Presentation is loading. Please wait.

Presentation is loading. Please wait.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, 456108 Mon – Thurs 9:15-2:15.

Published byScott Edwards Modified over 7 years ago

Similar presentations

Presentation on theme: "Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, 456108 Mon – Thurs 9:15-2:15."— Presentation transcript:

1 Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, 456108 Mon – Thurs 9:15-2:15

2 New ICT Policies Device Lockdown Policy Removable Media and Data Transfer Policy Information Exchange Policy

3 Implementation Headteachers Breakfast Briefing – 21 st March Training session with School staff - Summer term

4 Device Lockdown Policy Purpose: This policy will ensure effective management of information and data by setting out the requirements under which it will be accessed, so that the risk of corruption, loss or unauthorised access is minimised.

5 Requirements: By default, all computer and device external ports (CD, DVD, USB, etc) will be disabled. Following a Business case and Risk Assessment supported by the evidence, external ports may be enabled. PCs and other devices will automatically lock down after 5 minutes of inactivity. The appropriate physical and software security measures will be in place to ensure no unauthorised access to any locked down device. Device Lockdown Policy

6 This policy will ensure the effective management and security of information and data when it is transferred, used and stored on removable media devices. This will minimise the risk of corruption, loss or unauthorised access. The policy also provides evidence that there is a robust framework in place to protect personal and confidential information and data in its possession. This will promote the trust and confidence of individuals, private organisations and public bodies. Removable Media and Data Transfer Policy

7 Removable media and transfer devices for the purpose of this policy include (not exhaustively): Laptop or portable computers Hand-held computers (PDAs, Ipaqs etc.) USB memory sticks Recordable discs (CDs, DVDs, floppy disks or diskettes etc.) Memory cards SIM cards Mobile & smart phones Digital cameras Voice recording devices Email Paper-based records (physical files, photocopies, print-outs etc.)

8 The aims of this policy are to ensure that when removable media devices are provided and used: Needs of users are accommodated. Information and data is protected. Personal, third party, privileged, commercially confidential and any other sensitive information and data is protected. Unauthorised disclosure of information and data is minimised. Integrity of information and data is maintained. Unintended consequences to the stability of the computer network are prevented. Legislation, policies or good practice requirements are met. Confidence and trust are promoted and maintained when information and data are transferred and shared, both internally and externally. Removable Media and Data Transfer Policy

9 Removable Devices and Data Transfer Policy Data must always be created, maintained and stored in source systems or databases. Removable media devices must only be used to store or transfer data that already exists within such systems or databases. They must not be the only place that information and data is stored. All removable media must be transferred and stored in an appropriately secure and safe environment that avoids physical risk, loss or corruption. Privately owned storage media or other equipment must not be connected to hardware or to the network. Nor must privately owned removable media devices be used to store or process information and data of any kind.

10 Removable Media and Data Transfer Policy Whilst in transit or storage, information and data must be given appropriate security according to its sensitivity. Encryption must be applied to information and data transferred via email or held on removable media devices unless there is no risk to the Council, other organisations or individuals from the data being lost whilst in transit or storage; i.e. the data is not personal, sensitive or confidential and would be potentially available to the public under freedom of information or environmental information under legislation.

11 All unneeded or end-of-life removable media must be returned for secure data removal before re- allocation or disposal, in accordance with the Council’s ICT Asset Recycling Policy. If aspects of this policy interfere with a valid business requirement, an application should be made for consideration. Removable Media and Data Transfer Policy

12 Information Exchange Policy This policy will ensure effective management of information and data by setting out the requirements under which it will be accessed, so that the risk of corruption, loss or unauthorised access is minimised.

13 Information Exchange Policy Information Storage: All electronic information will be stored on centralised facilities to allow regular backups to take place. Information will not be held that breaches the Data Protection Act (1998) or formal notification and guidance issued. Staff should not be allowed to access information until line managers are satisfied that they understand and agree the legislated responsibilities for the information that they will be handling. Databases holding personal information will have a defined security and system management policy for the records and documentation. Files which are listed as a potential security risk should not be stored on the network, except for in designated application storage areas.

14 Disclosure of information: The disclosure of personal information to other than authorised personnel is forbidden Sensitive documents are not to be left unattended and when not in use shall be locked away. Computer and paper information are to be accessible to authorised persons and individual staff are not to be the sole custodians of any data or information. Disposal methods for waste computer printed output and other documentation are according to the sensitivity of the material. Information Exchange Policy

15 Sharing of Personal Records: Information relating to individuals should not be shared without following agreed protocols. In the absence of local protocols, staff are to contact their line manager for advice before the release of any information. Staff should be aware of their responsibilities to be able to justify the sharing of information and to be able to maintain security when transferring information in person, by email, by fax, phone or post. Information Exchange Policy

16 Next steps Allocate time for a training session Think about any particular issues to be discussed Implement School policies

17 Any Questions

Download ppt "Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, 456108 Mon – Thurs 9:15-2:15."

Similar presentations

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Data Management Tools David Wallom. YOUR DATA DOES NOT BELONG TO YOU! IT BELONGS TO YOUR EMPLOYING INSTITUTION!

Data Management Tools David Wallom. YOUR DATA DOES NOT BELONG TO YOU! IT BELONGS TO YOUR EMPLOYING INSTITUTION!
Open Access: Data Protection, Storage and Sharing Caroline Dominey.

Open Access: Data Protection, Storage and Sharing Caroline Dominey.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
Service Point 5 ReportWriter How to create and run reports in ReportWriter.

Service Point 5 ReportWriter How to create and run reports in ReportWriter.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Information Governance

Information Governance
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Copyright Security-Assessment.com 2004 New Technology Enforcement Strategies by Peter Benson.

Copyright Security-Assessment.com 2004 New Technology Enforcement Strategies by Peter Benson.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.

Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.
Introduction to computers. What is a personal computer? Capacity: Large hard disks combined with a large working memory (RAM) Speed: Fast. Normally measured.

Introduction to computers. What is a personal computer? Capacity: Large hard disks combined with a large working memory (RAM) Speed: Fast. Normally measured.
Practical Information Management

Practical Information Management

Similar presentations

Ads by Google