Information Security Week 2019 - Friday, 11 October: Data Matters
Fri, 11 Oct 2019

Day 5 – Data Matters

It has been a year since the implementation of GDPR and the Data Protection Act 2018 and data protection still remains in the spotlight. Following these changes, the council asks that all staff – specifically those working in open office spaces/or remotely – to remain vigilant when working with personal data. To help remind staff a new poster has been produced which can be displayed in offices and meeting areas.


Employee Responsibilities

All staff must be aware that the information they have access to as part of their role within the council should never be used for anything other than council business. This includes looking up information about yourself, your family or friends and using systems for other purposes than what it is intended to be used for.

It is an offence if you knowingly or recklessly obtain or disclose any personal data you have access to during your time at the council, without the permission of the council. It is also an offence to retain any personal data you had access to during your time at the council, without the permission of the council.

When working in a shared office space, it is also worth bearing in mind the following rules:

  • ensure workstations (this includes, but is not limited to desks and cabinet tops) are cleared at the end of each working day
  • ensure any paperwork is stored in a secure place, i.e. a locked filing cabinet
  • ensure that all PCs/laptops and other devices are locked before you walk away from them.


Manager Responsibilities

Managers are responsible for ensuring that all staff have undertaken appropriate training, specifically the Data Protection and Security 2018, Records Management and Information Security and ICT Computer Usage eLearning.

Managers must also ensure that all members of staff have read the:

  • Data Protection Policy
  • ICT Security Policy
  • ICT Usage Policy
  • Records Management and Data Quality Policy.

Managers should also ensure that processes are in place to ensure that all employees only have access to relevant network drives. This also includes ensuring that once staff have left the authority, that their access to network drives is also removed.


Acceptable Usage Procedure

For the avoidance of doubt, all agency workers, contractors, work placements and volunteers must be aware of the security measures surrounding the use of East Riding of Yorkshire Council information and computer systems and must adhere to the council’s acceptable usage procedure.

If agency workers, contractors, work placements and volunteers fail to comply with the acceptable usage procedure, personal commitment statement and the Data Protection Act 2018 this may lead to a termination of contract and immediate removal from council premises. The commission of any deliberate information security breaches may also result in criminal proceedings.

Remember, any data protection breach must be reported to the data protection and feedback team immediately, regardless of how minor you may consider the breach to be.

You can contact the data protection and feedback team at data.protection@eastriding.gov.uk


Share your views

Whether you like this new page or there's something not quite right - please let us know!