Data Handling Policy
In relation to the handling of any personal data required for the delivery of services by Collaborative Change within a project contract, the board of directors guarantees that:
- Data is only accessible by named project personnel and is never transferred to a third party other than when written instruction is provided by the client.
- Data is stored on a stand-alone Windows 10 desktop PC, protected with Windows and Norton security features. Access is restricted to designated project personnel using Windows user authentication and the application of strong passwords.
- Files containing confidential data are transferred securely using Microsoft OneDrive for Business service. Other services are used if these are preferred by the client, for example Dropbox or a client’s own secure FTP service.
- In the event of any confidential data needing to be transferred via email, these files are always password encrypted with the password being preferably sent using a separate medium (phone text), or at least a separate email if an alternative medium if not available.
- Backups of data are stored securely using Microsoft OneDrive for Business cloud storage. In addition to OneDrive encryption, files containing personal data are also individually password protected.
- No files containing personal data are stored on any form of removable media such as USB sticks.
- All files are deleted 3 months after final completion of the project, or at some time agreed with the client if required. Secure deletion from drives is achieved using Microsoft’s SDelete utility.
- Any redundant hard drives are wiped securely using DBAN before disposal.
Collaborative Change 20 Limefield, Whalley, Lancashire BB7 9RJ Contact: firstname.lastname@example.org // 0771 924 2795
Company Reg: 07851349. Copyright © 2017 Collaborative Change Ltd.