Confidentiality and Data Protection Proforma

;

1. Purpose

This document is intended for people who make an unpaid, professional contribution to the Institute of Physics and Engineering in Medicine (‘IPEM volunteers’) who process personal information relating to members, potential members, trainees, staff, or other IPEM contacts, on behalf of IPEM. IPEM remains legally the ‘data controller’ for this data, and so needs to be assured that it is handled appropriately by others acting on its behalf.

The agreement sets out the requirements and responsibilities of those who have access to such information and ensures that all parties concerned understand their confidentiality obligations, and the consequences of breach of these obligations.

2. Scope

This agreement must be signed by all those who process personal data in the course of their volunteer role for IPEM as:

  • Professional Conduct Committee members
  • Membership or Registration Assessors
  • Examiners
  • Moderators
  • Course Supervisors
  • Interviewer
  • Any other volunteer role in which a member processes personal data.

3. Processing personal data

Members are reminded of the following requirements for the protection of personal data that they are processing on behalf of IPEM.

  • Members should use IPEM’s Microsoft Teams (or Workspaces). To set up a Team please contact jenny@ipem.ac.uk This is the best way to ensure that information is seen by specific members for the purpose of their role, without information having to be sent over external electronic networks;
  • If using emails to share documents containing personal data, they should be sent using an encrypted system
  • Laptops and other mobile devices containing personal data must be both encrypted and password protected
  • Laptops must have a privacy screen in place if they are used in a public place such as a train.
  • Documents, and storage devices such as memory sticks, containing personal data should always be individually password-protected.

4. Disposal of personal data

  • If paper copies of personal data have been used, they can be returned to IPEM in person, and will then disposed of through our confidential waste disposal service.
  • Alternatively, hard copies should be cross-shredded before disposal.
  • Electronic documents should be deleted as soon as the task for which you are using them has been completed. You should go to the ‘Trash’ folder and permanently delete the file.
  • If you subsequently sell/dispose of any computer or portable media (e.g. laptops, USBs, mobile phones, blackberries) that you have used for IPEM business, please check that it has been cleared of all personal data.

5. Confidentiality agreement

This document applies to all personal data and business information you process in the course of your voluntary role for IPEM. The relevant provisions also apply after your relationship with IPEM has ended.

  1. I hereby undertake not to use, nor disclose to any unauthorised person, any confidential information relating to or received from IPEM for any reason unless expressly authorised by IPEM, or required by law. I understand that this applies both during the term of my voluntary work and after its termination.
  2. Information is confidential information if it is clearly marked as such or by its very nature is evidently confidential. This includes but is not limited to financial information, information held on members or staff, and membership conduct proceedings.
  3. I understand that the use and disclosure of all information about living, identifiable individuals is governed by the Data Protection Act. I will not use or disclose any personal data I acquire during my work for any purpose that is or may be incompatible with the purposes of that work.
  4. I understand that I am required to keep all confidential and personal data securely, and undertake to follow all relevant local procedures in doing so
  5. I undertake to ensure that all records provided or created for the purposes of this agreement, including any back-up records, are passed back to IPEM or deleted as directed. Once I have received confirmation that the task I was using them for has been satisfactorily completed.
  6. I understand that all information and personal data supplied by IPEM, used directly or indirectly in the performance of my duties shall remain at all times the property of IPEM.
  7. I understand that breach of these obligations may lead to membership disciplinary proceedings and possibly to legal proceedings.

You can find out more about how we collect, process and store your data in our Privacy Policy listed on our website; https://www.ipem.ac.uk/privacy-policy/