Information is a major asset that Temple Cloud with Cameley Parish Council has a duty and responsibility to protect.
The purpose and objective of this Information Protection Policy is to specify the means of information handling and transfer within the Council.
The Information Protection Policy applies to all Councillors, Committees, Employees of the Council, contractual third parties and agents of the Council who have access to Information Systems or information used for Temple Cloud with Cameley Parish Council purposes. Information takes many forms and includes:
- hard copy data printed or written on paper
- data stored electronically
- communications sent by post / courier or using electronic means
- stored tape or video
3 Information Storage
- All electronic information will be stored on centralised facilities to allow regular backups to take place.
- Information will not be held that breaches the Data Protection Act (1998) or formal notification and guidance issued by Temple Cloud with Cameley Parish Council. All personal identifiable information will be used in accordance with the Caldicott Principles.
- Records management and retention policy will be followed.
- Staff should not be allowed to access information until line managers are satisfied that they understand and agree the legislated responsibilities for the information that they will be handling.
- Databases holding personal information will have a defined security and system management policy for the records and documentation.
- This documentation will include a clear statement as to the use, or planned use of the personal information, which is cross-referenced to the Data Protection Notification.
- Files which are listed by Temple Cloud with Cameley Parish Council as a potential security risk should not be stored on the network, except for in designated application storage areas. To facilitate this Temple Cloud with Cameley Parish Council will implement an electronic File security solution.
4 Disclosure of Information – Computer and Paper Based
- The disclosure of personal information to other than authorised personnel is forbidden. If there is suspicion of a Member or employee treating confidential Council information in a way that could be harmful to the Council or to the data subject, then it is be reported to the Data Control Officer (Clerk) who will take appropriate action.
- Do not remove printed information from premises without the express consent of the information owner. Consent will only be given in exceptional circumstances
- Protectively marked, personal or sensitive documents are not to be left unattended and, when not in use, are to be locked away and accessed only by authorised persons.
- Disposal methods for waste computer printed output and other media must be in accordance with Temple Cloud with Cameley Parish Councils disposal policy.
- Distribution of information should be via the most secure method available.
5 Disclosure of Information – Telephone, Fax and E-mail
Where this involves the exchange of sensitive information then the following procedures will be applied.
6 Telephone calls:
- Verify the identification of members before disclosing information. If in doubt, return their call using a known telephone number.
- For external callers, verify their identity and their need to know the requested information. Telephone them back before releasing information and ask the caller to provide evidence of their identity.
- Ensure that you are authorised to disclose the information requested.
- Ensure that the person is entitled to be given this information.
- Ensure that the information you give is accurate and factual.
7 Fax transmissions:
Fax should not be used to transmit personal or sensitive information.
8 Disclosure of information by email:
- Personal or sensitive information is at risk if sent outside of the Council’s network.
- If an e-mail is sent to an address that is not a Council domain address the email will be delivered through the public network and the message may be left at several locations on its journey and could be deliberately intercepted.
- Email should not be used for sending personal or sensitive information unless technical measures are in place to keep the message secure.
- The sender should be satisfied of the identity of the recipient, if in doubt the email should not be sent and alternative methods should be used.
- No identifiable personal information should be included when sending on emails.
- The recipient of Temple Cloud with Cameley Parish Council emails are prohibited from being forwarded, copied or blind copied to any third party within or outside of the Council.
- Any Councillor email contact with a member of the public shall be directed to the Clerk for the attention of Temple Cloud with Cameley Parish.
9 Sharing of Personal Information
- Information relating to individuals shall not be shared with other authorities without the agreement of the Data Control Officer.
- Staff should be aware of their responsibilities to be able to justify the sharing of information and to be able to maintain security when transferring information in person, by email, phone or post.