The Data Protection Act 1998
The Data Protection Act 1998 sets out rules for processing personal information. It applies to some paper records as well as those held on computer. The Act gives individuals certain rights, and also imposes obligations on those who record and use personal information to be open about how information is used and to follow eight data protection principles.
Personal data must be processed following these principles, so that data is:
- processed fairly and lawfully, and only if certain conditions are met
- obtained for specified and lawful purposes
- adequate, relevant, and not excessive
- accurate and, where necessary, kept up-to-date
- not kept for longer than necessary
- processed in accordance with the subject's rights
- kept secure
- not transferred abroad without adequate protection
On arrival, all first-years are asked to sign a Matriculation Form. This will include the wording:
- I consent to the processing by the College and the University of personal data (including sensitive personal data as defined in the Data Protection Act 1998) about me for the proper purposes of these institutions.
- I undertake to observe the provisions of the Data Protection Act 1998 in relation to any personal data I may myself hold and process as a student of the College and the University, and I agree to indemnify the College and the University from liability for any claims or damages that may arise from the processing of this data.
Admissions and Student Records
The College processes personal data to assist in the admissions process, to enable the provision of education and welfare services to its students, to facilitate the administration of student accommodation, to provide up-to-date academic records, to assist in the administration and collection of fees and charges, to comply with legal and other obligations (eg health and safety), to facilitate communications and mailings, to enable the provision of references, to assist with fund-raising by the College and the University, for alumni activities, and for research and archive processes.
Information is provided by the applicants and students themselves (by way of application forms and other means), and also by third parties such as schools, local authorities, and examination boards.
In order to ensure the proper functioning of the College as an institution in the higher education sector, the College may, from time to time, consider it appropriate to disclose relevant personal data about applicants and students within the College to other members of staff, committees and organisations (such as the UCS and MCR), and also to various external bodies, including the College Visitor (see Troubleshooting), appropriate members of staff of the University of Cambridge, other Cambridge Colleges, inter-collegiate bodies, other educational institutions, employers and potential employers, professional bodies, funding bodies, local authorities, and other government and regulatory bodies. The College may or may not seek further consent to specific disclosures, depending upon the intended disclosure.
Data Protection Officer
Clare's Data Protection Officer is the Assistant Bursar, who will answer any questions you may have about data protection issues in Clare.