Information Governance Policy

1. Introduction

It’s Your Mojo is an online digital platform to provide extracurricular activities to children. This information governance policy has been developed to give assurances that It’s Your Mojo will handle all information in a confidential and secure manner and in accordance with relevant quality and legislation standards appropriate to operating a online platform.

 

It’s Your Mojo will establish and maintain policies and procedures to ensure compliance with requirements contained in the Data Protection Act 2018 (DPA) and General Data Protection Regulations (GDPR) and accompanying guidance from the Information Commissioner’s Office. It’s Your Mojo is registered with ICO.

2. Principles of Information Governance

We recognise the need for an appropriate balance between openness and confidentiality in the management and use of information. It is important to ensure high standards of data protection and confidentiality to safeguard personal/sensitive and commercially sensitive information.

 

Underpinning this is the integrity need for electronic and paper information to be accurate, relevant, and available to those who need it. Staff must ensure at all times that high standards of data quality, data protection, integrity, confidentiality and records management are met in compliance with the relevant legislation guidance.

 

Under the GDPR and DPA there are seven principles to govern how person-identifiable information is processed: Lawfulness, fairness and transparency Purpose Limitation Data Minimisation Accuracy. Storage Limitation. Integrity and confidentiality (security). 

​3. Purpose

Personal data is defined as Information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Special category data (formerly known as sensitive data) is more sensitive, and so needs more protection. For example, information about an individual’s: race; ethnic origin; politics; religion; trade union membership; genetics; biometrics (where used for ID purposes); health; sex life; or sexual orientation. It’s Your Mojo doesn’t request any such information from its staff, children or parents.

 

It is the responsibility of all staff to familiarise themselves with this policy and adhere to its information governance principles.

4. Our approach to Information Governance (IG)

We undertake to implement IG effectively and will ensure the following: 

  • Information will be protected against unauthorised access; 

  • Confidentiality of information will be assured; 

  • Integrity of information will be maintained; 

  • Information will be supported by the highest quality data; 

  • Regulatory and legislative requirements will be met; 

  • Business continuity plans will be produced, maintained and tested; 

  • IG training will be available to all staff as necessary to their role; 

  • All breaches of confidentiality and information security, actual or suspected, will be reported and investigated.

5. Legal Compliance

  a)  All identifiable personal information relating to service users is confidential. 

  b)  All identifiable personal information relating to staff is confidential except where national policy on accountability and openness requires otherwise. 

  c)  We will establish and maintain policies to ensure compliance with the Data Protection Act 1998, Human Rights Act 1998 and the Common Law Duty of Confidentiality. 

  d)  We will establish and maintain policies for the controlled and appropriate sharing of service user and staff information with other agencies, taking account of relevant legislation (e.g. Health and Social Care Act 2012, Crime and Disorder Act 1998, etc.).

 

6. Information Security

  • We will establish and maintain policies for the effective and secure management of its information assets and resources. 

  • We will undertake or commission annual assessments and audits of our information arrangements. 

  • We will promote effective confidentiality, security and information sharing practices to our staff through policies, procedures and training. We will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security.

 

7. Information Quality Assurance

  • We will establish and maintain policies and procedures for information quality assurance and the effective management of records. 

  • Wherever possible, information quality should be assured at the point of collection. For example, when employing new staff all details taken should be thoroughly checked to ensure accuracy. 

  • Data will be stored and recorded in line with Data Standards legislation – i.e. the Data Protection Act 1998. 

  • We will promote information quality and effective records management through policies, procedures/user manuals and training.

 

8. Responsibilities

The designated Information Governance Lead for the organisation is Prity Agarwal.

The key responsibilities of the lead are: 

  • To define It’s Your Mojo’s policy in respect of IG and ensuring that sufficient resources are provided to support the requirements of the policy. 

  • Developing and implementing IG procedures and processes for the organisation. 

  • Raising awareness and providing advice and guidelines about IG to all staff; 

  • Ensuring that any training made available is taken up; 

  • Coordinating the activities of any other staff given data protection, confidentiality, information quality, records management and Freedom of Information responsibilities; 

  • Ensuring that service user data is kept secure and accurate and that all data flows, internal and external, comply with the data policies;

  • Monitoring information handling in the organisation to ensure compliance with law, guidance and the organisation’s procedures; 

  • Ensuring service users are appropriately informed about the organisation’s information handling activities; 

  • Overseeing changes to systems and processes; 

  • Incident reporting. 

  • Ensuring that sufficient resources are provided to support the effective implementation of IG in order to ensure compliance with the law and professional codes of conduct.

 

All staff, whether permanent, temporary or contracted, and contractors are responsible for ensuring that they are aware of and comply with the requirements of this policy and the procedures and guidelines produced to support it.

 

These procedures have been approved by the undersigned and will be reviewed on an annual basis.

 

Name: Prity Agarwal ; Email: prity@itsyourmojo.com