Our service users have a right to expect that their data will only be used for the specific reasons it was collected, and these reasons are set out in our privacy notices.
As part of your role, you may have access to case management systems containing large amounts of personal data. Individual access to case management systems can and will be audited – you must never access personal data without a legitimate business need to do so.
Unauthorised access to records without a proper justification is never acceptable and will lead to disciplinary action. In some cases, it can also lead to a criminal conviction, as the recent case involving an officer from St Helens Borough Council demonstrates.
As part of their ongoing commitment to the council’s strong data protection culture, the Data Protection Officer and Caldicott Guardian will consider notifying the Information Commissioner’s Office (ICO) where an employee has been found to have accessed personal information unlawfully.
You should all be familiar with your data protection and information governance responsibilities, however, you can refresh your knowledge with the following resources:
- What is personal data?
- Safe haven guidance
- Corporate data protection policy
- ICT acceptable use policy
If you are unsure if there is a legitimate business need you should speak to your manager to clarify this before accessing material.
You can notify the data breach team of any suspicious behaviour or concerns, no matter how small, by reporting a security incident.
Thank you for playing your part to keep our personal data safe.