Data protection policy

The Council implements appropriate technical and organisational measures to ensure a level of security appropriate to the risks.

All staff are responsible for ensuring that any personal data which they hold is kept securely and that they are not disclosed to any unauthorised third parties.

All personal data should be accessible only to those who need to use it. To ensure an appropriate level of security, we will consider the following:

• storing the data in a secure access controlled room
• storing the data in a locked drawer or filing cabinet
• if computerised, we will limit accessibility and ensure it is kept on a secure system
• if it is required to be taken off site, storage will be considered on an encrypted disk or where it is in paper form, in a locked case
• care will be taken to ensure that PCs and screens are only visible to authorised individuals
• computer passwords will be kept confidential

We ensure that care is taken with the safe disposal or deletion of data ensuring systematic and secure destruction in line with the Council's Records Management policy and the Retention Schedule.

Where data is transferred to a third-party individual or organisation, we take steps to ensure that the data remains secure both in transit and upon receipt. We cannot however be held responsible for data once it reaches the third party unless they are an authorised data processor for the Council, in which case we take due diligence to ensure they meet Council standards of security.

The Council has in place measures which ensure compliance with security requirements.

The Council is committed to ensuring that any data breaches are promptly reported internally and robustly investigated by the Data Protection Officer and that mitigating steps are taken at the earliest opportunity. Where legally required the Data Protection Officer will notify the Information Commissioner's Office of any relevant breaches in line with the Council's Breach Notification Procedure.