copyright © 2009 Keelagher Okey Klein - web site design by

Home.Profile.Policy.Services.Clients.CDM 2007.ProCure 21.Contact Us.

POLICY STATEMENT

 

It is fundamental to the terms on which the firm accepts engagements from clients that all information obtained during the work shall be received and held in strictest confidence.


Therefore, all staff must ensure that confidential information about a client’s affairs is not disclosed to anyone except a Director in the firm or the staff concerned with the work for that client.


Furthermore, information about a client’s affairs must neither be used for personal advantage or for the advantage of a third party. This rule, which has statutory backing, is of vital importance in today’s business environment.  Any breach could have criminal implications.


Working Papers and Files


Members of the staff working in the office should ensure that files and working papers containing confidential information are put away in locked cabinets at night or when they are not in use.
 

Correspondence or fee files should not be taken out of the office without the permission of a Director.  Members of the staff are particularly requested, when they take working papers or other documents of a confidential nature out of the office, to see that proper and adequate arrangements are made for their security.


Cohabitation with Employees of Competitors


The firm does not prohibit marriage to an employee of a competitor, and there may exist a variety of other less formal relationships.  On learning of such a relationship the appropriate Director should inform the staff member that he, as Director, is required to restate the policy, simply and without any issue of the matter.


Ownership Rights and Intellectual Property


The ownership of any intellectual property, computer programs and the like, developed by a member of staff in the Practice time and/or on the Practice equipment, or for use on client’s affairs remains with the Practice and not the individual who developed the material.  Computer programs include programs written to run on the Practice or client computers including any computerised modelling exercise.

 

Security of Systems and Databases


Staff are required to conform with the firm’s security procedures.

Employment tribunals recognise the importance of preserving the integrity of a computer with its information and an employee who deliberately uses an unauthorised password in order to gain access to a computer to which the employee is not entitled is guilty of gross misconduct and could be summarily dismissed.  An employee who removes or tampers with any of the firm’s workstations or boot disks could also be dismissed.

Members of staff are required to make themselves familiar with the principles of the Data Protection Act 1998, a brief description of which is set out below.  This Act is intended to regulate the use of automatically processed information relating to living individuals (Personal Data).


The extent of the Practice’s responsibility covers information held and controlled by the Practice and includes data processed on the firm’s own computers or by an outside bureau if the Practice control its content and use.  It does not cover information held on public databases which are maintained by other companies and to which the Practice subscribe for the purpose of ad hoc access, provided that the Practice does not store the information with the intent of processing it further for another purpose.

Where the Practice is required to register their use of Personal Data this register will be maintained by an officer of the crown, the Registrar, and will be open to public view.
 

All employees of the Practice are required to inform a Director of any relevant computer applications for which they are responsible.


Employees are also responsible for the security of Personal Data to which they have access.  All Personal Data must be kept in a safe place and must not be divulged to any unauthorised person.


As individuals whose own Personal Data may be held in computerised systems within the Practice, members of staff also have rights regarding the use of such information as it relates to each of them individually.

The firm may be liable to pay compensation to any individual who suffers damage and any associated distress as a result of improper use of his or her own Personal Data.  Members of staff may also be personally liable if the damage is the consequence of their own actions.


Information Which is Excluded by the DPA Comprises:

-   manual information

-   security copies of data files providing that these copies are used only for the purpose of reconstruction of the original data in the event of their being lost or corrupted.

Principles of the DPA

-   Personal data shall be obtained and processed fairly and lawfully.

-   Personal data shall be held only for one or more specified and lawful purposes.

-   Personal data held for any purpose shall not be used or disclosed in any manner incompatible with that purpose.

-   Personal data shall be accurate and, where necessary, kept up to date.

-   Personal data held for any purpose shall not be kept for longer than is necessary for that purpose.

-   An individual shall be entitled to be informed by any data user whether he holds data about that individual and an individual shall be entitled to access to such data and, where appropriate, to have such data corrected or erased.

-   Appropriate security measures shall be taken against unauthorised access to or disclosure, alteration or destruction of Personal Data and against accidental loss or destruction of Personal Data.

Definitions


Definitions of the terminology used in the DPA are set out below.


Data


The term data as covered by the act refers only to data recorded in a form in which it can be processed automatically, that is ‘computerised’ data and not ‘manual’ data held in filing cabinets, although computerised output in the form of printout, microfiche etc. are covered.


Personal Data


Data consisting of information which relates to a living individual who can be identified from the information, or from that and other information in possession of the Data User.


Data Subject

An individual or company who processes data and controls its content.  In this context the Data User is Keelagher Okey Klein.


Scope of the Data Protection Act


To be covered by the DPA, data must satisfy the following conditions:

-   it must be personal data relating to living individuals.

-   it must be processed automatically, by this it is meant electronic processing equipment and includes computers, micro-computers and in many cases, equipment used primarily for word processing.

Information Which the DPA Covers:

-   any data held in the computer itself during processing

-   computer produced reports whether these are printed on paper or on micro-film or similar media.

-   any data held on magnetic disk or tape storage.

-   any other data prepared in a form capable of direct input into a computer, for example, by optical character reading.

CONFLICT OF INTEREST

Any conflict or possible conflict of interest in relation to any project or service provided by the  firm which is identified by any personnel shall be immediately reported to a Director.

Back.