Purpose and Scope
The Council stores, processes, and shares a large amount of personal information. Data is a valuable asset that needs to be suitably protected. Every care is taken to protect personal data from incidents (either accidentally or deliberately). Compromise of information, confidentiality, integrity, or availability may result in harm to individual(s), reputational damage or detrimental effect on the Council.
We are obliged under the Data Protection Act and the GDPR to have a process in place designed to ensure the security of all personal data during its lifecycle, including clear lines of responsibility. This policy sets out the procedure to be followed to ensure a consistent and effective approach is in place for managing data breach and information security incidents.
This Policy recognises that whilst personal and sensitive data is processed by the Council it is owned by the individual to whom it relates, and this must be considered in any decision making by the Council.
This Policy relates to all personal and sensitive data held by the Council Regardless of format.
This Policy applies to everyone at the Council. This includes temporary, casual or agency staff and contractors, consultants, suppliers and data processors working for, or on behalf of the Council.
The objective of this policy is to contain any breaches, to minimise the risk associated with the breach and consider what action is necessary to secure personal data and prevent further breaches.