Model Protocol security
| This document is published for archival/historical purposes. |
These pages are due to be updated. More up to date information on information sharing can be found in 'Delivering Community Safety - A guide to effective partnership working' and the Information Commissioners Code of Practice on Information Sharing.
SECURITY & DATA MANAGEMENT SECTION
We agree to comply with the seventh principle of the Data Protection Act 1998, namely that the data subject shall be entitled at reasonable intervals and without undue delay or expense, to be informed by a data user whether he holds personal information of which that individual is the subject. In addition we will access any such data held by a data user, and where appropriate, we agree to have any such data corrected or erased.
It is our responsibility as signatories to this Protocol, to ensure that we have adequate security arrangements in place, in order to protect the integrity and confidentiality of the information we hold.
We agree that personal information disclosed must;
Not be emailed over internet links, where this is practical.
Be protected by back-up rules.
When stored on a computer system, it must be password protected and we agree this password will be revised regularly.
When manual, be stored in a secure filing cabinet when not in use.
Be located in a geographically secure environment.
Not be inputted/accessed without industry standard security devices as defined by BS7666.
The national standard for making data “fit for use” is industry standard BS7666. This is the standard for describing the location of types such as addresses, rights of way and streets. As most public sector data has a location element to it, this is a good standard to convert disparate data sets from different systems and agencies and fully integrate them. [All data sharing initiatives complying with BS7666 will dovetail into Modernising Government policy initiatives on a local level, such as Call Centres, Data Warehouses and One Stop Shops.] We agree that in order to “future proof” this Protocol, we undertake to use industry standard BS7666 to process our data.
All data held by us is subject to a specified “shelf-life.” [to be agreed here]. All personal data disclosed to us will be held until [describe when data no longer required for purposes of partnership].
We understand that all these measures need to be taken to ensure the security of our partners and to protect the general public.
We are aware that only the minimum amount of information should be disclosed, in order to get the job done and for the purpose for which it was intended. We agree that all information retained by us and our partners should be kept securely and for not longer than is strictly necessary.
Date modified: July 2003
Review date: February 2004
Originator: Home Office Information Sharing Te
Last update: Friday, January 09, 2009