Skip to content

Information security policy

Information is an asset, which has a value to the organisation and as such needs to be suitably protected from a wide range of threats in order to ensure business continuity, minimise damage and maximise opportunity.

We have a responsibility to ensure that person-identifiable information is held securely and that confidentiality is respected and safeguarded.

Information security is characterised as the preservation of:

  • confidentiality - ensuring that information is available only to those who have the authorisation to have access
  • integrity - safeguarding the accuracy and completeness of information and processing methods
  • availability - ensuring that authorised users have access to information and associated assets when required

It's important that all staff take responsibility for the information we deal with on a daily basis. If you lose or misuse data there can be serious consequences - even if it's accidental.

Breaching the Data protection Act can lead to huge fines for local authorities, up to £500,000 in some cases.

We have a reporting process that staff should use if they discover an information breach.

Some examples of security breaches are:

  • someone's personal data left on a shared printer, desk or public area
  • someone's personal data is lost, for example, from a stolen laptop, memory stick or briefcase
  • someone's personal data is sent to the wrong recipient via post, email or fax
  • someone's personal data is inadequately disposed of after it is no longer required