Our service users have a right to expect that their data will only be used for the specific reasons it was collected, and these reasons are set out in our privacy notices.
As part of your role, you may have access to case management systems containing large amounts of personal data. Individual access to case management systems can and will be audited – you must never access personal data without a legitimate business need to do so.
Unauthorised access to records without a proper justification will lead to disciplinary action. In some cases, it can also lead to a criminal conviction resulting in up to 2 years imprisonment. In a recent case, a former health advisor was found guilty of illegally accessing patient records and was ordered to pay compensation.
As part of their ongoing commitment to the council's strong data protection culture, the Data Protection Officer and Caldicott Guardian will consider notifying the Information Commissioner's Office (ICO) where an employee has been found to have accessed personal information unlawfully.
You should all be familiar with your data protection and information governance responsibilities but please take time to refresh your knowledge.
If you are unsure if there is a legitimate business need you should speak to your manager to clarify this before accessing material.
You can notify the data breach team of any suspicious behaviour or concerns, no matter how small, by reporting a security incident.
Thank you for playing your part to keep our personal data safe.