Bath Spa University - Regulations - Data Protection

Definitions Relevant to Data Protection Policy

Definitions are adapted from the JISC Data Protection Code of Practice (JISC, January 2001).

Data

"Data" is any information:

Stored in a form capable of being processed by computer or other automatic equipment (such as most computer files, including word processor, database and spreadsheet files)
Recorded in any form for later processing by computer or other automatic equipment (such as information collected from registration forms; CCTV pictures)
Stored as part of a relevant filing system or intended to be included in one in the future (including card files or filing cabinets structured by name, address or other identifier; Rolodex; etc)
Not covered by the above but part of an accessible record under s.68 DPA 1998 (such as a set of notes kept by a counsellor employed by the University).

Personal Data

"Personal data" are data that relate to a living individual who can be identified from that information, or from that data and other information in the possession of BSU. These include any expression of opinion about the individual and of the intentions of BSU in respect of that individual.

Sensitive Personal Data

The 1998 Act distinguishes between "ordinary personal data" such as name, address and telephone number and "sensitive personal data" including information relating to racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life and criminal convictions. Under the Act the processing of such data is subject to much stricter conditions.

Data Controller

The "data controller" is Bath Spa University, and is so identified in the University's entry in the Data Protection Register.

Data Protection Officer

The "Data Protection Officer" is the nominated officer in the Universities entry in the Data Protection Register. He or she is nominated by the Vice-Chancellor and is responsible to the Vice-Chancellor and to the Board of Governors for the implementation of the University policies relating to the Data Protection Act and related Acts. The responsibilities of the Data Protection Officer are defined.

Data Subject

A "data subject" is any living individual who is the subject of personal data.

Data Subject Access

"Data subject access" is the right of an individual to access personal data relating to him or her which is held by the University.

Data Owner

A "data owner" is a person authorised to manage the processing of data on behalf of the University. Data Owners are named in a list maintained by the Data Protection Officer and published on the Computer Services website.

Processing

"Processing" includes technical operations on data, such as organisation, retrieval, disclosure, and deletion; but also obtaining and recording data; the retrieval, consultation or use of data; and the disclosure or otherwise making available of data.