection Act 2010.
The second area covered by the Data Protection Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records. With regard to students, there are two distinct rights to information held by the school:
All requests should be addressed to the Data Protection Officer at the relevant Straits International School. The request should be made in writing and describe the information to which access is required. If practicable and reasonable, the information will be copied or printed and posted to the person making the request. Arrangements can be made to view the information by an individual as an alternative. The School will comply with the request within a period of 14 working days.
There are certain circumstances, where access will be denied. This includes cases where the information might cause serious harm to the physical or mental health of the students or another individual or the request would entail releasing examination marks before they are officially announced.
When a student transfers to another Straits International school, the new school should be sent a completed transfer form and all educational records relating to the student, including copies of their student reports. When a student transfers to a new school other than Straits International School, all educational records relating to the student, including copies of their student reports should be provided to the parents/guardians.
Straightforward requests for information are provided free of charge. More complex requests will be charged; the school’s Data Protection Officer will provide details regarding charges on request.
Sharing of Data and Student consent
The interests of the student should remain paramount at all times. Whenever possible, students should be consulted and their wishes taken into account concerning the sharing of information about them. The exceptions to this are:
When there is a legal obligation to share information without theconsent and/or knowledge of the student, e.g., child protection; when the student is deemed to be unable to make a competent decision concerning the sharing of information about them. In such instances, those who are responsible for the student should be consulted.
It should be made clear as early as possible that absolute confidentiality cannot be guaranteed if a student’s own safety or the safety of others is at risk. Where a member of staff believes that there is a risk to the health, safety or welfare of a young person or others, which is so serious as to outweigh the young person’s right to privacy, they should clearly explain this to the student and inform the Principal.
Those responsible for sharing personal or confidential information about students or staff should work together to ensure that such sharing is handled in line with statutory guidance. Responsible staff should meet to discuss and agree on what information should be shared, for what legal or proper purpose, to whom it should be shared and how much information should be reasonably disclosed. Sensitive data such as medical information on staff and students should not be displayed in ‘public’ areas where guests to the school may be admitted.
Potentially, those who work directly with students may need to be informed of confidential information. Those responsible for the running and administration of the school may also need to be informed. These include:
Information may be shared
Information should only be shared
Where an individual faces a conflict of interest about whether to disclose information or not
When in doubt, information should not be shared unless
Personal data cannot be released to third parties without the individual’s consent, unless for specific reasons such as prevention or detection of crime, the health, safety and welfare of other employees or where disclosure is to protect the vital interests of the individual. Ideally, the individual’s consent should be obtained in writing. If the school wishes to obtain personal data from a third party, e.g. an employee’s medical records, the individual’s permission should be requested and obtained.
All requests for disclosure should be submitted in writing on headed paper and given full reasons.
Accurate information should be given when supplying a reference for an employee or ex-employee.
When the School requests personal data they must inform individuals as to why the personal data is being processed and to whom it is being disclosed. Personal data held by the school is reviewed and updated annually as necessary. Personal data is held by the school for seven years.
Personal information given in confidence must not be disclosed without consent. Employees should not be the subject of monitoring without good cause.
Individuals have the right to prevent processing, which is damaging or distressing to themselves or others, to prevent processing for direct marketing, ensure that no decision significantly affecting them is based solely on the automatic (electronic) processing of data relating to them e.g. assessing their performance at work. The individual also has the right to rectify, block, erase or destroy inaccurate data on application to the school.
Individuals are not entitled to have access to the following:
Experience adventure and learning!