University information about Data Protection & Freedom of Information is available here.
Data Protection (DPA) and Freedom of Information Act (FOI) in the Library
1. Sources of personal data held by or accessible by Library and Digital Support
1.1 Library Management System
Within the library, most user data is held on Alma. We cannot disclose to anyone other than the student or member of staff concerned, who has a particular item on loan, who has placed a reservation on an item or any personal details such as home addresses. Staff should be satisfied that any release of data of this kind should be supported by corresponding identification such as a current University card or Associate library card. Staff may disclose information to other staff within LDS for specified administrative tasks, e.g. overdue procedures. The sensitivity of data held should determine its level of security and confidentiality.
Students wishing to access to the data we hold on them should be encouraged to use
“Your account” section on Alma. We would maintain the right to levy an administrative charge if we are asked to provide any further information by users (e.g. borrowing or overdue charges history. After a student has left the University, all data about them held on Alma is deleted unless they have outstanding charges or overdue loans which we may then pursue.
1.2 Student Record System
The Student Record System (UnitE) contains confidential personal data and assessment marks. Only designated library staff have access and can only log on to the system using their individual username and password.
Data seen must not be disclosed to others except for clearly defined work purposes, e.g. to determine which course a student is studying; identify an external address for correspondence, etc.
1.3 Manual records
The Library holds files on library users as follows:
CCTV is in operation in the Plymouth library building. Images are held for no longer than 7 days, after which they will be erased. Access to, and disclosure of, images recorded by CCTV is restricted and carefully controlled.
2. Access Control System
An access control system is in operation at the Plymouth library for the safety and security of authorised users. A transaction log is stored electronically and viewing of this is strictly restricted. It may be viewed for the purposes of crime prevention and detection and to facilitate administration of the system. Data is held for no longer than 14 days after which they are deleted.
Normally, the University is not authorised to release any information about a student or member of staff (or any other individual on whom it holds personal information) to anyone except that individual. Unauthorised disclosure of information is not only a breach of the Data Protection Act, for which the University could be liable, but also breaches the undertaking of confidentiality to staff and students.
This applies even if the request for information comes from a relative, partner, colleague or close friend of the student/ staff member.
The University may disclose personal information to a third party if it has the specific written consent of the individual to whom the personal information relates. Written consent should identify the named individual(s) and the type of information which can be released, e.g. address, items on loan, etc and whether the request for information will be ongoing. Staff should verify the identity of the enquirer whenever possible. Library staff should not enter into correspondence with parents or partners, etc over missing items, overdue charges, etc, without the written consent of the student