Best practice

Sending information to others

Where possible, use the sharing features of Haplo to allow mediated access to information online.

You must never send, transfer or carry data unencrypted on a USB memory stick or CDROM/DVD.

You must never email confidential information in an unencrypted form.

Data Protection Act

If your organisation handles personal information about people, you must meet your responsibilities and obligations under the Data Protection Act. Ensure you have an up-to-date entry in the public register.

Physical security

  • Ensure your screen cannot be seen by visitors.
  • Lock and secure your office when it is unattended and at the end of the day.
  • Whenever possible escort visitors in the building at all times.
  • Lock up paper based personal information at night.
  • Lock up laptops and portable IT equipment at night.
  • Don’t hold confidential conversations where you can be overheard.
  • Ensure filing cabinets containing confidential information are kept locked when not in use.
  • Ensure filing cabinets are not sited in areas accessible to visitors.