ePEP Access Agreement

Introduction

Information Governance allows an organisation to manage its information in an efficient, effective and secure way whilst maintaining the balance between confidentiality and openness.

Information Governance processes allow this by ensuring:

  • records are only kept for the appropriate period of time and that they are confidentially destroyed when no longer required.
  • access to records is suitably managed and maintained so that requests for information can be dealt with in a timely manner.
  • the appropriate privacy and security is applied to information and/or systems whilst in transit and storage.

Any organisation handling data, especially personal data, has a responsibility to ensure that it complies with Information Governance requirements.

This document intends to set out the responsibilities of all parties to ensure that everyone understands what is expected of them when handling data.

Section 1: Data Controller

 Staffordshire County Council will be the sole data controller and data owner for all information uploaded to the e-PEP system.

All data processed will be used solely for the purpose of delivering Personal Education Planning and Pupil Premium Plus to Staffordshire County Council Looked After Children.

Staffordshire County Council will be responsible for the technical and organisational security of the e-PEP system, including:

  • Management, provision and removal of access rights
  • Ensuring the individual does not have the ability to access any other systems and information other than that required.

SCC will then be solely responsible for any subsequent decisions in relation to processing the transferred data, including retention and secure destruction.

All decisions relating to requests for access to information, including Freedom of Information, Data Subject Access Rights and third party personal data requests, will be dealt with by the SCC e-PEP administration team.

Section 2: Foster Carers

As these may require access to data owned by the County Council they will be required to sign an agreement (Appendix A) to confirm that:

  • They have received appropriate training regarding handling data and their responsibilities relating to Data Protection, Confidentiality and Information Security.
  • They have read, understood and signed the County Council’s Acceptable Use Policy.
  • They have been made aware of, and work in line with this e-PEP access agreement.
  • They understand that the County Council reserves the right to restrict or remove access to data and/or systems where non-compliance is evident or where a threat, or potential threat, is identified. Where illegal or criminal behaviour is suspected or identified SCC will refer the matter to the Police.

 

Users will be responsible for the ensuring that all data uploaded is accurate and up to date, as far as reasonably possible. 

Users will not be provided SCC accounts nor provided with access to any other SCC systems as part of this process, therefore Third Party Access Agreements are not required. 

Users will need to ensure that SCC data is only accessed when required and that it is accessed only by those who are authorised to access it. Users must not share the data with any other party unless agreed by the e-PEP administration team. 

Any user that believes that a security incident has occurred relating to data belonging to SCC, within 2 working days of the security incident being discovered. The e-PEP administration team must pass this on to the Information Governance Unit using the SCC information security incident reporting process. 

Users must inform the e-PEP team immediately they are no longer responsible for the care of a child.


Staffordshire County Council – ePEP Access Agreement  PDF (85 KB)