Sensitive Data

The general data protection regulation 2016 record of processing activities.

Data Protection law identifies a number of categories of specially sensitive personal information in respect of which additional safeguards are imposed.

This special category of very sensitive data  is information revealing  a living person’s

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Health and medical records
  • Information concerning a person’s sex life or sexual orientation
  • Criminal convictions and data relating to past offences

We call this sensitive data.

The general rule is that the collection use and retention of sensitive data  is prohibited unless we have a right  to collect, use and retain such information.

IN CLIENT LEGAL DISPUTES

Our right comes from

  • The explicit consent of our client in carrying out our  contractual and legal obligations to our client and
  • The need to handle such information  in the exercise or defence of legal claims

IN RESPECT OF OUR EMPLOYEES

Our right comes from

  • The need to assess the working capacity of an employee in connection with employment law

RECORD OF PROCESSING ACTIVITIES

When we handle such sensitive data,  we are required to maintain thisrecord of processing activities  for sensitive data which can be made available to the Information Commissioner’s Office upon request.

WHO IS THE DATA CONTROLLER

The Data Controller is

  • Salmons Solicitors Ltd of 20 to 22 High Street, May Bank, Newcastle under Lyme, Staffordshire, ST5 0JB

The Data Protection Officer is located at

  • Salmons Solicitors Ltd, 336 Hartshill Road, Hartshill, Stoke on Trent, Staffordshire ST4 7NX

THE PURPOSE OF THE PROCESSING OF SENSITIVE DATA

The purpose is to

  • Comply with our contractual duties to our clients
  • Comply with Money Laundering Checks
  • Advance or defend legal claims or family law /children  law disputes  for our clients
  • Investigate the work capacity of our existing or potential new employees

CATEGORIES OF SENSITIVE DATA SUBJECTS AND SENSITIVE DATA TYPES

In respect of a client  we may process data upon our clients’

  • Racial or ethnic origin in connection with a race discrimination claim
  • Political opinions and affiliations  in connection with our Money Laundering checks
  • Religious or philosophical beliefs in connection with a religious discrimination claim
  • Trade union membership in connection with an employment claim  or a personal injury claim
  • Health information and medical records in connection with the mental  capacity to instruct us, or an employment claim or a personal injury claim
  • Sex life or sexual orientation in connection with a discrimination claim, a personal injury claim or a family law or children law  matter
  • Criminal convictions and data relating to past offences in connection with a personal injury claim or family law or children law matter

In respect of our existing employees or potential new employees

  • To investigate the work capacity of our existing  employees where a question as to capacity has arisen
  • To verify the fitness for employment of potential new employees

RECIPIENTS OF SENSTIVE DATA

We may send sensitive data to

  • expert medical witnesses
  • professional advisers such as barristers and solicitor-agents
  • enquiry agents and process servers
  • costs lawyers
  • in legal claims to an opponent’s  legal representatives/insurers who may send it to the opponent themselves
  • a courier for transportation purposes but sealed in an paper envelope
  • a commercial paper-shredding contractor

and these persons may become aware sensitive data held by us

  • our auditors/accountants
  • The Solicitors Regulation Authority
  • Inland Revenue, HM Customs and Excise (VAT)
  • criminal law enforcement agencies

TRANSFERS OF SENSTIVE DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA

We do not normally copy client sensitive data to anyone outside the European Economic Area, however, we may do so however when the particular circumstances of a matter so require. All such third parties outside the European Economic Area   will be required by us on a case by case basis to maintain confidentiality in relation to a client  matter by being asked to sign a confidentiality agreement.

It is very unlikely we would send employee sensitive data out of the European Economic Area.

RETENTION OF SENSITIVE DATA

In respect of a client matter we may retain sensitive data  forming an integrated part of a client file

  • in a current client file whilst the matter is being worked upon as a live matter
  • in our file archive in respect of a closed or finished matter for a period of six year whereupon it will be confidentially shredded

In respect of a client matter we may retain  sensitive data  which is GP & Hospital  medical records

  • in a current client file if less than  about 500 folios whilst the matter is being worked upon as a live matter
  • in a separate storage cabinet if more than about 500 folios whilst the matter is being worked upon as  a live matter
  • in respect of a matter closed or finished before 25th May 2018, for a period of six years whereupon medical records  will be confidentially shredded
  • in respect of a matter closed or finished after 25th May 2018,  until the medical records are separated from the closed file when the closed file is archived whereupon the medical records will be shredded reasonably promptly; we no longer store GP and hospital medical records after 25th May 2018 when a file is archived.

In respect of a current employee  we may retain sensitive data

  • for as long as we employ the employee

In respect of a former  employee  we may retain sensitive data

  • for up to 6 years after we ceased to employ the employee

SECURITY MEASURES FOR SENSITIVE DATA

We have adopted general data security measures under Data Protection law  for all personal information  and employee data  but in respect of sensitive data a number of  additional measures are adopted;

  • health records will be sent to other persons listed only  by secure delivery methods
  • health records will be requested to be returned to us by secure delivery methods or confidentially destroyed by the recipient after  a finite time period
  • if sensitive data is sent from the office physically because it is part of a file it will be sent by secure courier services
  • If sensitive data is sent electronically it will be sent as an encrypted email attachment