Data Protection - Security Measures

The Council has implemented appropriate security measures in line with the Data Protection Act 1998. In particular unauthorised staff and other individuals are prevented from gaining access to personal information. Appropriate building security is in place with visitors being received and supervised when outside public areas, where information about individuals is stored. Computer systems are installed with password controls and, where necessary, audit and access trails to establish each user is fully authorised. In addition, employees are fully informed about overall security measures and the importance of their role in the success of those measures. Security arrangements are reviewed regularly. All new computer systems will be designed to provide appropriate security measures for the level of personal data being processed. The necessary level of security for each new system will be judged on the sensitivity of the data to be administered, and this will be brought to the attention of third party suppliers when tendering for new systems, and will be part of any new contracts.

Officers of the Council will not under any circumstances take sensitive personal data home, or access personal data from home, for use on home computers, or on a Council laptop/notebook PC. This information will not be downloaded, carried home on diskettes/CDs/tapes, printed out and carried home, or e-mailed to ones' own e-mail address. The Council is covered to hold personal data, for the notified purpose(s) and although the processing may be legal, the appropriate security measures, as discussed above, would not be in place to do such processing at home. The processing/carrying of some information may be permitted, but this will be judged on an individual basis, and there must be adequate security arrangements for the level of data, for example, password protection or encryption. Employees must check with the Council's DP Officer for guidance