Data protection issues are now regularly in the press and bring into focus the need for Trustees to ensure that the documentation they hold is secure and remains confidential. We set out below a check list for Trustees to consider when holding trust documentation:
- Ensure IT security is up to date and relevant;
- Use data encryption – disk encryption, EFS encryption and password-protect documents;
- Use file-level and share-level security;
- Monitor incoming and outgoing data on the network;
- Ensure all employee devices and external login facilities are safe and secure; and
- Ensure only authorised persons have access to data files;
- Monitor incoming and outgoing document transfer;
- Ensure historical hard copies are stored in a secure archive facility; and
- Destroy unnecessary duplicates.
- Back up and segment data regularly – do not store all information in one place;
- Scale down the data – keep only the data you need for routine current business, safely archive or destroy older data and remove from all computers and devices; and
- Know what data you have – knowing the nature of the data will ensure you have the adequate levels of protection in place to keep confidential data confidential and safe from loss.
- It is important for trustees and/or directors of companies to be clear of their capacity in which they have access to data and be consistent with any approach taken
- There should be a clear separation between information held at company level and information held at trust level (i.e. Companies cannot access trust information and vice versa). The separation should be controlled by way of separate data storage and separate email accounts (even if the same person is director and trustee)
- Individuals should not be able to access data in a personal capacity.