Data protection – Social work

The Data Protection Act 2018, incorporating the European Union’s General Data Protection Regulation, became law in May 2018. Whilst the University has the primary accountability for the management of student personal data, placement providers should be aware of their temporary responsibilities for the limited information they hold during the allocation and management of a student placement.

These are summarized as:

• Personal data should be processed lawfully, fairly and transparently.
• Personal data should be collected for specified, explicit and legitimate purposes.
• Personal data should be adequate, relevant and limited to the purposes for which they are processed.
• Personal data is accurate and kept up to date.
• Personal data is stored securely, including against unlawful processing and accidental loss using appropriate technical and organisational measures.
• Personal data is stored for no longer than is necessary for the purpose for which the data was collected.

Placement providers, Practice Educators and Placement Supervisors are reminded that:

• Communication with students and those academics supporting students should be sent through university email systems using either password protection or secure email systems (e.g. Egress).
• All paperwork containing even limited information regarding the student should be sent using password protection or secure email systems (e.g. Egress).
• Student data should be securely stored, either in locked filing cabinets or with password protection in electronic format
• Student data should not be held on portable flash drives/data sticks or on laptops without password protection.

All paper and electronic records should be securely destroyed and/or deleted following the Practice Assessment Panel for the relevant placement as, at this point, the University will hold all records and become the Data Holder.