Data Protection Policy

4.1    In order to protect the personal information held and processed, the council will:
•    ensure its use of technology is compliant with the Public Service Network Compliance (PSN);
•    ensure the regular review, update and compliance with IT policies;
•    ensure all electronically stored personal data is password protected or encrypted;
•    ensure confidential data is secured and not left in view of those not processing the data;
•    only use the blind carbon copy (BCC) in emails when sending group emails to external individuals;
•    ensure documents containing personal data are not removed from site;
•    delete web browsing history of staff after six months;
•    comply with its separate policy on patient identifiable information;
•    not transfer personal information to another company or country that cannot protect the information to the same levels set out under the DPA and UK GDPR;
•    not make publicly available or share protectively marked documents externally.