Appropriate policy document

Principle 6 - kept secure

Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

We will ensure that there appropriate organisational and technical measures in place to protect personal data.

  • we adhere to the government's minimum cyber security standards and implement information security controls in line with the public sector network, payment card industry and data security protection toolkit
  • our information governance group meets regularly to ensure suitable information security governance is deployed throughout the council
  • employees working with or accessing data on vulnerable clients are required to undertake a disclosure and barring service (DBS) check, and employees looking after our IT network are vetted in line with HMG baseline personnel security standard
  • technical security controls such as encryption are employed to secure sensitive information within systems
  • role-based access controls are implemented to restrict access to sensitive data

Where possible, anonymisation or pseudonymisation are used to reduce the risk of sensitive data being compromised.