Protecting data and information
As a regulator, it is essential that we maintain the confidentiality of the information we hold. We actively manage risks to the data and information that we hold, be it personal data or information relating to any business we work with.
All our staff are aware of their responsibilities in protecting the data and information that we deal with in our day-to-day work. We use both technical measures, such as data encryption, and non-technical measures, such as our clear desk policy, to ensure we meet government standards for protecting data and information.
We continually monitor potential risks to the security of our data and information, and improve our security arrangements to ensure that our networks are secure and that information is managed to best practice standards.
How we protect information
Our information assurance framework document sets out the policies and procedures relating to the protection of data and information that all our staff need to understand and apply in the course of their day-to-day work. It is a central source for all our risk-mitigation measures, and acts as the baseline for our information assurance training and awareness.
Personal data
Our information charter document sets out the standards that you can expect from the Audit Commission when we request or hold personal information. The document provides further information on:
- personal information;
- how to find out what personal information we hold about you;
- when we share information;
- the training and guidance we give to our staff; and
- how to make a complaint.