Information Security Policy
Part 3
3. Classification of information
3.1. Definition of confidential information
Our confidential information is held in various forms, including paper and electronic records, hand written notes and information stored on portable electronic devices, i.e. laptops and mobile phones and removable media e.g. USB Flash Drives. .
The following categories of information are confidential:
- Access control information such as login accounts and passwords
- These provide access to information which may itself be confidential.
- All our casework information
- The law requires our investigations to be conducted in private, though we may publish all or part of a report or statement provided it is suitably anonymised.
- Personal information about staff and others
- We must comply with our duties to others under the UK GDPR and DPA18
- Corporate information which needs to be confidential for financial and commercial reasons
- We must comply with our duties to others and protect our commercial interests
It is appropriate to mark correspondence ‘Private and Confidential’ or ‘Confidential’. This may also be appropriate in corresponding with staff on HR matters.
3.2. Government scheme of protective marking
The Government has an official scheme of protective marking. This policy ensures the LGSCO adheres to the broad requirements of information security, but does not require us to use the Government’s protective marking.
3.3. Sensitive casework information
Some of the information on particular complaints may be considered to be sensitive. This is not necessarily the same as ‘special category personal data’ under the UK GDPR (see Encryption and ‘Special categories of personal data’). We consider the following information to be sensitive in casework:
- Information including allegations of abuse including physical abuse, sexual abuse, psychological abuse, financial or material abuse, abusing through neglect/omission and discriminatory abuse.
- Where the nature of the information is particularly sensitive, for example:
- Housing transfers for racial or homophobic or disability related violence or persecution, or where a transfer is recommended by the police for fear of violence.
- Antisocial behaviour cases about a neighbour’s mental health and/or challenging behaviour.
- Cases where HIV/Aids is a central issue.
- Where one of the parties has a record of sexual offences.
- Where a homeless applicant and children claim to have suffered domestic violence from a partner.
- Material containing financial information of a commercially sensitive nature.
- Material provided to us in confidence (with or without a Local Government Act 1974 section 32(3) notice). This must be saved in the Do Not Disclose folder on ECHO and the relevant procedure followed.
3.4. Sensitive corporate information
Some corporate information is sensitive for personal or commercial reasons. Examples are:
- Personal checks on staff such as disciplinary and performance information
- Business related information such as contract or tendering information, information of third parties, or major organisational change planning.
3.5. Sensitive Commission papers
Papers going to meetings of the Commission, Remuneration and Appointments Committee and Audit and Risk Assurance Committee (ARAC) will be marked to indicate whether they are to be:
- Available for staff and the public (marked ‘Open – for the intranet and the website’).
- Available for staff only (marked ‘Restricted – intranet only – not to be shared externally’).
- Not for publication (marked ‘Confidential’).
Items for the confidential agenda will be stored in a suitable, limited access folder, with hard copy printed on green paper so that their confidential nature is apparent. There will not normally be any requirement to mark the sensitivity of these papers unless they relate to the most sensitive corporate or operational information, e.g. contentious negotiations, or major security or business continuity issues. They can be marked with their availability (i.e. only to those individuals attending the confidential part of the meeting or who are authorised to attend but may be absent).
See also Procedure for classifying and publishing meeting papers.