Data protection policy
It is the policy of Arriva plc to ensure that all data which meets the criteria for registration is registered and that all principles of data protection are correctly and fully complied with. It is a business unit accountability to register with the Information Commissioner at the Data Protection Commission.
It is the responsibility of every manager to ensure that all personal information in respect of employees, customers and suppliers is maintained properly and that data stored either electronically or manually is kept secure and free from access by unauthorised persons.
Personal information on Arriva employees may not be disclosed to external organisations without the express permission of the person concerned, unless this is required by a statutory body e.g. Inland Revenue or Benefits Agency. Where appropriate, information may be provided for equal opportunities monitoring and employment references, but personal information should only be divulged to other employees, managers or directors if they have a business need for the information and are entitled to receive it.
Unauthorised disclosure of personal information will constitute a disciplinary offence which, in serious cases, may lead to dismissal. Both Arriva plc, and the individual who disclosed the information, will be liable for prosecution.
