Information Security Policy

3. Classification of information 

3.1. Definition of confidential information

Our confidential information is held in various forms, including paper and electronic records, hand written notes and information stored on portable electronic devices, e.g. laptops, and removable media, e.g. memory sticks.  

The following categories of information are confidential:

  • Access control information such as login accounts and passwords
    • These provide access to information which may itself be confidential.
  • All our casework information 
    • The law requires our investigations to be conducted in private, though we may publish all or part of a report or statement provided it is suitably anonymised.
  • Personal information about staff and others
    • We must comply with our duties to others under the UK GDPR and DPA18
  • Corporate information which needs to be confidential for financial and commercial reasons
    • We must comply with our duties to others and protect our commercial interests

It is appropriate to mark correspondence ‘Private and Confidential’ or ‘Confidential’. This may also be appropriate in corresponding with staff on HR matters.  

3.2. Government scheme of protective marking

The Government has an official scheme of protective marking. This policy ensures the LGSCO adheres to the broad requirements of information security, but does not require us to use the Government’s protective marking.

3.3. Sensitive casework information

Some of the information on particular complaints may be considered to be sensitive. This is not necessarily the same as ‘special category personal data’ under the UK GDPR (see Encryption and ‘Special categories of personal data’). We consider the following information to be sensitive in casework:

  • Information including allegations of abuse including physical abuse, sexual abuse, psychological abuse, financial or material abuse, abusing through neglect/omission and discriminatory abuse.
  • Where the nature of the information is particularly sensitive, for example: 
    • Housing transfers for racial or homophobic or disability related violence or persecution, or where a transfer is recommended by the police for fear of violence. 
    • Antisocial behaviour cases about a neighbour’s mental health and/or challenging behaviour. 
    • Cases where HIV/Aids is a central issue. 
    • Where one of the parties has a record of sexual offences. 
    • Where a homeless applicant and children claim to have suffered domestic violence from a partner. 
    • Material containing financial information of a commercially sensitive nature. 
  • Material provided to us in confidence (with or without a Local Government Act 1974 section 32(3) notice). This must be saved in the Do Not Disclose folder on ECHO and the relevant procedure followed. 

3.4. Sensitive corporate information

Some corporate information is sensitive for personal or commercial reasons. Examples are:

  • Personal checks on staff such as disciplinary and performance information
  • Business related information such as contract or tendering information, information of third parties, or major organisational change planning. 

3.5. Sensitive Commission papers

Papers going to meetings of the Commission, Remuneration and Appointments Committee and Audit and Risk Assurance Committee (ARAC) will be marked to indicate whether they are to be:

  • Available for staff and the public (marked ‘Open – for the intranet and the website’).
  • Available for staff only (marked ‘Restricted – intranet only – not to be shared externally’).
  • Not for publication (marked ‘Confidential’).

Items for the confidential agenda will be stored in a suitable, limited access folder, with hard copy printed on green paper so that their confidential nature is apparent. There will not normally be any requirement to mark the sensitivity of these papers unless they relate to the most sensitive corporate or operational information, e.g. contentious negotiations, or major security or business continuity issues. They can be marked with their availability (i.e. only to those individuals attending the confidential part of the meeting or who are authorised to attend but may be absent). 

See also Procedure for classifying and publishing meeting papers. 

LGO logogram

Review your privacy settings

Required cookies

These cookies enable the website to function properly. You can only disable these by changing your browser preferences, but this will affect how the website performs.

View required cookies

Analytical cookies

Google Analytics cookies help us improve the performance of the website by understanding how visitors use the site.
We recommend you set these 'ON'.

View analytical cookies

In using Google Analytics, we do not collect or store personal information that could identify you (for example your name or address). We do not allow Google to use or share our analytics data. Google has developed a tool to help you opt out of Google Analytics cookies.

Privacy settings