Evidence of compliance with legislation ie data protection act, computer of misuse act.

Jack Lay made this Rhyddid Gwybodaeth request to Wakefield College

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

Roedd y cais yn llwyddiannus.

Dear Wakefield College,
If possible, please provide me with evidence of how you comply with the two following acts:
Data protection act and computer misuse act.

Yours faithfully,
Jack Lay

Course Information mailbox, Wakefield College

Thank you for your enquiry which we can confirm has been received. We will
endeavour to respond to your enquiry within 3 working days or usually
sooner. If you have any queries that you would like to discuss with us
urgently, please contact a member of the Course Information Team on 01924
789111. Check out the website [1]www.wakefield.ac.uk/events to see what’s
coming up.

References

Visible links
1. file:///tmp/www.wakefield.ac.uk/events

Nils Elgar, Wakefield College

Dear Mr Lay,

 

Thank you for your Freedom of Information Act request.  Please find the
College’s response below:

 

Data Protection Act

 

The College does not have any direct evidence that it complies with the
Data Protection Act.  However, the College has put in place the following:

 

1.    Wakefield College is on the Data Protection Register.  The College
registration number is Z7613845.  The Information Commissioner’s Office
(ICO) are notified of any changes to our register.

2.    The College has a Data Protection Policy for all staff to follow. 
The policy is included on the staff intranet.

3.    The College has information on Data Protection on its staff intranet
for all staff to view.

4.    Data Protection training is mandatory for all staff and new starters
are expected to complete this in their first month.

5.    Data collection forms include information about the purpose for
collecting the data and who it may be disclosed to.  The enrolment form
has a separate paper that the students keep.

 

Computer Misuse Act

 

The College does not have any direct evidence that it complies with the
Computer Misuse Act.  However, in 2013 the College’s Internal Audit
Service produced a report on the College’s Network Security.  This review
was undertaken to confirm there were adequate management, operational and
security controls over networked systems and data.  It concluded that,
“Taking account of the issues identified, the Board can take reasonable
assurance that the controls upon which the organisation relies to manage
this risk are suitably designed, consistently applied and effective.” 
Separate network penetration testing was also undertaken in April 2013 and
actions were taken to strengthen the College’s network security in
response to the findings.

 

Relevant College policies include:

 

·         Access to External Websites Policy (Staff);

·         Policy on the Use of the College Network (staff);

·         Policy on the use of the Internet and Email (students);

·         Electronic Information Security Policy;

 

The following specific actions are taken to discourage breaches of the
computer misuse act:

 

1.    Users do not have the permission to install applications on to
college computers, unless specifically authorised by the IT Support Team.

2.    User permissions are restricted to prevent malicious activity which
could damage the Operating System/applications and prevent other users
accessing the device.

3.    College data can only be accessed if authorised by an appropriate
person, e.g. manager/tutor.

4.    Malicious software is detected and quarantined in real-time and a
report of the incident is sent to the IT Support Team.

5.    Tutors have access to classroom management software in IT labs which
allows them to monitor their students screens and block inappropriate
activity.

6.    Software is installed on all Windows computers to monitor for the
use of safeguarding keywords, and records the occurrence to a central
database.

7.    Individual internet usage in terms of time spent and sites visited
is recorded.

8.    All internet traffic is filtered and any categories deemed
inappropriate (including computer misuse) are blocked and recorded.

 

In the event of a breach all relevant information would be collated from
the above systems for the investigation.

 

Yours sincerely,

 

Nils Elgar

 

Clerk to the Corporation

Wakefield College

Margaret Street

Wakefield

WF1 2DH

 

Tel:  (01924) 789-208

Email:  [1][email address]

 

References

Visible links
1. file:///tmp/[email address]