TASIS – Data Protection Policy 14 June 2017
3.16. For more information please see the latest version of the Subject Access Code of Practice published on the Information Commissioner’s Office website - www.ico.org.uk.
4. Security
4.1. The School shall do all that it can to ensure that Personal Data is not lost, damaged, or accessed or used without proper authority, and the School shall take appropriate steps to prevent these events happening.
4.2. Paper records which include confidential information shall be kept in a cabinet and/or office which is kept locked when unattended. All paper records should be kept in a secure location.
4.3. Paper records that include safeguarding, child protection and sensitive information relating to safeguarding are kept in a locked cabinet in a locked office
4.4. The School uses an array of measures to protect personal data stored on computers, and internal IT systems including file encryption, anti-virus and security software, user passwords, audit trails, backup systems and 2 factor authentication where required.
4.5. Staff must keep any passwords secure. Staff should be mindful that passwords are not always effective and are not a substitute for encryption.
4.6. Staff should not remove personal data from the School's premises unless it is stored on a password protected computer or memory device.
4.7. All laptops and PCs are secured with the requirement for login and passwords.
4.8. Sensitive information held electronically should be individually password protected as an additional layer of security.
4.9. Persons who process (store or use) personal data on behalf of the School have a responsibility to ensure that the Data Protection Principles are observed and must comply with this Data Protection Policy and any associated record keeping and confidentiality policies.
4.10. Persons who work for and on behalf of the School (‘third parties’) who may have access to or process personal data in connection with the School should operate in accordance with the Data Protection Act and this policy. Third parties include suppliers or service providers.
The current version of any policy, procedure, protocol or guideline is the version held on the TASIS website. It is the responsibility of all staff to ensure that they are following the current version.
Information Sharing Classification: PUBLIC
5 of 7