DO…
- Do report the loss of KPC personal data immediately to the KPC Data Protection coordinator, stating whether or not passwording and/or encryption and/or physical security measures were in use to protect the personal data, and whether it was lost or stolen (if known). Include any police incident number if a police report has already been submitted.
- Do inform the KPC Data Protection coordinator (in addition to the owners of the website if not a KPC web page or email) if you receive an unsolicited email, letter, text or phone call asking for personal information
- Do ensure that manually held personal data is held securely, for example in a locked drawer or cupboard for storage and marked ‘confidential’
- Do ensure that personal data transferred manually is handed over personally to the intended recipient, appropriately enveloped or in a secure container, marked ‘confidential’
- Do encrypt or password-protect personal data before it is transferred electronically. Add a passworded document as an email attachment or when using FTP (file transfer protocol) software
- Do use SFTP (secure FTP software) rather than FTP if not using email to transfer personal data
- Do encrypt or password-protect personal data when it is stored electronically.
- Do change passwords periodically, typically every few months if not more frequently
- Do use blind copy (Bcc) for emails when emailing a large number of people, unless everyone has agreed for their details to be shared amongst ‘the group’
- Do include a rider at the end of emails which have been distributed using Bcc to show who has been included in distribution ( no email addresses here, only first or full names please – initials may be acceptable in small groups)
- Do use email address book distribution lists for established groups which have been appropriately maintained e.g. by a KPC team leader and/or the KPC Admin Team
- Do, if a KPC Team Leader, share any distribution lists (securely) with the KPC Admin Team, and check regularly with the admin team that changes have been shared bilaterally
- Do read the reference material contained herein and, if in any doubt, contact the KPC GDPR coordinator for more help
DO NOT…
- Don’t reveal any full passwords, login details or account numbers if you receive an unsolicited email, letter, text or phone call asking for personal information.
- Don’t click on any links you do not recognise on web pages or emails
- Don’t use work email addresses for sending or receiving personal information (other than an @churchofscotland.org address)
- Don’t use joint shared email addresses for convenience (e.g. family or husband/wife) when sending or receiving personal information even if for ‘legitimate purposes’
- Don’t write passwords or PIN codes down on paper, ever.
- Don’t leave keys for locked manual storage holding personal data (drawers or cupboards) in plain sight or easily accessible – use key cupboards where possible
- Don’t use free unsecured public WIFI connections for internet connection with devices holding personal data
- Don’t view personal data on electronic or manual media in public places where there is a risk of inadvertently sharing data as a result of ‘shoulder surfing’ by unwanted people
- Don’t share passwords or PINs or security codes verbally in public places
- Don’t use the same password across many documents just because it is easier to remember
Page Views Count since approx. 06/03/2020 =
1