Foster Carers guide to the Data Processor Agreement
Data Processor Agreement PDF (136 KB)
Background of the agreement
All organisations that handle personal data are required to comply with data protection legislation. When an individual or organisation is carrying out a function for that organisation, i.e. providing care for a foster child, that organisation may need to pass some of that personal data to the individual or organisation to allow them to carry out the role.
When this happens the Data Protection Act requires that the organisation that is providing the information puts in to place an agreement between themselves and the other party (whether that is an individual or organisation).
The agreement acts like a contract but relates specifically to information and how it will be handled in a secure manner.
As the agreement is produced in line with legislation it is difficult to avoid using technical legal language which can sometimes be difficult to understand and interpret. Therefore foster carers should be assured that there is nothing contained within the agreement that is designed to trip them up and the Adoption and Fostering Recruitment and Training Team are putting mechanisms in to place to aid foster carers compliance with the agreement.
This document is a designed to act as a guide to the data processor agreement for foster carers in terms of what they should and shouldn’t be doing with information relating to Children in Care.
DO:
1. Attend the training relating to data protection, information security, confidentiality and privacy.
2. Ensure that you understand and sign the data processor agreement and confidentiality agreement (which is documented in Schedule A) of the agreement.
3. Comply with any procedures and/or standards that the Adoption and Fostering Recruitment and Training Team have made you aware of.
4. Send confidential documents securely either by hand delivering them, sending them via special delivery or by using the Secure File Transfer facility.
5. Select a strong password. Advice on how to do this can be found in the IT security section of the Foster Care Handbook.
6. Return all data relating to the foster child to the Council once a foster care placement has come to an end.
7. Check that no information has accidentally been saved to your PC. If any information is found, this should be securely wiped. Advice on how to do this can be found in the IT security section of the Foster Care Handbook.
8. Comply with any licensing restrictions that are in place.
9. Keep information secure by storing electronic information on an encrypted memory stick and manual information in a locked receptacle.
10. Report any potential or actual security incidents to the Adoption and Fostering Recruitment and Training Team as soon as possible after they have been identified.
11. Provide the Adoption and Fostering Recruitment and Training Team with assistance if they require information from you.
12. Contact the Adoption and Fostering Recruitment and Training Team if you are unclear about anything.
DON’T:
1. Give access to information to any unauthorised person. If you are unsure as to who is allowed access, contact the Adoption and Fostering Recruitment and Training Team.
2. Use the information for purposes other than those required to carry out the foster care role.
3. Disclose usernames and/or passwords to anyone. If you think that your password has been compromised, you should change it. Advice on choosing a strong password can be found in the IT security section of the Foster Care Handbook.
4. Make copies of data unless it is necessary to carry out the foster care role.
5. Attempt to bypass any security systems that have been put in to place.
6. Talk about personal and/or confidential information with unauthorised persons.
7. Allow unauthorised persons to view personal and/or confidential information on a screen or as a hard copy.
8. Infer anything from the agreement which has not been specifically stated.
Penalties:
It is important that foster carers understand the importance of looking after information relating to Children in Care and the potential implications of failing to do so. The Council can be fined up to £500,000 for breaches of data protection legislation: however there are also individual offences which can be committed by individual members of staff and foster carers. An offence can be committed by an individual when they either deliberately or recklessly, without the consent of the Council, obtain, disclose or sell personal data.