Where can I find more information and guidance on data protection legislation?
Where can I find more information and guidance on data protection legislation?
You can find guidance on data protection on the Information Commissioner’s website, or if you have any specific questions you can contact the Information Commissioner’s Office directly.
Information Commissioner’s Office – Scotland
45 Melville Street
Edinburgh
EH3 7HL
Tel: 0303 123 1115
Email: [email protected]
The Local Government Association/ SOCITM have also produced guidance for local authorities on data handling (although it should be noted that the ERO is a separate data controller from the local authority). It recommends that you consider the following factors when developing your approach to data handling:
Policy: comprehensive policies (including business continuity, and home and mobile working) should form the information governance regime. The policies should be monitored and audited to ensure they are being effectively enacted
People: including staff awareness and training, users’ access, and mechanisms for managing information risks
Places: including risk assessments, security of buildings and premises, the disposal of information, and use of removable media
Processes: including who can access data, system security, transfer of data, and supplier and contractor data processes
Procedures: including risk reporting, auditing procedures, and documented policies and procedures