Tips for handling personal data remotely
1. Follow the Council’s policies, procedures and guidance
Following the Council’s guidance will ensure that personal data is adequately protected. Avoid the temptation to do things in a way you think is more convenient, such as sending emails through your personal account (this is not permitted) or using the video conferencing app that you use with friends for work calls. Please see the “ICT Usage Practices (Sections 2.1 Email and 9.4 Remote Working)” as well as “Security Away From your Desk” guidance, this also includes a reminder of how to report a data breach.
Extracts from the ICT Usage Practices:
2.1.9 The confidentiality of each email must be adhered to at all times. This would forbid the re-distribution (in any medium) of the email to unauthorised or inappropriate parties.
2.1.10 Users must consider the sensitivity of an email before sending ensuring they encrypt any sensitive or confidential DDC related data or information prior to sending to any email address outside the DDC network. Please see data security section on Davnet for details on how to easily encrypt emails.
2.1.11 No auto forwarding of email to non DDC email accounts.
2.1.12 Employees who wish to work from home will not email documents to their own personal email accounts, remote access to files and email for home working should be requested via your Manager who will then raise a request with the IT Service Desk for access to Citrix.
2. Only use approved technology for handling personal data
If the Council has provided you with technology or software, like Webmail or Citrix, use it. This will provide the best protection for personal data.
3. Consider confidentiality when holding conversations or using a screen
You may be sharing your home working space with other family members or friends. Try to hold conversations where they are less likely to overhear you and position your screen where it is less likely to be overseen.
4. Take care with print outs
At the office you can use confidential waste bins. At home you won’t have that facility.
As a general rule officers working from home should not be printing documents, especially those containing personal or commercially sensitive data. If it is necessary to print, for example to post letters, use iMail or contact your manager to determine who is in the office that could print and post for you.
It should not be possible to print to your home printer when working via Citrix. Officers are reminded it is not permitted to send documents to their personal email addresses to enable printing or to print direct to their own printers.
5. Don’t mix Council’s data with your own personal data
If you have to work using your own device, keep the Council’s data separate to avoid accidentally keeping hold of data for longer than is necessary.
Do not save documents to your personal device or shared home equipment. If you do not have remote access to your folders to save work, you will need to send that work to yourself using Webmail, then delete the document from your personal device. You should particularly ensure this is the case on shared home equipment (that family members or children use) and especially in the case of documents containing customer/staff personal data. Another good option might be to use a DDC encrypted USB SafeStick, but be careful they are small, easy to lose and need to be kept securely.
Ensure the documents are completely deleted (not sitting in your recycle bin on your desk top). By doing this we ensure that the Council’s data is kept as secure as possible and your personal computer equipment is not brought into scope of subject access or FOI requests.
6. Lock it away where possible
To avoid loss or theft of personal data, put paper documents and devices away at the end of the working day.
7. Be extra vigilant about opening web links and attachments in emails or other messages
Don’t click on unfamiliar web links or attachments claiming to give you important coronavirus updates. We’re seeing a rise in scams so follow the National Cyber Security Centre’s (NCSC) guidance on spotting suspicious emails.
Always remember to think (not click) before opening emails and be particularly cautious of any unusual emails containing requests for payment/signing documents etc. If you are unsure contact the IT Help Desk for advice before acting on the email message.
For more information about how to send personal data securely see the Council’s secure email guidance on the IT Help Desk pages.
8. Use strong passwords
Whether using online storage, zoom, a laptop or some other technology, it’s important to make your passwords hard to guess. The NCSC recommends using three random words together as a password (eg 'coffeetrainfish' or ‘walltincake’). Make sure you use different passwords for different services too.
9. Communicate securely
Remember to use the encryption facility when sharing personal data via email. For more information about how to send personal data securely see the Council’s secure email guidance on the IT Help Desk.
Do not use WhatsApp or other instant messenger for work purposes without authorisation from your manager. This type of communication should not be used for transfer of personal data.
You should as always use the minimum personal/sensitive data possible in any task you are carrying out.
10. Keep software up to date
If you’re using your own equipment/device, don’t be an easy target for hackers. Keep your security software up to date to make it more difficult for them to get in. DDC staff can get a copy of SOPHOS Intercept X AV on their own personal home machines free of charge. To register you need to visit this link home.sophos.com/employee and enter your work email address, you will then be sent a registration email which you can forward to your own personal email address to setup at home.
If the Council has provided you with technology to work from home, this is managed for you.