Information Security Policy

10. Transmitting information

10.1. Use of email 

Email is our main method of transmitting information. The Email and Calendar policy and separate email guidance is available in the IT User Handbook. 

10.2. Encryption and sensitive casework information

A decision to encrypt should be based primarily on the sensitivity of the data being sent (see below), but also take account of the impact it would have on the data subject, should the information be exposed, revealed or lost, and the likelihood of this happening (for example, if it’s the first time the email address has been used). Any questions about whether or not to encrypt should be raised with your line manager.

Encrypting emails is not always necessary, but must be used when transmitting sensitive casework information (which may also include special categories of personal data).

When to send casework material by encrypted email

Information we receive during our investigations can be very sensitive and, if seen by a third party, may have a serious negative impact on the complainant or others. This is separate from third party information that we would not disclose. 

The sorts of information this may include are –

  • allegations of abuse – sexual, physical, financial or otherwise
  • particularly sensitive matters such as racial, homophobic or disability related violence or persecution; sexual offences or domestic violence
  • information about particularly challenging behaviour or mental health issues
  • HIV/AIDS
  • commercially sensitive financial information
  • personal data about sensitive health matters, sex life or sexual orientation

This list is not comprehensive. There may be other information that would be distressing to those affected if an unauthorised person saw it. Such material may also include information about officers of the BinJ.

A good test when deciding to encrypt an email is –

  • “What harm would be caused if a third party got hold of the data?”

If you are unsure if the material you want to send contains data that should be encrypted, then encrypt the data. It does not matter who you are sending the material to. The examples below may help.

If the recipient says they do not want the information encrypted AND, for some reason, we cannot use post the guidance from the ICO is to ensure we keep the original request and document why we have not encrypted the email(s). If there is an information breach we would still have to report this, but the ICO will have our reasoning available to them.

Instructions for encrypting emails can be found on the intranet. We use Egress for encryption.

Examples

Please note, in the below examples, both parties are entitled to see the information. The question is not whether they should see the material, but whether you should encrypt the emails to both parties.

  • Information about a school admissions case says the child’s parents have separated, but gives no other details. This is sensitive data, but in this context does not need to be encrypted.
  • Information about a school admissions case says the child’s parents are separated and gives details of the domestic and sexual abuse that led to this. This is sensitive data and, in this context, must be encrypted. 
  • A complainant mentions their same sex partner in the context of their complaint; but there is no suggestion of persecution. The sexual orientation is sensitive data, but in this context does not need to be encrypted.
  • A complainant says they are being persecuted by their neighbours because they think he is gay. The complainant is gay, but due to their personal circumstances they are not open about their sexuality. This is sensitive data and, in this context, must be encrypted.
  • Information about an ASC charging case includes details of the complainant’s income. This is financial information, but not commercially confidential, so does not need to be encrypted.
  • Information about a procurement case gives details of one of the firm’s financial submission to the Council and the price they offered. This is commercially sensitive financial information and must be encrypted.
  • Information about a housing allocation case gives details of the complainant’s health, including that they use a wheelchair.  This is sensitive data, but in this context does not need to be encrypted, as it will be obvious to anyone who knows the complainant.
  • Information about a housing allocation case gives details of the complainant’s health, including that they are HIV positive. This is sensitive data and must be encrypted  
  • Information about an EHCP case says the child in question has autism; this is well known to others who know the family.  This is sensitive data, but in this context does not need to be encrypted as the information is public knowledge.
  • Information about an EHCP case gives details of the child’s challenging mental behaviours and the suspected reason for this is sexual abuse. Although the result of the behaviours are clear to anyone who sees the child, the suspected reason is sensitive data. So the information must be encrypted.

10.3. Posting 

Post should only be used where email is not available or practical, or where it has been agreed as a reasonable adjustment. Care needs to be taken to capture and use the correct postal address. For casework information:

  • Intake will match the complainant’s address to its postcode on logging.
  • Any complainant contact details which appear incorrect or are in doubt (for example because handwriting is unclear) will be checked with the complainant before the case is passed to Assessment.
  • If necessary, Investigators will check complainant contact details on first contact. If no receipt of correspondence (by whatever means) is reported, contact details will be checked with the complainant before confidential information is resent.
  • ECHO templates will normally be used when creating casework correspondence, to minimise the risk of mistyping.
  • All post must have a return address on it, either by using an envelope with our address pre-printed on the back or by adding an address label available for the purpose.
  • No post should be sent to the home addresses of staff who are not contractually home based.

Material should only be posted between our offices or to home based workers in exceptional circumstances, such as when we are sent large bound documents.

Casework documents sent between any of our offices (including Joint Working) or to home-based workers must be sent by Royal Mail Special Delivery (or a relevant, trackable courier service if the parcel is over weight for Royal Mail). A task must be set on ECHO for the intended recipient and for the sender so both can check the item arrives safely.

To post to any of our offices, use the pre-printed address labels available in all offices. If needed, the office addresses are available on the intranet. 

Mark all envelopes sent Special Delivery – either in writing or using the Special Delivery stamp. Do not attach post-it notes which can be separated from the envelope.

See also Home and mobile working. And separate internal post procedures in the Intake Team Manual.

For other posted material (for example to complainants or BinJs), Special Delivery or courier is not normally required. But, to mirror the email encryption approach, Special Delivery must be used when posting sensitive casework information.

Regardless of how it is sent, postage documents must be securely packaged so anything confidential (including the complainant’s and BinJ’s details) is not visible.

It is not necessary to lock away outgoing post after the day’s last collection until the next day, other than for sensitive post being sent by special (see 2.3 and 2.4 above for definitions of ‘sensitive’).

If we receive material on portable data storage such as a CD/DVD or a memory stick, staff in the office should attempt to access the material. If they are unable to, because specialist software is needed, they should contact the IT Team. Any material received on portable data storage should be added to the ECHO record (if it is relevant).

10.4. Non-casework material

The same approach applies to posting or emailing sensitive, confidential and special category information that is not casework material – for example material about staff or commercial/financial documents. 

10.5. Publishing casework information

Investigation reports and decision statements will not normally contain particulars which are likely to identify any person if those particulars can be omitted without impairing the effectiveness of the report.

Decision statements and reports will be carefully checked to ensure confidentiality is maintained, particularly to ensure names are not included.

Planning application reference numbers (and similar identifiers) should not be used.

Specific dates of actions will be used with care, especially those relating to committee meetings or other events which may affect limited numbers of people.

See the Statement of Reasons Manual and Policy on Access to Information 

LGO logogram

Review your privacy settings

Required cookies

These cookies enable the website to function properly. You can only disable these by changing your browser preferences, but this will affect how the website performs.

View required cookies

Analytical cookies

Google Analytics cookies help us improve the performance of the website by understanding how visitors use the site.
We recommend you set these 'ON'.

View analytical cookies

In using Google Analytics, we do not collect or store personal information that could identify you (for example your name or address). We do not allow Google to use or share our analytics data. Google has developed a tool to help you opt out of Google Analytics cookies.

Privacy settings