Security

The level of access to personal data is the responsibility of the Responsible Officer within organisations, who is responsible for the security measures outlined above and the maintenance and security of passwords. An effective security policy must be in place in each Statutory Organisation in accordance with the stipulations of the DPA and the UK GDPR.

At minimum, all data assets must be classified and managed in accordance with each agencies protective marking protocols. 

Data sent by email must be sent via a secure email system or encrypted/password protected where secure email is not available.

Databases holding personal information must have a defined security and system management procedure for the records and documentation.

The use of all removable media devices is prohibited unless specific authorisation for the use of the device has been obtained from the relevant Organisation’s Responsible Officer. If authorised, Thames Valley Police will only use secure encrypted devices to transfer police information.