Data retention policy
When personal data is accessed and used, it can be at the greatest risk of loss, corruption or theft.Below are the ways to use the data in an appropriate manner.
When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorised external contacts.
Employees should not save copies of personal data to their own computers. Always access and update the central copy of any data.
Data archiving and removal policy
All employees, clients, vendors and contractors have a personal responsibility to keep information secure and confidential. This policy aims to prevent unauthorized disclosure of information assets by the controlled disposal and destruction of media storing confidential data.
All customer data should be disposed of when it is no longer necessary for business use, provided that the disposal does not conflict with our data retention policies, our customers data retention policies, a court order, or any of our regulatory obligations.
All employees are prohibited from using the following media to store confidential or client information.
USB Drives or External Backup programs
CD ROM drives.
All cloud based storage media being decommissioned should be sanitized when it is no longer necessary, provided that there is a backup of customer data on production systems to comply with our customers data retention and contractual obligations.
Laptop based storage media may not be donated or sold. All laptop based storage media should be sanitized prior to transfer of ownership to a co-worker or prior to destruction.
Data storage policy
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reason
When not required, the paper or files should be kept in a locked drawer or filing cabinet.
Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
Data printouts should be shredded and disposed of securely when no longer required.
App/service has sub-processors