1.1 Everyone has rights with regard to how their personal information is handled. During the course of my activities I, and my office staff (and any volunteers) will collect, store and process personal information about the constituents for whom I act and others that we communicate with in order to act for and on behalf of constituents in line with my responsibilities as an elected member.
1.2 The types of information that we may be required to handle include details of constituents and others that we communicate with (both currently and in the past). The information, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the Data Protection Act 1998 (the Act), the General Data Protection Regulation and other regulations. These impose restrictions on how we may use that information.
2.1 This policy sets out the rules on data protection and the legal conditions that must be satisfied in relation to the obtaining, handling, processing, storing, transporting and the destruction of personal information.
2.2 If you consider that the policy has not been followed in respect of personal data about yourself or others you should initially raise the matter with the Office Manager.
3. Definition of data protection terms
3.1 Data is information which is stored electronically (for example on a computer, camera or mobile phone) or is held manually pending transfer to electronic devices. It also includes certain paper-based filing systems.
3.2 Data subjects for the purpose of this policy include all living individuals about whom we hold personal data. All data subjects have legal rights in relation to their personal data.
3.3 Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.4 Data controllers are the people who, or organisations which, determine the purposes for which, and the manner in which, any personal data is processed. They have a responsibility to establish practices and policies in line with the Act. I am the data controller of all personal data used in my offices to enable me to fulfil my role as a member of the National Assembly for Wales.
3.5 Data users include employees whose work involves using personal data. Data users have a duty to protect the information they handle by following our data protection and security policies at all times.
3.6 Data processors include any person who, or organisation which, processes personal data on behalf of a data controller. An example would be the Assembly Commission’s payroll provider. Employees of data controllers are excluded from this definition.
3.7 Processing is any activity that involves use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
3.8 Special categories of personal data is any data which identify a person’s:
· racial or ethnic origin;
· political opinions;
· religious or philosphical beliefs;
· trade union membership;
· health or sex life and sexual orientation;
· genetic data; and
· biometric data where processes to uniquely identify a person;
· or the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings.
Special categories of personal data can only be processed if certain conditions are met. Gaining the explicit consent from the data subject is one condition that allows sensitive personal data to be handled. However, Assembly Members do not always need to obtain explicit consent to handle sensitive personal data in the course of constituency casework as legislation allows Members to handle that type of data in particular circumstances, For example, in order to take action in connection with casework requests made by constituents.
Anyone processing personal data must comply with the eight enforceable principles of good practice. These provide that personal data must be:
4.1 Processed fairly and lawfully.
4.2 Processed for limited and specified purposes and in an appropriate way.
4.3 Adequate, relevant and not excessive for the purpose.
4.4 Accurate and up-to-date.
4.5 Not kept longer than is necessary for the purpose for which it was collected.
4.6 Processed in line with data subjects’ rights.
4.7 Secure.
4.8 Not transferred to people or organisations situated in certain countries (including those outside of the EEA) without adequate protection.
5.1 The Act is not intended to prevent the processing of personal data, but to ensure that all processing is done fairly and without adversely affecting the rights of the data subject. The data subject must be told who the data controller is (in this case Joyce Watson AM), the purpose for which the data is to be processed by us, and the identities of anyone to whom the data may be disclosed or transferred.
5.2 For personal data to be processed lawfully, certain conditions have to be met. These may include, among other things, requirements that the data subject has consented to the processing, or that the processing is necessary for the legitimate interest of the data controller or the party to whom the data is disclosed.
6. Processing for limited purposes
6.1 Personal data may only be processed for the specific purposes notified to the data subject when the data was first collected or for any other purposes specifically permitted by the Act. This means that personal data must not be collected for one purpose and then used for another. If it becomes necessary to change the purpose for which the data is processed, the data subject must be informed of the new purpose before any processing occurs.
7. Adequate, relevant and non-excessive processing
7.1 Personal data should only be collected to the extent that it is required for the specific purpose notified to the data subject. Any data which is not necessary for that purpose should not be collected in the first place.
8.1 Personal data must be accurate and kept up to date. Information which is incorrect or misleading is not accurate and steps should therefore be taken to check the accuracy of any personal data at the point of collection and at regular intervals afterwards. Inaccurate or out-of-date data will be destroyed.
Personal data should not be kept longer than is necessary for the purpose for which it was collected initially. This means that data in manual files will be destroyed and electronic data erased from our systems when it is no longer required. I will retain all records in line with my retention schedule. I will keep a list of files which have been destroyed. For example all case work will be destroyed 2 years after the file has been closed.
10. Processing in line with data subjects’ rights
Data must be processed in line with data subjects’ rights. Data subjects have a right to:
(a) Request access to their personal data which is heldby a data controller. This is known as a Subject Access Request;
(b) Prevent the processing of their data for direct-marketing purposes.
(c) Ask to have inaccurate data amended.
(d) Prevent processing that is likely to cause damage or distress to themselves or anyone else.
(e) Erasure or to withdraw consent to share data with a third party
Dealing with subject access requests
A formal request from a data subject for information that we hold about them must be made in writing, either in hard copy or by email. Any member of staff who receives a written request for an individual’s personal data, they should forward it to Jane Hutt AM immediately.
11.1 We must ensure that appropriate security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. Data subjects may apply to the courts for compensation if they have suffered damage from such a loss.
11.2 The Act requires us to put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data may only be transferred to a third-party data processor where: the processing is carried out under a contract; the contract requires the data processor to comply with obligations equivalent to those imposed on the data controller; the data processor acts only on the instructions of the data controller; and the data controller monitors adherence to the arrangements.
11.3
11.3 Maintaining data security means guaranteeing the confidentiality, integrity and availability of the personal data. For the purposes of this policy, those terms are defined as follows:
(a) Confidentiality means that only people who are authorised to use the data can access it, and ‘confidential’ is to be construed in a similar way.
(b) Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
(c) Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data should therefore, for example, be stored only on IT equipment provided via the Assembly Commission and not on any individual PCs.
11.4 Security procedures include:
(a) Entry controls. Any stranger seen in entry-controlled areas should be reported.
(b) Secure lockable desks and cupboards. Desks and cupboards will be kept locked at all times if they hold confidential information of any kind. (Personal information is always considered confidential.)
(c) Methods of disposal. Paper documents should be shredded or via the arrangements put in place by the Assembly Commission. Paper documents must be retained securely pending shredding. Floppy disks and CD-ROMs should be physically destroyed when they are no longer required. Case files closed on the Assembly Caseworker programme will be archived and deleted in line with my retention schedule.
(d) Equipment. Data users will ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.
12. Providing information over the telephone
Any member of staff dealing with telephone enquiries should be careful about disclosing any personal information held by us. In particular they should:
(a) Check the caller’s identity to make sure that information is given only to a person who is entitled to it.
(b) Suggest that the caller put their request in writing if they are not sure about the caller’s identity and where their identity cannot be checked.
(c) Refer to the Office Manager for assistance in difficult situations. No-one should be bullied into disclosing personal information.
13. Casework
Casework involves processing Special Categories of Personal Data and before sharing data with third parties a signed form providing consent to do so is required from the data subject.
(a) Data will be collected by a member of staff or a volunteer who has signed the confidentiality paperwork only
(b) A new consent form is required for each new case
(c) After a case is closed the file will be archived for two years in case further issues arise before being destroyed using the confidential waste service.
14. Monitoring and review of the policy
14.1 This policy is reviewed bi-annually by Jane Hutt
14.2 We will continue to review the effectiveness of this policy to ensure it is achieving its stated objectives.
Hysbysiad preifatrwydd i’r etholwyr
1. Datganiad polisi
1.1 Mae gan bawb hawliau o ran sut y caiff ei wybodaeth bersonol ei thrin. Yn ystod fy ngweithgareddau byddaf i, a staff fy swyddfa (a gwirfoddolwyr) yn casglu, yn storio ac yn prosesu gwybodaeth bersonol am yr etholwyr rwy’n gweithredu ar eu rhan ac eraill rydym yn cyfathrebu â hwy er mwyn gweithredu dros etholwyr ac ar eu rhan yn unol â’m cyfrifoldebau fel aelod etholedig.
1.2 Mae’r mathau o wybodaeth y gall fod yn ofynnol i ni ei thrin yn cynnwys manylion etholwyr ac eraill rydym yn cyfathrebu â hwy (ar hyn o bryd ac yn y gorffennol). Mae’r wybodaeth, y gellir ei chadw ar bapur neu ar gyfrifiadur neu gyfryngau eraill, yn destun rhai mesurau diogelu cyfreithiol a bennir yn Neddf Diogelu Data 1998 (y Ddeddf), y Rheoliad Cyffredinol ar Ddiogelu Data a rheoliadau eraill. Mae’r rhain yn gosod cyfyngiadau ar sut y cawn ddefnyddio’r wybodaeth honno.
2.1 Mae’r polisi hwn yn nodi’r rheolau ar ddiogelu data a’r amodau cyfreithiol y mae’n rhaid eu bodloni mewn perthynas â chael, trin, prosesu, storio, cludo a dinistrio gwybodaeth bersonol.
2.2 Os ydych o’r farn na ddilynwyd y polisi mewn perthynas â data personol amdanoch chi neu eraill, dylech godi’r mater gyda’r Rheolwr Swyddfa i ddechrau.
3. Diffiniad o dermau diogelu data
3.1 Mae data yn wybodaeth sy’n cael ei storio’n electronig (er enghraifft ar gyfrifiadur, camera neu ffôn symudol) neu sy’n cael ei chadw â llaw nes ei throsglwyddo i ddyfeisiau electronig. Mae hefyd yn cynnwys rhai systemau ffeilio papur.
3.2 Mae gwrthrychau data, at ddiben y polisi hwn, yn cynnwys yr holl unigolion byw rydym yn dal data personol amdanynt. Mae gan yr holl wrthrychau data hawliau cyfreithiol mewn perthynas â’u data personol.
3.3 Mae data personol yn golygu unrhyw wybodaeth sy’n ymwneud â pherson naturiol sydd wedi’i adnabod neu y gellir ei adnabod (‘gwrthrych data’); person naturiol y gellir ei adnabod yn uniongyrchol neu’n anuniongyrchol, yn benodol drwy gyfeirio at adnabyddwr neu at un neu fwy o ffactorau sy’n benodol i hunaniaeth gorfforol, ffisiolegol, enetig, feddyliol, economaidd, ddiwylliannol neu gymdeithasol y person naturiol hwnnw.
3.4 Rheolwyr data yw’r bobl, neu’r sefydliadau, sy’n pennu at ba ddibenion y prosesir data personol, ac ym mha fodd y cânt eu prosesu. Mae cyfrifoldeb arnynt i sefydlu arferion a pholisïau yn unol â’r Ddeddf. Fi yw rheolwr data’r holl ddata personol a ddefnyddir yn fy swyddfeydd i’m galluogi i gyflawni fy rôl fel Aelod o Senedd Cymru
3.5 Mae defnyddwyr data yn cynnwys cyflogeion y mae eu gwaith yn cynnwys defnyddio data personol. Mae’n ddyletswydd ar ddefnyddwyr data i ddiogelu’r wybodaeth y maent yn ei thrin drwy ddilyn ein polisïau diogelu data a diogelwch ar bob adeg.
3.6 Mae proseswyr data yn cynnwys unrhyw berson, neu sefydliad, sy’n prosesu data personol ar ran rheolwr data. Un enghraifft fyddai darparwr cyflogres Comisiwn y Senedd. Mae cyflogeion rheolwyr data wedi’u heithrio o’r diffiniad hwn.
3.7 Ystyr prosesu yw unrhyw weithgarwch sy’n cynnwys defnyddio’r data. Mae’n cynnwys caffael, cofnodi neu ddal y data, neu gyflawni unrhyw weithred neu gyfres o weithredoedd ynghylch y data, gan gynnwys trefnu, diwygio, adfer, defnyddio, datgelu, dileu neu ddinistrio’r data. Mae prosesu hefyd yn cynnwys trosglwyddo data personol i drydydd partïon.
3.8 Ystyr categorïau arbennig o ddata personol yw data sy’n nodi’r canlynol am berson:
· tarddiad hiliol neu ethnig;
· barn wleidyddol;
· credoau crefyddol neu athronyddol;
· aelodaeth undeb llafur;
· iechyd neu fywyd rhywiol a chyfeiriadedd rhywiol;
· data genetig; a
· data biometrig pan brosesir y data i adnabod person yn unigryw;
· neu gomisiynu achos ar gyfer trosedd a gyflawnwyd, neu yr honnir iddi gael ei chyflawni gan y person hwnnw, dileu achos o’r fath neu ddedfryd llys mewn achos o’r fath.
Dim ond os bodlonir amodau penodol y caniateir prosesu categorïau arbennig o ddata personol. Mae cael cydsyniad penodol gan y gwrthrych data yn un amod sy’n caniatáu data personol sensitif i gael eu trin. Fodd bynnag, nid oes angen i Aelodau o’r Senedd bob amser gael cydsyniad penodol i drin data personol sensitif yn ystod gwaith achos etholaethol gan fod deddfwriaeth yn caniatáu i’r Aelodau drin y math hwnnw o ddata mewn amgylchiadau penodol, er enghraifft, er mwyn gweithredu mewn cysylltiad â cheisiadau gwaith achos a wneir gan etholwyr.
4. Egwyddorion diogelu data
Mae’n rhaid i unrhyw un sy’n prosesu data personol gydymffurfio ag wyth egwyddor arfer da y gellir eu gorfodi. Mae’r rhain yn darparu bod yn rhaid i ddata personol:
4.1 gael eu prosesu’n deg ac yn gyfreithlon.
4.2 cael eu prosesu at ddibenion cyfyngedig a phenodedig ac mewn ffordd briodol.
4.3 bod yn ddigonol, yn berthnasol, a heb fod yn ormodol at y diben.
4.4 bod yn gywir ac yn gyfoes.
4.5 bod heb eu cadw’n hwy nag sy’n angenrheidiol at y diben y cawsant eu casglu.
4.6 cael eu prosesu yn unol â hawliau’r gwrthrych data;
4.7 bod yn ddiogel.
4.8 bod heb eu trosglwyddo i bobl na sefydliadau mewn gwledydd penodol (gan gynnwys y rhai y tu allan i’r AEE) heb ddiogelwch digonol.
5. Prosesu mewn modd teg chyfreithlon
5.1 Nid bwriad y Ddeddf yw atal prosesu data personol, ond sicrhau y gwneir yr holl waith prosesu’n deg a heb gael effaith andwyol ar hawliau’r gwrthrych data. Mae’n rhaid dweud wrth y gwrthrych data pwy yw’r rheolwr data (Joyce Watson AC yn yr achos hwn), at ba ddiben y mae’r data i’w prosesu gennym, a hunaniaeth unrhyw un y gellir datgelu neu drosglwyddo’r data iddo.
5.2 Er mwyn i ddata personol gael eu prosesu’n gyfreithlon, mae’n rhaid bodloni amodau penodol. Gall y rhain gynnwys, ymhlith pethau eraill, fod y gwrthrych data wedi cydsynio i’r gwaith prosesu, neu ei fod yn angenrheidiol er mwyn buddiant dilys y rheolwr data neu’r parti y bydd y data’n cael eu datgelu iddo.
6. Prosesu at ddibenion cyfyngedig
6.1 Dim ond at y dibenion penodol yr hysbyswyd y gwrthrych data pan gasglwyd y data gyntaf y caniateir prosesu data personol, neu at ddibenion eraill a ganiateir yn benodol yn ôl y Ddeddf. Mae hyn yn golygu na chaniateir casglu data personol at un diben ac yna eu defnyddio at ddiben arall. Os bydd angen newid at ba ddiben y prosesir y data, mae’n rhaid hysbysu’r gwrthrych data o’r diben newydd cyn gwneud gwaith prosesu.
7. Prosesu digonol, perthnasol a heb fod yn ormodol
7.1 Dim ond i’r graddau bod eu hangen at y diben penodol a hysbysir i’r gwrthrych data y dylid casglu data personol. Ni ddylai data nad ydynt yn angenrheidiol at y diben hwnnw gael eu casglu yn y lle cyntaf.
8.1 Mae’n rhaid i ddata personol fod yn gywir a chael eu cadw’n gyfoes. Nid yw gwybodaeth sy’n anghywir neu’n gamarweiniol yn gywir, felly dylid cymryd camau i wirio cywirdeb data personol pan gânt eu casglu ac yn rheolaidd wedi hynny. Bydd data anghywir neu hen ddata’n cael eu dinistrio.
Ni ddylid cadw data personol yn hwy nag sy’n angenrheidiol at y diben y cawsant eu casglu’n wreiddiol. Mae hyn yn golygu y bydd data mewn ffeiliau â llaw yn cael eu dinistrio ac y bydd data electronig yn cael eu dileu o’n systemau pan nad oes eu hangen mwyach. Byddaf yn cadw’r holl gofnodion yn unol â’m hamserlen gadw. Byddaf yn cadw rhestr o ffeiliau sydd wedi’u dinistrio. Er enghraifft, bydd yr holl waith achos yn cael ei ddinistrio 2 flynedd ar ôl cau’r ffeil.
10. Prosesu yn unol â hawliau’r gwrthrych data
Mae’n rhaid i ddata gael eu prosesu yn unol â hawliau’r gwrthrych data; Mae gan wrthrychau data hawl i’r canlynol:
(a) Gofyn am fynediad i’w data personol a ddelir gan reolwr data. Cais Gwrthrych am Wybodaeth yw hyn.
(b) Atal eu data rhag cael eu prosesu at ddibenion marchnata uniongyrchol.
(c) Gofyn i ddata anghywir gael eu diwygio.
(d) Atal gwaith prosesu sy’n debygol o achosi niwed neu drallod iddynt hwy neu unrhyw un arall.
(e) Dileu cydsyniad i rannu data â thrydydd parti neu ei dynnu yn ôl
Ymdrin â cheisiadau gwrthrychau am wybodaeth
Mae’n rhaid i gais ffurfiol gan wrthrych data am wybodaeth rydym yn ei dal amdano gael ei wneud yn ysgrifenedig, naill ai ar ffurf copi caled neu drwy e-bost. Dylai unrhyw aelod o staff sy’n cael cais ysgrifenedig am ddata personol unigolyn, ei anfon ymlaen at Jane Hutt AS ar unwaith.
11.1 Mae’n rhaid i ni sicrhau y cymerir camau diogelu priodol rhag prosesu data personol yn anghyfreithlon neu’n ddiawdurdod, a rhag colli data personol yn ddamweiniol, neu eu difrodi. Caiff gwrthrychau data wneud cais i’r llysoedd am iawndal os ydynt wedi dioddef difrod o golled o’r fath.
11.2 Mae’r Ddeddf yn ei gwneud yn ofynnol i ni roi gweithdrefnau a thechnolegau ar waith i gynnal diogelwch yr holl ddata personol o’r adeg pan gânt eu casglu nes eu dinistrio. Dim ond i brosesydd data trydydd parti y caniateir trosglwyddo data personol: pan wneir y gwaith prosesu dan gontract; pan fo’n ofynnol dan y contract i’r prosesydd data gydymffurfio â rhwymedigaethau sy’n cyfateb i’r rhai a osodir ar y rheolwr data; pan fo’r prosesydd data yn gweithredu ar gyfarwyddiadau’r rheolwr data yn unig; a phan fo’r rheolwr data yn monitro i sicrhau y dilynir y trefniadau.
11.3 Mae cynnal diogelwch data yn golygu gwarantu cyfrinachedd, uniondeb ac argaeledd y data personol. At ddibenion y polisi hwn, diffinnir y termau hynny fel a ganlyn:
(a) Mae cyfrinachedd yn golygu mai dim ond pobl sydd wedi’u hawdurdodi i ddefnyddio’r data sy’n cael mynediad ati, ac mae ‘cyfrinachol’ i’w ddehongli mewn ffordd debyg.
(b) Mae uniondeb yn golygu y dylai data personol fod yn gywir ac yn addas at y diben y’u prosesir.
(c) Mae argaeledd yn golygu y dylai defnyddwyr awdurdodedig allu cael mynediad at y data pan fydd arnynt eu hangen at ddibenion awdurdodedig. Felly, er enghraifft, dim ond ar offer TG a ddarperir drwy Gomisiwn y Senedd y dylid storio data personol, nid ar gyfrifiaduron personol unigol.
11.4 Mae’r gweithdrefnau diogelwch yn cynnwys:
(a) Rheolaethau mynediad. Dylid rhoi gwybod am unrhyw ddieithryn a welir mewn mannau y rheolir eu mynediad.
(b) Desgiau a chypyrddau diogel y gellir eu cloi. Bydd desgiau a chypyrddau’n cael eu cadw dan glo ar bob adeg os ydynt yn dal unrhyw fath o wybodaeth gyfrinachol. (Ystyrir bod gwybodaeth bersonol bob amser yn gyfrinachol.)
(c) Dulliau gwaredu. Dylai dogfennau papur gael eu rhwygo neu eu gwaredu drwy’r trefniadau a roddir ar waith gan Gomisiwn y Senedd. Mae’n rhaid cadw dogfennau papur yn ddiogel nes eu rhwygo. Dylai disgiau hyblyg a gyriannau CD-ROM gael eu dinistrio’n ffisegol pan nad oes eu hangen mwyach. Bydd ffeiliau achos sydd wedi’u cau ar raglen gweithiwr achos y Senedd yn cael eu harchifo a’u dileu yn unol â’m hamserlen gadw.
(d) Offer. Bydd defnyddwyr data yn sicrhau nad yw monitorau unigol yn dangos gwybodaeth gyfrinachol i bobl sy’n mynd heibio a’u bod yn allgofnodi o’u cyfrifiadur personol pan fydd yn cael ei adael heb oruchwyliaeth.
12. Rhoi gwybodaeth dros y ffôn
Dylai unrhyw aelod o staff sy’n ymdrin ag ymholiadau dros y ffôn fod yn ofalus am ddatgelu unrhyw wybodaeth bersonol a ddelir gennym. Yn benodol dylai wneud y canlynol:
(a) Gwirio hunaniaeth y galwr i sicrhau mai dim ond i berson sydd â hawl iddi y rhoddir gwybodaeth.
(b) Awgrymu y dylai’r galwr gyflwyno ei gais yn ysgrifenedig os nad yw’n siŵr pwy yw’r galwr a phan na ellir gwirio ei hunaniaeth.
(c) Gofyn i’r Rheolwr Swyddfa am gymorth mewn sefyllfaoedd anodd. Ni ddylid bwlio neb i ddatgelu gwybodaeth bersonol.
13. Gwaith achos
Mae gwaith achos yn cynnwys prosesu Categorïau Arbennig o Ddata Personol a, chyn rhannu data â thrydydd partïon, mae angen ffurflen wedi’i llofnodi gan y gwrthrych data sy’n rhoi cydsyniad i wneud hynny.
(a) Dim ond gan aelod o staff neu wirfoddolwr sydd wedi llofnodi’r gwaith papur cyfrinachedd y cesglir data
(b) Mae angen ffurflen gydsynio newydd ar gyfer pob achos newydd
(c) Ar ôl cau achos, bydd y ffeil yn cael ei harchifo am ddwy flynedd rhag ofn y bydd rhagor o faterion yn codi cyn dinistrio’r ffeil drwy ddefnyddio’r gwasanaeth gwastraff cyfrinachol.
14. Monitro ac adolygu’r polisi
14.1 Adolygir y polisi hwn bob yn ail flwyddyn gan Jane Hutt
14.2 Byddwn yn parhau i adolygu effeithiolrwydd y polisi hwn i sicrhau ei fod yn cyflawni ei amcanion datganedig.
janehutt.wales 