Derby City Council's Commitment to Security of Personal Data

The City Council has always taken and continues to take the confidentiality and security of personal information very seriously.

In light of recent breaches by a government department, the Council has reviewed current practices. We have enforced the policies that:

• email must never be used to send personal information external to the Council
• CDs being used to share data must be at least password protected before being sent by external post
• started to evaluate the use of encryption for CDs as an extra security precaution
• started to investigate ways of being able to securely share information between agencies electronically.

Our existing policy and practice includes measures such as:

• Having a Data Protection Act Policy and a website privacy statement that demonstrates our commitment to the Act
• using a Fair Processing Notice to tell our citizens and service users what information we collect, what we use it for and who we may share it with
• signing up to a Derbyshire-wide Information Sharing Protocol which documents all the best practice expectations of partner agencies for confidential and secure information sharing
• all employees have access to a wide range of advice, guidance and training and are regularly reminded of the importance of information security and their responsibilities under the Data Protection Act
• marking mail carrying data and sent externally as ‘Private and Confidential – to be opened by Addressee Only' and only sending it by recorded delivery
• employing dedicated officers in the Council who are responsible for data protection and ensuring we have robust procedures in place that minimise the risk of personal information falling into the wrong hands.

To date, we have not received any reports of data being lost by any of the methods that we use.