Records management policy
Data sharing
Where data is transferred to another organisation, we must take steps to ensure the safety of the records during the transportation or transmission process. This should include:
- password protection - the password should, wherever possible, be conveyed via a different medium; for example, do not email password details and then also email the password protected data
- encryption
- the use of secure email servers
- minimisation of personal/sensitive personal data to what is needed only
- sending data by secure online portals with limited access
Data processors
Where the Council have contracted a third-party supplier to process Council data on our behalf we must take steps to ensure that the Data Processor complies with security and technical measures to protect this data in line with Data Protection Legislation. These steps include relevant clauses being inserted into our contracts as required under Article 28 UK General Data Protection Regulation. You will also need to undertake due diligence by asking appropriate questions regarding security and technical measures taken where suppliers will be processing Council personal data.
An example of data processors may be where we contract a third party to provide and administer an IT system to our instruction on which we store our customers personal data.
Systematic data sharing with data controllers
Where we share personal data systematically with other Data Controllers we should have a Data Sharing Agreements in place which set out the details of the data sharing. Where we share personal data, we will ensure we are compliant with Data Protection Legislation.
Some examples of where may require a data sharing agreement includes where we share personal data with another Local Authority for election purposes or where we share data with Community Hub partners to deliver support to vulnerable residents.