Data Protection law identifies a number of categories of specially sensitive personal information in respect of which additional safeguards are imposed.
This special category of very sensitive data is information revealing a living person’s
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Health and medical records
- Information concerning a person’s sex life or sexual orientation
- Criminal convictions and data relating to past offences
We call this sensitive data.
The general rule is that the collection use and retention of sensitive data is prohibited unless we have a right to collect, use and retain such information.
IN CLIENT LEGAL DISPUTES
Our right comes from
- The explicit consent of our client in carrying out our contractual and legal obligations to our client and
- The need to handle such information in the exercise or defence of legal claims
IN RESPECT OF OUR EMPLOYEES
Our right comes from
- The need to assess the working capacity of an employee in connection with employment law
RECORD OF PROCESSING ACTIVITIES
When we handle such sensitive data, we are required to maintain thisrecord of processing activities for sensitive data which can be made available to the Information Commissioner’s Office upon request.
WHO IS THE DATA CONTROLLER
The Data Controller is
- Salmons Solicitors Ltd of 20 to 22 High Street, May Bank, Newcastle under Lyme, Staffordshire, ST5 0JB
The Data Protection Officer is located at
- Salmons Solicitors Ltd, 336 Hartshill Road, Hartshill, Stoke on Trent, Staffordshire ST4 7NX
THE PURPOSE OF THE PROCESSING OF SENSITIVE DATA
The purpose is to
- Comply with our contractual duties to our clients
- Comply with Money Laundering Checks
- Advance or defend legal claims or family law /children law disputes for our clients
- Investigate the work capacity of our existing or potential new employees
CATEGORIES OF SENSITIVE DATA SUBJECTS AND SENSITIVE DATA TYPES
In respect of a client we may process data upon our clients’
- Racial or ethnic origin in connection with a race discrimination claim
- Political opinions and affiliations in connection with our Money Laundering checks
- Religious or philosophical beliefs in connection with a religious discrimination claim
- Trade union membership in connection with an employment claim or a personal injury claim
- Health information and medical records in connection with the mental capacity to instruct us, or an employment claim or a personal injury claim
- Sex life or sexual orientation in connection with a discrimination claim, a personal injury claim or a family law or children law matter
- Criminal convictions and data relating to past offences in connection with a personal injury claim or family law or children law matter
In respect of our existing employees or potential new employees
- To investigate the work capacity of our existing employees where a question as to capacity has arisen
- To verify the fitness for employment of potential new employees
RECIPIENTS OF SENSTIVE DATA
We may send sensitive data to
- expert medical witnesses
- professional advisers such as barristers and solicitor-agents
- enquiry agents and process servers
- costs lawyers
- in legal claims to an opponent’s legal representatives/insurers who may send it to the opponent themselves
- a courier for transportation purposes but sealed in an paper envelope
- a commercial paper-shredding contractor
and these persons may become aware sensitive data held by us
- our auditors/accountants
- The Solicitors Regulation Authority
- Inland Revenue, HM Customs and Excise (VAT)
- criminal law enforcement agencies
TRANSFERS OF SENSTIVE DATA OUTSIDE OF THE EUROPEAN ECONOMIC AREA
We do not normally copy client sensitive data to anyone outside the European Economic Area, however, we may do so however when the particular circumstances of a matter so require. All such third parties outside the European Economic Area will be required by us on a case by case basis to maintain confidentiality in relation to a client matter by being asked to sign a confidentiality agreement.
It is very unlikely we would send employee sensitive data out of the European Economic Area.
RETENTION OF SENSITIVE DATA
In respect of a client matter we may retain sensitive data forming an integrated part of a client file
- in a current client file whilst the matter is being worked upon as a live matter
- in our file archive in respect of a closed or finished matter for a period of six year whereupon it will be confidentially shredded
In respect of a client matter we may retain sensitive data which is GP & Hospital medical records
- in a current client file if less than about 500 folios whilst the matter is being worked upon as a live matter
- in a separate storage cabinet if more than about 500 folios whilst the matter is being worked upon as a live matter
- in respect of a matter closed or finished before 25th May 2018, for a period of six years whereupon medical records will be confidentially shredded
- in respect of a matter closed or finished after 25th May 2018, until the medical records are separated from the closed file when the closed file is archived whereupon the medical records will be shredded reasonably promptly; we no longer store GP and hospital medical records after 25th May 2018 when a file is archived.
In respect of a current employee we may retain sensitive data
- for as long as we employ the employee
In respect of a former employee we may retain sensitive data
- for up to 6 years after we ceased to employ the employee
SECURITY MEASURES FOR SENSITIVE DATA
We have adopted general data security measures under Data Protection law for all personal information and employee data but in respect of sensitive data a number of additional measures are adopted;
- health records will be sent to other persons listed only by secure delivery methods
- health records will be requested to be returned to us by secure delivery methods or confidentially destroyed by the recipient after a finite time period
- if sensitive data is sent from the office physically because it is part of a file it will be sent by secure courier services
- If sensitive data is sent electronically it will be sent as an encrypted email attachment