PROTECTION OF PERSONAL DATA
In addition to the “IT Laws Policy” section IT-02-01, found in the IT Policy, including the Data Protection Principles which the International Student House and its subsidiaries will undertake to abide by, there are also several key points which stress: –
- The Public, including our residents and staff alike have a right to respect for their privacy and hence an expectation that information about them will be treated as confidential.
- All International Student House’s employees and contractors working for the International Student House have a common law duty of care to protect personal information.
- All departments must have an active policy for informing data subjects of the kind of purposes for which information about them is collected.
- Arrangements (both manual and technology based) for the storage, disposal and handling of information must protect confidentiality. Care should be taken to ensure that unintentional breaches of confidence do not occur.
- Breach of confidentiality is a serious matter that may result in disciplinary action by the International Student House or legal action by a resident or supplier.
PROTECTION OF CONNECTION TO OTHER NETWORKS
Connection to other networks must be carefully considered and planned. We must adhere to the following in respect to “connection to other networks”:
- The International Students House’s corporate LAN (Local Area Network) will not connect to any other network unless the International Students House’s IT department is able to control access from outside users into the corporate LAN network.
- Firewall protection are utilised to prevent illegal intrusion via the internet.
- Networks that need to link to our corporate LAN, whether this is for a supplier/ merger, must have a firewall in place to ensure protection of communication
- Networks that need to link to our corporate LAN must be authorised by the IT Manager. Any networks found connected/attempting to connect to our LAN be blocked under the discretion of the IT Manager
- Other networks must only have access to what they require.
- Where possible these networks should be isolated for security purposes.
PROTECTION OF DATA FROM UNAUTHORISED ACCESS
In order to ensure that data secured for unauthorised access, we must:
- Password controls must be implemented as per the “Password Control and Policy” – section IT-03-04-D, part of the IT Policy
- System password details are recorded by the IT and kept securely.
- Password Protected Screen Savers may be used when PC/Laptop is idle and unattended
- Users must lock their PC/Laptop when leaving their desk
- Monitors used in public areas should be tilted away from the public’s direct line of sight so that confidential information cannot be viewed.
- Reports containing sensitive information (e.g. Payroll data) which require disposal should be placed in disposal bags for shredding as confidential waste.
- Secured USB disks should be used when transferring data to outside organisations.
- Backups and copies of data should be stored securely off-site.
- All storage media, including backups, should be clearly marked to avoid confusion over their contents.
- Where appropriate; physical controls should be used to prevent unauthorised access.