Members of the Data Protection Authority have a key role to play in the success of the ODPA and this code of conduct sets out the high standards expected of them.
Code of Practice for Members of the Guernsey Data Protection Authority
The Authority is a statutory body created by The Data Protection (Bailiwick of Guernsey) Law, 2017 (“the DP Law”) which sets out its responsibilities. This Code of Practice sets out the values and standards of behaviour expected of members of the Authority. It will be reviewed by the Authority at least once during the tenure of each Chair.
Public Service Values
Members of the Authority have collective responsibility for the operations of this independent public body. Members should:
aim to reach well-balanced judgements in a collegiate, impartial, objective and transparent manner;
observe high standards of honesty, probity, integrity, resilience and determination in their deliberations and in their personal conduct on Authority business;
engage fully in collective consideration of the issues, taking account of the full range of relevant factors;
be accountable through the Committee for Home Affairs to the States of Deliberation and to the public more generally for the activities of the Authority.
Standards of Conduct
Members of the Committee must:
observe the “Nolan Principles” which are annexed to this Code of Practice.
comply with this Code and any protocols or procedures derived from it and ensure that they understand their duties, rights and responsibilities, and that they are familiar with the functions and role of the Authority;
not misuse information gained in the course of their membership of the
Authority for personal gain or for political purpose, nor seek to use the opportunity of membership to promote their private interests or those of connected persons, firms, businesses or other organisations; and
not hold any paid or high-profile unpaid office in a political party,
and not engage in specific political activities on matters directly
affecting the work of the Authority.
Communications between the Authority and the Committee for Home Affairs and the States of Deliberation will generally be through the Chair, except where the Authority has agreed that an individual member should act on its behalf. Nevertheless, any Authority member has the right to approach that Committee or the States on any matter (including the conduct of the Chair) which he or she believes raises important issues relating to his or her duties as an Authority member. In such cases the agreement of the other members of the Authority should normally be sought.
Individual Authority members can only be removed from office in accordance with the relevant provisions of Schedule 6 of the DP Law.
The Role of the Chair
The Chair has particular responsibility for providing effective leadership on the issues above. In addition to his specific responsibilities set out in the DP Law, the Chair is responsible for:
ensuring that the Authority meets at appropriate intervals, and that the minutes of meetings accurately reflect the decisions taken and, where appropriate, the views of individual Authority members;
representing the views of the Authority to the general public;
ensuring that new Authority members are briefed on appointment; and
conducting regular assessments of the performance of each Authority member.
Regular assessments of the performance of the Chair will be carried out by 2 voting members of the Authority, selected through agreement of all voting members.
Handling media relations
The Data Protection Commissioner has the main responsibility for fielding media inquiries and issuing press releases. Media interviews will normally be conducted by the Commissioner or (exceptionally) the Chair. Authority members should liaise with the Commissioner or, in his or her absence, with the Chair over any request for interviews or lines to take.
Likewise, members should consult the Commissioner or the Chair before commenting on Authority or related matters using social media. The conduct expected within a digital medium is no different to the conduct members should employ in other methods of communication, such as face-to-face meetings and written correspondence (even when using a personal account).
Members should ensure that all information received from or about the Authority is handled with great care. Sensitive or confidential information, whether in electronic or hard copy form, should be kept securely at all times and destroyed or deleted as soon as no longer needed. Particular care is needed with any personal data, where any mishandling could damage the Authority’s reputation. This is reinforced by Section 90 of the DP Law (“Duty of Confidentiality”) - see below.
Conflicts of interests
The purpose of the following provisions is to address the specific requirements of Schedule 6 of the DP Law and to avoid any danger of Authority members being influenced, or appearing to be influenced, by their private or other interests in the exercise of their public duties.
Registration of interests
All Authority members should disclose in the Authority’s Register of Interests any direct or indirect personal interest which does or could relate to the Authority’s activities or deliberations, which might influence their judgement or which could be perceived (by a reasonable member of the public) as doing so.
In particular, Authority members must disclose details of:
any paid employment or occupation;
any entity of which he/she is a member, director or office-holder;
relevant personal direct and indirect pecuniary interests; and
relevant direct or indirect interests of close family members.
Disclosure in the Authority’s Register of Interests will be treated as a “general notice” for the purposes of Paragraph 9(2) of Schedule 6 of the DP Law.
The Register of Interests should be kept up to date and will be open to public inspection.
Oral declaration of interests
An oral declaration of any relevant private or other interest should be made at any Authority meeting if it relates specifically to a particular issue under consideration and should be recorded. Where appropriate, the Member should withdraw, voluntarily or upon request, from the meeting and from discussion of that issue outside any meeting if their participation would involve a conflict of interest or could be perceived (by a reasonable member of the public) as doing so.
Gifts and Hospitality
Members should exercise the utmost care in accepting hospitality or gifts where there could be a real or perceived conflict with their membership of the Authority. They should declare all such gifts or hospitality (whether accepted or not).
Members are expected to make every effort to attend meetings of the Authority in order to ensure timely discussion of relevant issues. The Authority’s membership currently comprises 6 members. This means that, in accordance with Schedule 6 of the DP Law, the Authority has a quorum of 4. Should a quorum not be possible, the Chair may decide to postpone a meeting or, if urgent business requires it, consider and take decisions by e-mail or tele-conferencing or by circulation of papers.
Personal liability of Committee members
Legal proceedings against individual Authority members are likely to be very exceptional.
Where an individual Authority member has acted honestly, reasonably, in good faith, in accordance with their statutory duties and without negligence the Commercial Directors and Officers Liability Insurance Policy is intended to ensure that he or she will not have to meet out of their own personal resources any personal civil liability which is incurred in execution or purported execution of their Authority functions. This includes the costs of defending proceedings. Authority members who need further advice should consult the Commissioner or the Chair in the first instance.
However, an Authority member may in some circumstances be personally guilty of an offence under Section 90 of the DP Law (“Duty of Confidentiality”) if he or she unlawfully uses or discloses information about an identifiable individual or organisation which was acquired through membership of the Authority. This duty of confidentiality continues after membership.
An Authority member may also be personally liable if he or she makes a fraudulent or negligent statement which results in a loss to a third party, commits a breach of confidence under common law or commits a criminal offence under insider dealing legislation.
Authority members who need further advice should consult the Chair or the Commissioner in the first instance and should immediately make such contact as soon as any allegation or claim is made.
Each member of the Authority is expected to follow the Seven Nolan Principles of Public Life, which are set out below, and should be able to demonstrate their ability to meet these Principles:
Holders of public office should act solely in terms of the public interest.
Holders of public office must avoid placing themselves under any obligation to people or organisations that might try inappropriately to influence them in their work. They should not act or take decisions in order to gain financial or other material benefits for themselves, their family, or their friends. They must declare and resolve any interests and relationships.
Holders of public office must act and take decisions impartially, fairly and on merit, using the best evidence and without discrimination or bias.
Holders of public office are accountable to the public for their decisions and actions and must submit themselves to the scrutiny necessary to ensure this.
Holders of public office should act and take decisions in an open and transparent manner. Information should not be withheld from the public unless there are clear and lawful reasons for so doing
Holders of public office should be truthful.
Holders of public office should exhibit these principles in their own behaviour. They should actively promote and robustly support the principles and be willing to challenge poor behaviour wherever it occurs.
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance