Draft data protection and privacy policy

What's related > Forms | Best practice for web pages: summary

Disclaimer

The Head of Web Services, acting under the authority of the Library and Information Services Committee, may at any time make changes to this policy.

Status

Draft for comment.

Target audience

Web editors and other suppliers of the LSE website.

Introduction

The LSE website is provided in accordance with the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. This policy is provided for web editors and other suppliers of the LSE website to clarify what is and what is not permitted in relation to the processing of personal data. It is not provided as a substitute for the Data Protection Act 1998, the Privacy and Electronic Communcations (EC Directive) Regulations 2003, School regulations and codes of practice, nor the advice and guidance of the School's Data Protection Officer. Web Editors are advised to consults these sources first hand - see 'Further information' below.

Definition of terms

Owner - A living individual represented by personal data excluding LSE staff, students, applicants, and alumni where collection and processing of personal data is for various essential administrative, academic and health and safety reasons in order to pursue LSE's legitimate interests as a university.

Personal data - "means data which relate to a living individual who can be identified - (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual" (Data Protection Act 1998)

Sensitive personal data - "means personal data consisting of information as to - (a) the racial or ethnic origin of the data subject, (b) his political opinions, (c) his religious beliefs or other beliefs of a similar nature, (d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992), (e) his physical or mental health or condition, (f) his sexual life, (g) the commission or alleged commission by him of any offence, or (h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings" (Data Protection Act 1998)

The policy

  1. Personal data can be collected via the LSE website provided that, at the point of collection,
     
    1. it is collected from its owner and that its owner is aware that it is being collected; and
       
    2. its owner is informed as to who will process it and for what purpose(s).
       
  2. If the purpose(s) change after collection, the owner must be informed of and give their consent to the change.
     
  3. Personal data must not be transferred to third parties without the consent of the owner. This includes publishing information via the LSE website.
     
  4. Owners have the right to opt out of the processing of their personal data at any time.
     
  5. When collected or processed via the LSE website, sensitive personal data must be transferred via Secure Socket Layer (SSL).
     
  6. Cookies must not be used to store personal data.

Further information

^ Back to top

LSE