How we take care of your personal data
We keep your personal information secure, whether electronically or in hardcopy. We have controls in place to protect information whilst stored, and transferred, and to minimise risks associated with inappropriate disclosure. This includes:
- Encryption, meaning that information is hidden so that it cannot be read a 'cypher'. The hidden information is said to then be 'encrypted'
- Pseudonymising, meaning that we remove identifiers so your personal information cannot be attributed to you.
- Controlling access to systems and networks to stop people who are not authorised to view your personal information from gaining access
- Training for our staff to make them aware of how to handle information and how and when to report when something goes wrong
- Regular testing of our technology and ways of working including keeping up to date on the latest security updates (commonly called patches). Wherever possible we use electronic, rather than paper, records.
We manage information throughout its lifecycle and take steps to ensure data we input is accurate and, where necessary, updated. This includes where accuracy is challenged.
We ensure information is not kept longer than necessary. That is, not beyond the business need or what the law may require, in accordance with our retention policy.
When data is no longer required it is permanently deleted or disposed of securely.
Staff are trained to properly handle personal information, which includes annual data protection training. A failure to take proper care or misuse of information may be treated as a disciplinary matter.