We receive, hold and use large amounts of personal data. We do our best to keep this information safe from being used wrongly or giving the information to others without being allowed to do so. We try our best to make sure that you have confidence in what we do with your personal data.

Information Governance Framework

Personal data is important to help us run all the things that we do for you and other people, as well as helping us look after everything else we own. We only share personal data with people who are allowed to see it. Personal data also helps us know if we are doing our job well and helps us plan for the future.

Our ‘Information Governance’ means how we use information we hold. We take Information Governance seriously so we can make sure we follow the law and do the best we can. Information can mean lots of things, such as your personal data, paperwork, photographs, pages on the internet and videos.

It is important that we have a strong plan in place so that we can keep all our information safe. We have lots of policies about information, and we train our staff about how to work with information so that the plan we have will work.

Information Governance Management Framework

Data Protection and Privacy Policy

This is an important policy that helps us follow the law and do the best we can. To follow the law, we must be safe and responsible with personal data. There are many rules we have to follow which help us make sure we only share information when we are allowed to do so.

Data Protection and Privacy Policy

Information Access and Rights

This policy sets out the rules around who is allowed to see personal data and what they are allowed to do with it. Most of the rules in this policy are there because of the law. This is because there are a lot of laws about the ‘Freedom of Information‘ and ‘Data Protection’.

This policy is part of a set that help us with ‘Information Governance’. Some other policies are:

  • Data Protection and Privacy Policy
  • Information Security and Conduct Policy; and,
  • Records Management and Retention Policy

There are other, smaller sub policies which we must follow.

This policy is to make sure that we can make choices about information, thinking about:

  • Being open and honest with information, making sure people can find or ask for information easily when we can
  • Helping people with asking for information
  • Protecting information that we are not allowed to share.

Information and Access Rights

Records Management Policy

We use information in the council every day for lots of different reasons. We receive information from people and from other organisations, like companies or other councils. We also collect and hold a lot of information.

We hold information in many ways, such as in e-mails and on paper. We keep track when we send or receive letters and emails and also hold lots of financial information, like when people pay us council tax. We hold legal documents such as contracts and application details, for example, when people apply to make big changes to their house.

This policy says how we look after information. The most important parts about how we look after information are:

  • Information Asset Register
  • Information Security
  • Records Metadata
  • Network Drives
  • Protective Marking
  • Evidential Integrity
  • Record Retention Schedule
  • Disposal of Records

You can find out more about these in the policy.

Records Management Policy

Information Security Incident Management Policy

This policy sets out our rules of ‘information governance’ and what different people in the council are responsible for.

For information to be safe, our computers and how we use them must also be safe. Anybody in the Council who uses the information we have must:

  • Do what they can to help stop important or private information being lost or falling into the hands of people who do not have the right to see it
  • Make sure that computers with important or private information on are kept secure.
  • Tell their manager as soon as possible if they think that information on a computer might have been lost or seen by someone who shouldn’t see it

This document says what we do if we think information on a computer might have been lost or seen by someone who shouldn’t see it. We must try to find out what has happened as quickly as possible, so we can make choices that help us reduce the risk of harm to people or the council. If we do this badly, then people could come to more harm. This document sets out what different people in the council need to do make sure we handle problems in the best way possible and the same way every time.

Information Security Incident Management Policy

Key words

  • Personal Data - Anything about a person which might help someone recognize them, like a full name, photograph or bank details.
  • Information - Facts about someone or something
  • Information Governance - How we deal with information safely and securely