April2016

Author: Reviewed by RuthFrance / Last updated: 30th April2016
Next update: April2017

Physicaldocument management anduseofelectronicdatastoragedevicesoutsideoftheoffice

1.0 Inordertoavoidaninformationsecuritybreach,itisessentialthatwetakecarewhentakingdocumentsoff-sitethatcontainconfidential/sensitiveinformation.Informationshouldbetreatedasconfidential/sensitiveifitslosswouldhave amaterialadverseimpactontheinterestsofan organisation (e.g.thecouncil,asupplierorpartnerorganisation)ortheprivacytowhichindividualsareentitled.Shouldthelossofthesensitiveinformationposeadirectthreattoanindividual(s)thenitispossiblethatthepolicewillneedtobeinformed.Shouldanydocumentsbeaccidentally lost, itispossiblethatthecouncilwillbeforcedtonotifytheinformationcommissioner.Itislikelythatthecouncilwouldthenbesubjecttoaheavyfinancialpenaltyfromtheinformationcommissioner.

1.1Furthertorecentnationalincidentsofconfidential/sensitivedocumentsbeingstolenorlostoutoftheofficewhenbeingtransportedorstored,belowissomesimpleguidancetohelpallstaffunderstandthebasicsofsafemanagementofphysicaldocuments–separateguidanceisavailableontheintranetrelatingtothemanagementofelectronicdatadevices(forexample;mobiles,laptops,memorysticks)andfiles.Theguidancebelowdrawsonlearningandexamplesofwhereproblemshaveoccurredinotherlocalauthorities.

1.3 Itisessentialtonotethatthatallstafftakepersonalresponsibilityandtakereasonablecareofallsensitivedocumentsandelectronicdatastoragedevices.Thismeansthatyouareexpectedtouseyourprofessionaljudgementandusethisguidanceinordertomakeappropriatedecisionsthatrespect confidentialityand maintainthehigheststandards of safety.

Someimportantguidanceintermsofkeepinginformationsafeoutsideoftheoffice setting:

  • Confidentialorsensitiveinformationisanythingthatmaycontainpersonaloridentifyinginformationaboutserviceusers(actualorpotential), individuals,familiesorcolleaguesthisincludesfiles, letters,personal notebooks,spreadsheets of data,medical records etc.
  • Whereverpossible,documentsorelectronicrecordscontainingconfidential/sensitivedatashouldremainintheofficeatalltimes.Onlyincircumstanceswheretherearespecificrequirementsfortheremovalofafile,documentorelectronicrecordcontainingsensitiveinformationshoulditbetakenoutoftheoffice,forexampletosupportacourtvisit,assessmentorspecificmeeting.Takinginformationtoworkathomeisacceptablebutthismustbeagreedwithyourlinemanager.
  • Allrecords(paperorelectronic)containingconfidentialinformationmustbestoredinasecurelocationthatrestrictsaccessbyanyonewhodoesnothavetheappropriateauthorisationorrequirement–thismeansifdocumentsorelectronicdatastoragedevicesarestoredathomethenyoushouldputtheminadraweroralocationwheretheycannotbeeasilyviewedwhenyouarenotusingthem.Theyshouldalwaysbeoutofviewofotherfamilymembers,friendsandorvisitorstoyourhome.
  • Shouldtherebeanincidenceofinformationlosswhilstoff-sitethenitisvitalthatweareabletoquicklydeterminewhatinformationwascontained inthedocumentsorontheelectronicdatastoragedevices.Forthisreasonitisessentialthatalistofthedocuments,filesandelectronicdatastoragedevicesthathavebeentakenoff-sitemustberetainedin the office.
  • Any incidents should be reported to the head of service for children in care and the Caldicott officer for Knowsley Borough Council.
  • Anydocumentsorelectronicdatastoragedevicesremovedfromtheofficeshouldbekepttoaminimum–thismeanswherepossiblelimitingthe paperwork you removeonly to specificitemsneeded –youshouldknowwhatrecordsyouhavetakensoiftheyarestolenorlostyou tellsomeonewhat has gone missing.
  • Electronicdatastoragedevicesshouldbepasswordprotectedattheveryminimumandencryptedwherepossible.Encryptionkeysandpasswordsmustnotbestoredwiththeelectronicdatastoragedevices.
  • Itiscommonthatdocumentsarereadinpublicplaceswhenoff-site,forexample whilst travelling and working on atrain, oracafé, a bus, alibrary,etc.Extracaremustbetakenwhenreadingdocumentsinaplacewherethereisariskofothersseeingthesensitiveinformation(which could becommerciallyorpersonallysensitive).
  • Whilstintransitfromonelocationtoanother,alldocumentsandelectronic datastoragedevicesmustbekeptoutof view andsecure–thismeansinaclosedbagifwalking ortravellingon publictransport.
  • Sensitiveinformationshouldonlybedisposedofinconfidentialwastebins availableatwork–thismeansyoushouldneverdiscard anyfilesordocumentsinhousehold orpublicwaste.
  • Documentsandelectronicdatastoragedevicesremovedfrom officesshouldneverbeleftunattended–thismeansyoushouldneverleavepapersorlaptops/mobilesinyourcar.Ifyourcarisstolenwiththeseitemsinsidewhenithasbeenleftunattendedthenyouareresponsible.
  • Documentsshouldbestoredasinconspicuouslyaspossible–thismeansneverstoringorcarryingsensitiveinformationinthesamebagasyourlaptop.Acommonissueisthathighvalueitemslaptopsandhandbags(thoughttobecontainingapurseorwallet)arestolenandpapers aretaken at thesametime.
  • Ifremoveddocumentsorelectronicdatastoragedevicesarelostorstolen,itisyourresponsibilitytoreportthesituationtoyourmanagerandifnecessarythepoliceimmediately.Ifyouareasocialworkeryoumustalsomakecontactwiththeoutofhoursteamtoinformthemof the incident,ifithappensoutsideof officehours.

Page 1 of 4