Email: clerk@levenparishcouncil.gov.uk

Call: 07725 301557

AREA OF RISKRISKLEVEL H/M/LMANAGEMENT OF RISKACTION
All personal data held by Leven PCPersonal data falls into the hands of a third partyLPersonal data held is always minimised. Data is held securely in the Leven PC cloud storage backed up daily. Data printed off the system is destroyed after use.Councillors have recently been given Leven PC emails so all email activity resides in the Leven PC system and is not sent to private email addresses
 Publishing of personal data in minutes and other public documentsLClerk avoids publishing non public personal data in the minutes. Personal names are not used and replaced by ‘resident or member of the public’Minutes and other documents going into the public domain are cleared by the chair and vice chair
Sharing of dataPersonal data falls into the hands of a third partyLData is not shared without the consent of the data owner 
Hard copy dataPaper copies of data falls into the hands of a third partyLMinimal data held in paper form, data that is, for example on contracts of employment, are stored securely in the Clerks home.Hard copies no longer required are cross shredded
Electronically held dataTheft or loss of laptop and remote devicesLLaptop access password protected. All files held in cloud storage. All councillors access files within the Leven PC system. Councillors advised to secure personal device. Safe disposal of old IT equipment vis ERYC ICT services.More training for Parish Councillors on data security
AREA OF RISKRISKLEVEL H/M/LMANAGEMENT OF RISKACTION
Email securityUnauthorised access to council emailsLEmails accounts all within the Leven PC domain and are password protected. Use of bcc to send wider mail shots to external parties. Delete emails from residents when issues have been resolved.Do not forward emails from residents cut and paste information into a new email.
General internet securityUnauthorised access to council computers and filesLComputer password protected and has up to date anti virus software.  Operating system is hosted remotely through a host organisation that manages storage in line with GDPR requirements.Remind Councillors to ensure their security systems are up to date and installed correctly.
Use of WhatsappAccess to whatsapp group dataMNever refer to personal data when using the Leven PC whatapp groupContinue to remind councillors
Website SM securityPersonal information or photographs of individuals  publishedMEnsure written consent is secured for photographs of individuals including parental consent for those under 17. Security is provided on the website by the host organisation (Getextra) including statements regarding GDPR.Provide a proforma for consent for events
Financial RisksFinancial loss following a data breachLThe council has funds in reserve for contingencies related to finesEnsure insurance policy covers liability cover for data breaches
FilmingFilming and recording at meetingsLIf a meeting is closed to discuss confidential information ensure no phones or other devices are able to record the session. If filming of public meeting is enabled ensure all filmed give consent if not ensure those not giving consent are not recordedChair to issue a statement on recording at the beginning of all meetings