How do we protect your information?
We strive to ensure that the records we hold about you (on paper and electronically) are held in a secure way, and we’ll only make them available to those who have a right to see them.
Examples of our security include:
- encryption meaning that information is hidden so that it cannot be read without special knowledge (such as a password). This is done with a secret code. The hidden information is said to then be ‘encrypted’
- pseudonymisation meaning that we’ll use a different name so we can hide parts of your personal information from view. This means that someone outside of the Council could work on your information for us without ever knowing it was yours
- controlling access to systems and networks allows us to stop people who are not allowed to view your personal information from getting access to it
- training for our staff allows us to make them aware of how to handle information and how and when to report when something goes wrong
- regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches)
You can find more details of our information security within our general description of security measures (113KB PDF).
Will your personal information be sent or stored in countries without the same data protection rights as the UK?
The majority of personal information is stored on systems in the UK. But there are some occasions where your information may leave the UK either in order to get to another organisation or if it’s stored in a system outside of the European Union (EU).
We have additional protections on your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with that third party.
We’ll take all practical steps to make sure your personal information is not sent to a country that is not deemed ‘safe’ by the UK Government.
If we need to send your information to a location which is not on the list of locations deemed a ‘safe’ location we’ll always seek advice from the Information Commissioner (ICO) first.