1.5 Explain how the processes used by own work setting or service comply with legislation that covers data protection, information handling and sharing.
In my setting we have a child protection policy this covers data protection, information handling and sharing, it states that information held about children should be held for a specific purpose, be adequate and kept for no longer than necessary, be processed in accordance with rights of the data subject, and be subject to appropriate security measures. Individuals have the right to know about any data kept and the perpous for which it is being processed. They also have the right to have any inaccurate information held about them corrected, removed or destroyed. Before processing data we should consider if it is necessary? Is it 100% accurate? And has the data subject been told that it is being processed and why? And is the data secure? All personal data whether manual or electronic should be kept secure to stop it from being lost, damaged or destroyed. Paper records should be locked away and keys should be kept safe. If electronic then access should be password protected and passwords should only be known by DCPO (designated child protection officer). All files should be out of sight of any unauthorised persons at all times. Data should not be faxed or emailed unless made anonymous first as you cannot guarantee security. When the data is no longer needed it should be destroyed either by shredding or incinerating or using confidential waste bins. All our children’s records are securely stored in the manager’s office and as she is the designated DCPO only she has access to them. My work settings policy is written up in order to comply with the current legislations.