The objective of the Social Insurance Administration's (TR) personal data protection policy is to emphasise personal protection by ensuring the lawful, fair, and transparent treatment of all personal data.
Personal data is only collected for clearly defined purposes and its processing is limited to what is necessary. In addition, the information must be reliable, updated as necessary and safely stored. All personal data held by TR and agencies must be protected from internal and external threats, whether they are caused by intentional or negligent acts.
In this connection, reference is also made to TR’s information security policy. The implementation of the policy is important to assure the government, customers, employees and partners that TR manages the security and protection of personal data in its custody responsibly. The data protection policy is part of the administrative structure at TR.
TR operates in full compliance with laws and regulations on personal protection.
Data protection shall be observed in the treatment of personal data in all activities of the institution and services provided by TR, whether it is in the course of work for themselves, statistical information or professional audits.
Data protection considerations shall be taken into account in all computer systems and software owned by or operated by TR.
Data protection shall be observed in the collection and dissemination of information to partners and professional bodies through secure electronic means.
That personal data is only collected, stored and processed is considered necessary to meet the conditions of the law that TR is charged with enforcing.
To protect the personal data of TR customers in a structured manner.
To further protect sensitive health personal data, so that access to them is controlled by special access controls. Access controls are such that no one can access them except those who need it directly for their work.
To ensure the protection, accuracy, transparency and accessibility of individuals to their own data and information held by TR.
To ensure that personal data is not passed on to the unaccountable.
To promote employee, partner, customer and guest personal data protection awareness.
The director, the personal data protection officer, the quality manager, the security manager, the executive directors and the county officials ensure that the personal data protection policy is followed.
Employees of TR and agents, contractors and service providers are required to work according to the Data Protection Policy.
The insurance institution shall promote the implementation of this policy through measures in accordance with the work and responsibilities of the employees, contractors and service providers concerned.
A deviation and weaknesses due to data protection shall be notified to the data protection officer or to the next officer, who shall forward the information to the data protection officer without delay.
The Social Insurance Administration emphasizes personal protection in its work by ensuring the lawful, fair and transparent treatment of personal data. Personal data shall only be collected for clearly defined purposes and their processing shall be limited to what is necessary.
TR Privacy policy
The Social Insurance Administration maintains a record of the institution's processes, which includes references to legal provisions, necessary data collection from both the applicant and the sources from which the Administration obtains data, as well as the regular oversight applied to each type of benefit.
The Social Insurance Administration uses Siteimprove for web measurements. When each visit is made to the website, several items are recorded, such as time and date, search terms, from which site the visit is made and the creation of a browser and a control system. These information can be used for improvements and development of the website, for example to identify which content users seek most and more. No further information is collected about each visit and no attempt is made to link such information to other identifiable information.
On My pages, you can see what information the institution has about the individual in question, i.e. information from the National Register on residence and family circumstances, bank account, list of payment methods, as well as the letters sent by the institution. You can log in to My pages with an ice key or electronic ID.
In the premises of the Social Insurance Administration at Hlíðarsmára 11 in Kópavogur, electronic monitoring is carried out. Monitoring is carried out for security and property protection purposes, but CCTV cameras have been installed at the entrance to the institution, in the service center and outside the building. These cameras monitor the parking space and the stands at the institution's 1st and 2nd floors. Electronic monitoring is also carried out with the recording of telephone calls in the institution's telephone center. In the monitoring in question, care is taken to respect the privacy rights of those subject to monitoring and to avoid any unnecessary interference in their privacy.
More on the handling of personal data
The insurance institution manages the security and protection of personal data held by the institution responsibly and guarantees that the personal data held by the institution will be safely stored and that no unauthorised person will have access to them.
Personal data is only collected for clearly defined purposes and its processing is limited to what is necessary. In addition, the information must be reliable, updated as necessary and safely stored.
The Agency operates in full compliance with laws and regulations that apply to personal protection.
To ensure that the above is true, the Authority has taken the following measures:
Access to the institution's information and computer systems is controlled so that employees have only access to the systems and issues that they need to do their job, such as access to sensitive personal data.
An information security policy has been established, which states that the agency stores and maximises the security of information and protects information in TR's custody from internal and external threats, whether they are caused by intent or negligence.
The Authority has established procedures on how employees are to react in the event of a security breach or suspected security breach.
Data is securely stored in the computer and information systems of the Institute, in accordance with special rules and for this purpose, as applicable on paper. Data is only deleted with a gauze permit from the National Archives, but the Agency is required to keep its records in accordance with the Public Archives Act, and the Agency is required to return it to the National Archives.
All employees are bound by confidentiality obligations regarding their work. They sign a pledge of confidentiality when they begin working for the Institute. In addition, those who have access, in the course of their work, to sensitive personal data sign a special declaration of confidentiality. Employees also receive regular education on the handling of data and the importance of data protection.
Privacy officer
The Data Protection Officer of the Social Insurance Administration receives suggestions and answers questions that may arise regarding personal protection at the email address personuvernd@tr.is.