SOAS, University of London (The School of Oriental and African Studies)

Data Protection Policy: Scope and Status

1. Scope of the Policy

SOAS needs to collect certain types of personal information about the people with whom it deals, such as current, past and prospective students, employees, and those with whom it communicates. This information has to be collected for administrative purposes (such as staff recruitment and the administration of programmes of study), and to fulfill legal obligations to funding bodies and the government. The Data Protection Act 1998 requires that this information should be processed fairly, stored safely and not disclosed to any other person unlawfully. SOAS is committed to protecting the rights and privacy of individuals in accordance with the requirements of the Data Protection Act. This document outlines SOAS's policies in relation to the Data Protection Act.

SOAS's Data Protection Policy applies to all students and staff of SOAS. Any breach of the policy may result in SOAS, as the registered data controller, being liable in law for the consequences of the breach. Legal liability may also extend to the individual processing the data and his/her Head of Department or line manager under certain circumstances. In addition, breach of SOAS's Data Protection Policy by staff or students will be considered to be a disciplinary offence and will be dealt with according to SOAS's disciplinary procedures. Any member of staff or student who considers that the policy has not been followed with respect to personal data about themselves should raise the matter with their Head of Department, line manager or SOAS's Information Compliance Manager (see Data Protection contacts).

This policy applies to all personal data for which SOAS is responsible, including electronic data and manual data which are covered by the Data Protection Act (see Overview of the Data Protection Act 1998). It applies regardless of where the data are held, and regardless of the ownership of the equipment used for processing, if the processing is performed for SOAS purposes. Outside agencies and individuals who work with SOAS, and who have access to personal information for which SOAS is responsible, will be expected to comply with this policy and with the Data Protection Act.

2. Status of the Policy

This policy statement has been adopted by SOAS and was approved by SOAS's Information Strategy Committee on 22 February 2005.

Last updated July 2005

• Scope and Status
• Definitions
• Data Protection Act Overview
• Staff Responsibilities
• Gathering Data
• Disclosure of Data
• Transfer to HESA
• Transfer Outside the EEA
• Publication of Data
• Security of Data
• Use of Data in Research
• Examinations and Assessment
• References and Recruitment
• Retaining Data
• Records Management
• Handling by Students
• Access to Data
• Related Guidelines and Policies
• Data Protection Contacts