Page reportSummary
Page Layout
Display issue details:
The line numbers refer to lines in the original source. Any with a line number of '0' are implicit tags added by Total Validator:
1 <!DOCTYPE html>
2 <html lang="en">
3 <head>
6 <script async src="https://www.googletagmanager.com/gtag/js?id=UA-120055720-38">
6 </script>
7 <script>
13 </script>
16 <meta charset="utf-8">
18 <title>
18 Storage of Data on Mobile Devices
18 </title>
20 <meta name="viewport" content="width=device-width, initial-scale=1.0">
21 <link href="css/bootstrap.min.css" rel="stylesheet" type="text/css">
22 <link href="https://fonts.googleapis.com/css?family=Lato:400,700" rel="stylesheet">
23 <link rel="stylesheet" type="text/css" href="css/jquery-ui.css">
24 <link href="css/jquery.tocify.css" rel="stylesheet">
25 <link rel="stylesheet" type="text/css" href="css/formatting-styles.css">
26 <link href="css/print.css" rel="stylesheet" media="print">
41 <link rel='shortcut icon'
href='https://www.proceduresonline.com/resources/logos/procedures/favicon.ico' type='image/x-icon'/>
42 <link rel="apple-touch-icon"
href="https://www.proceduresonline.com/resources/logos/procedures/apple-touch-icon-57x57-precomposed.png
" />
43 <link rel="apple-touch-icon" sizes="72x72"
href="https://www.proceduresonline.com/resources/logos/procedures/apple-touch-icon-72x72-precomposed.png
" />
44 <link rel="apple-touch-icon" sizes="114x114"
href="https://www.proceduresonline.com/resources/logos/procedures/apple-touch-icon-114x114-precomposed.png
" />
48 <link rel="stylesheet" type="text/css" href="css/procedures.css">
49 <link rel="stylesheet" type="text/css" href="css/classic-theme.css">
50 <link rel="stylesheet" type="text/css" href="css/authority.css">
51 <link rel="stylesheet" type="text/css" href="js/cookie-code/jquery.cookiebar.css">
52 <link rel="stylesheet" type="text/css" href="css/hover-box.css">
53 <link rel="stylesheet" type="text/css" href="css/mobile.css">
56 <link rel="stylesheet" id="switcher-css" type="text/css" href="css/switcher.css" media="all" />
57 <link rel="alternate stylesheet" type="text/css" href="css/dark.css" title="dark" media="all" />
58 <link rel="alternate stylesheet" type="text/css" href="css/light.css" title="light" media="all" />
59 <link rel="alternate stylesheet" type="text/css" href="css/normal.css" title="normal" media="all" />
63 </head>
64 <body onload="highlight();">
65 <a class="skip-main" href="#main">
65 Skip to main content
65 </a>
67 <div id="eantics">
67 </div>
68 <div class="print">
73 <div class="navbar navbar-fixed-top" role="navigation">
74 <div class="row banner">
75 <div id="banner">
76 <div class="container banner">
77 <div class="col-sm-4">
78 <div class="outer_logo">
78 <a href="index.html">
78 <img class="banner_logo" src="images/logo/client_logo.png" width="261" height="86"
alt="Warrington logo">
78 </a>
78 </div>
79 </div>
80 <div class="col-sm-6">
81 <div class="outer">
82 <div class="inner">
83 <header>
83 Warrington Children's Services Procedures Manual
83 </header>
84 </div>
85 </div>
86 </div>
87 </div>
89 </div>
91 </div>
92 <div class="container">
93 <div class="navbar-header">
94 <button type="button" class="navbar-toggle" data-toggle="collapse"
data-target=".navbar-collapse">
94 <span class="sr-only">
94 Toggle navigation
94 </span>
94 <span class="icon-bar">
94 </span>
94 <span class="icon-bar">
94 </span>
94 <span class="icon-bar">
94 </span>
94 </button>
95 </div>
96 <div class="collapse navbar-collapse">
100 <ul class="nav navbar-nav">
101 <li>
101 <a href="index.html">
101 Home
101 </a>
101 </li>
102 <li>
102 <a href="contents.html">
102 Policies and Procedures
102 </a>
102 </li>
103 <li class="dropdown">
103 <a class="dropdown-toggle" data-toggle="dropdown" href="#">
103 Resources
103 <span class="caret">
103 </span>
103 </a>
104 <ul class="dropdown-menu">
105 <li>
105 <a href="local_resources.html">
105 Additional Local Resources
105 </a>
105 </li>
106 <li>
106 <a href="http://trixresources.proceduresonline.com/nat_key/index.htm" target="_blank"
rel="noopener">
106 Glossary
106 </a>
106 </li>
107 <li>
107 <a href="http://trixresources.proceduresonline.com/nat_cont/index.htm"target="_blank"
rel="noopener">
107 National Contacts
107 </a>
107 </li>
108 <li>
108 <a href="http://www.minimumstandards.org/regulations.html" target="_blank"
rel="noopener">
108 Regulatory Framework
108 </a>
108 </li>
109 <li>
109 <a href="http://www.keepingchildrensafeineducation.co.uk/" target="_blank"
rel="noopener">
109 KCSIE
109 </a>
109 </li>
110 </ul>
111 </li>
112 <li>
112 <a href="using_this_manual.html">
112 Using this Manual
112 </a>
112 </li>
113 <li>
113 <a href="https://www.proceduresonline.com/pancheshire/warrington/index.html"
target="_blank" rel="noopener">
113 Safeguarding Partnership Procedures
113 </a>
113 </li>
114 </ul>
115 <ul class="nav navbar-nav navbar-right">
115 <li class="dropdown">
115 <a class="dropdown-toggle" data-toggle="dropdown" href="#">
115 Accessibility
115 <span class="caret">
115 </span>
115 </a>
115 <ul class="dropdown-menu">
115 <li>
115 <a href="#Larger" rel="light" class="styleswitch">
115 <span id="Larger">
115 Larger Text
115 </span>
115 </a>
115 </li>
115 <li class="divider">
115 </li>
115 <li>
115 <a href="#High" rel="dark" class="styleswitch">
115 <span id="High">
115 High Visibility
115 </span>
115 </a>
115 </li>
115 <li class="divider">
115 </li>
115 <li>
115 <a href="#Default" rel="normal" class="styleswitch">
115 <span id="Default">
115 Default Text
115 </span>
115 </a>
115 </li>
115 </ul>
115 </li>
115 <li>
115 <a href="zoom/search.php" class="btn btn-1 btn-1a">
115 SEARCH
115 </a>
115 </li>
115 </ul>
117 </div>
119 </div>
120 </div>
125 <div class="container" id="main">
126 <div class="col-sm-4">
127 <div id="toc">
127 </div>
129 </div>
132 <div class="col-sm-8 main_content">
133 <div class="panel panel-default">
134 <div class="share">
134 <span>
134 <a href="#Email" class="st_email glyphicon glyphicon-envelope" style="margin-right:1px;">
134 <span id="Email" class="hidden_share">
134 Email
134 </span>
134 </a>
134 </span>
134 <span>
134 <a href="#Print" id="PrintBtn" class="glyphicon glyphicon-print">
134 <span id="Print" class="hidden_share">
134 Print
134 </span>
134 </a>
134 </span>
134 </div>
135 <div class="panel-body">
136 <h1>
136 Storage of Data on Mobile Devices
136 </h1>
141 <div class="well">
142 <p class="bold">
142 SCOPE OF THIS CHAPTER
142 </p>
143 <p>
143 This chapter provides guidance on the storage of personal data (including photographs) on
mobile devices. 'Personal data' is any information about an identifiable living
individual.
143 </p>
144 <p>
144 'Mobile devices' includes memory sticks, mobile telephones including smartphones, tablet
technologies, netbooks and laptops.
144 </p>
145 <p class="bold">
145 RELEVANT GUIDANCE
145 </p>
146 <p>
146 <a href="https://ico.org.uk/for-organisations/guide-to-data-protection/" target="_blank"
rel="noopener">
146 Guide to Data Protection (Information Commissioner's Office)
146 </a>
146 </p>
147 <table class="table" title="Working from Home/Remote Working">
148 <caption class="hide">
149 Caption: Working from Home
150 </caption>
151 <tr class="hide">
152 <th scope="col">
152
152 </th>
153 <th scope="col">
153
153 </th>
154 </tr>
155 <tr>
156 <td colspan="2" class="table_row_even">
156 <p class="bold">
156 Working from Home/Remote Working
156 </p>
157 <p>
157 It is important to remember that principles of data protection and confidentiality
apply equally when working in a home environment as they do when working in an office
environment.
157 </p>
158 <p>
158 A home environment may pose additional risks and issues of which you must be aware.
158 </p>
159 <p>
159 Please refer to
159 <a href="#home">
159 Section 4, Working from Home/Remote Working
159 </a>
159 .
159 </p>
159 </td>
160 </tr>
161 </table>
162 <p>
162 This chapter was added to the manual in August 2020.
162 </p>
163 </div>
170 <div class="section">
171 <h2 id="intro">
171 1. Introduction
171 </h2>
172 <p>
172 The Data Protection Act 2018 ('the Act') and the General Data Protection Regulations 2018
('the GDPR') regulate the use of 'personal data' – obtaining, storing and processing it.
172 </p>
173 <p>
173 The purpose of the Act is to protect the rights and privacy of identifiable living
individuals and to ensure that the data about them held, processed and used by organisations
is managed properly. It places legal obligations on those who process personal information
and ensures individuals are aware of and exercise some control over how
information about them is to be used.
173 </p>
174 <p>
174 'Personal data' means any information relating to an identified or identifiable living
individual.
174 </p>
175 <p>
175 'Processing' is defined very widely in the Act and will cover any activity carried out
such as:
175 </p>
176 <ul>
177 <li>
177 Collection, recording, organisation, structuring or storage;
177 </li>
178 <li>
178 Adaptation or alteration;
178 </li>
179 <li>
179 Retrieval, consultation or use;
179 </li>
180 <li>
180 Disclosure by transmission, dissemination or otherwise making available;
180 </li>
181 <li>
181 Alignment or combination; or
181 </li>
182 <li>
182 Restriction, erasure or destruction of data.
182 </li>
183 </ul>
184 <p>
184 Advances in technology and increased use of mobile devices can present particular challenges
and increased risk of data breaches, and all relevant staff should be familiar with this
policy.
184 </p>
185 <p>
185 The Information Commissioner's Office (responsible for ensuring compliance with the Data
Protection Act) can and does impose substantial financial penalties for breaches of the
Act.
185 </p>
186 <p class="bold">
186 FAILURE TO ENSURE COMPLIANCE WITH DATA PROTECTION PRINCIPLES COULD LEAD TO DISCIPLINARY
ACTION.
186 </p>
187 </div>
188 <div class="section1">
188 </div>
194 <div class="section">
195 <h2 id="data">
195 2. The Data Protection Principles
195 </h2>
196 <p>
196 The Data Protection Act has a set of principles on how to use personal data
properly. Personal data shall:
196 </p>
197 <ul>
198 <li>
198 Be processed
198 <span class="bold">
198 fairly and lawfully
198 </span>
198 ;
198 </li>
199 <li>
199 Be processed for
199 <span class="bold">
199 specified, explicit and legitimate purposes
199 </span>
199 ;
199 </li>
200 <li>
200 Be
200 <span class="bold">
200 adequate, relevant and not excessive
200 </span>
200 ;
200 </li>
201 <li>
201 Be
201 <span class="bold">
201 accurate and kept up to date
201 </span>
201 ;
201 </li>
202 <li>
202 Be
202 <span class="bold">
202 kept no longer than is necessary
202 </span>
202 ;
202 </li>
203 <li>
203 Be
203 <span class="bold">
203 processed in a secure manner
203 </span>
203 .
203 </li>
204 </ul>
205 </div>
206 <div class="section1">
206 </div>
212 <div class="section">
213 <h2 id="use_mob">
213 3. Use of Mobile Devices to Process Personal Data
213 </h2>
214 <p>
214 In order to ensure compliance with these Data Protection Principles in relation to storage
of data on mobile devices, the following practice
214 <span class="bold">
214 must
214 </span>
214 be adhered to:
214 </p>
215 <ul>
216 <li>
216 Service-users must be informed of what data is to be collected and stored, and the
reasons, including the extent to which the data will be used;
216 </li>
217 <li>
217 All data must be securely stored;
217 </li>
218 <li>
218 All data initially obtained on mobile devices must be held on such devices for the minimum
period necessary, and should then be securely transferred to a secure network;
218 </li>
219 <li>
219 The data must then be removed from the mobile device without delay.
219 </li>
220 </ul>
221 <h3>
221 3.1 Personal Data Shall be Processed Fairly and Lawfully
221 </h3>
222 <p>
222 Principle 1 in the Act states that 'personal data shall be processed fairly and
lawfully'. In practice, this means that you must:
222 </p>
223 <ul>
224 <li>
224 Have legitimate grounds for collecting and using the personal data, and not use the data
for any other purpose;
224 </li>
225 <li>
225 Explain to the service-user what data you will be obtaining and how you intend to use the
data;
225 </li>
226 <li>
226 Handle peoples' personal data only in ways they would reasonably expect.
226 </li>
227 </ul>
228 <h3>
228 3.2 All Data Must be Processed in a Secure Manner
228 </h3>
229 <ul>
230 <li>
230 Personal data must only ever be stored on mobile devices provided for this purpose by the
employer;
230 </li>
231 <li>
231 Personal data must
231 <span class="bold">
231 NEVER
231 </span>
231 be stored on or transferred to staff members' personal devices such as mobile telephones,
tablet or laptop computers, home computers, memory sticks, etc;
231 </li>
232 <li>
232 Mobile devices should be password-protected and encrypted using encryption software which
meets current standards to protect personal data - password protection alone is
insufficient when the mobile device is handling personal data which if lost could cause
damage or distress to individuals;
232 </li>
233 <li>
233 Access to the device should be locked if an incorrect password is input too many times;
233 </li>
234 <li>
234 The device should automatically lock if inactive for a period of time;
234 </li>
235 <li>
235 Mobile devices should be equipped with software to enable the device to be tracked and
remotely wiped of data in the event of loss/theft.
235 </li>
236 </ul>
237 <h3>
237 3.3 Staff Must Take All Practicable Steps to Maintain the Security of the Mobile Device
237 </h3>
238 <ul>
239 <li>
239 Only approved software (e.g. apps) must be downloaded onto mobile devices. Unapproved
software/apps can compromise security of the device;
239 </li>
240 <li>
240 Facilities such as wi-fi or Bluetooth, which could allow others to have remote access to
the device, must be switched off – note that these are likely to be set to 'on' by
default;
240 </li>
241 <li>
241 Physical access to the device must be restricted – do not leave the device unattended or
where it can be viewed by others. Keep the device with you or securely stored, eg in a
locked drawer.
241 <span class="bold">
241 NEVER
241 </span>
241 allow others such as your own family members or the children of service-users to have
access to the device.
241 </li>
242 </ul>
243 <h3>
243 3.4 Data Must be Kept No Longer Than is Necessary
243 </h3>
244 <p>
244 The Data Protection Act stipulates that personal data must not be kept for any longer than
is necessary. All data initially obtained on mobile devices must be held on such devices for
the minimum period necessary, and should then be securely transferred to a secure network.
244 </p>
245 <h3>
245 3.5 Secure Transfer of Data
245 </h3>
246 <ul>
247 <li>
247 A secure method must be used to transfer the data to a secure network as soon as possible
– data should not be retained on the mobile device for any longer than necessary;
247 </li>
248 <li>
248 Data can be securely transferred by secure email, direct transfer from mobile device to
secure network computer or secure remote connection such as a Virtual Private Network
(VPN);
248 </li>
249 <li>
249 <span class="bold">
249 NEVER
249 </span>
249 use personal email, unsecure email or cloud computing to send personal data;
249 </li>
250 <li>
250 <span class="bold">
250 DO NOT
250 </span>
250 use public facilities such as internet cafes to send personal data.
250 </li>
251 </ul>
252 <h3>
252 3.6 Photographs
252 </h3>
253 <p>
253 The Data Protection Act applies to photographs in the same way as to any other personal
data, i.e. the collection and use of images (still or moving pictures) of any person who can
be identified. The Act does not stop a person's image from being captured, but it does
require the image to be obtained fairly, used for a legitimate purpose which does not cause
the individual distress or prejudice and to be kept securely.
253 </p>
254 <p>
254 It is recognised that taking photos or videos of children/young people is a legitimate,
and indeed an essential part of working with them, such as the recording of activities, at
the request of the child or young person themselves, or for life story work. In all such
situations staff should alert their line manager to the fact that photos or videos are being
used and this should be recorded clearly in supervision notes.
254 </p>
255 <p>
255 Workers should also be sensitive to what photography might mean for a child/young person in
that it may have been used abusively with some children/young people.
255 </p>
256 <ul>
257 <li>
257 The use of photography or reproduction of photographic images or the use of videos must
always have a clear and child-centred purpose;
257 </li>
258 <li>
258 Prior to the taking of any photo or video the purpose of this should be explained to the
child or young person according to their age, development and understanding and to the
parent/carer unless there are specific reasons not to do so in which case the
child's/young person's social worker must give permission. A child or young person should
not be photographed if they do not wish to be or if their parent/carer/worker does not
wish them to be;
258 </li>
259 <li>
259 In relation to one-to-one work by staff with children, written consent should be gained
from the child's social worker or parent/carer and placed on the child's file unless the
young person is clearly of an age and understanding to give informed consent on their own
behalf. Key workers must then check that consent is on the child's file before taking
images. For the purpose of group activities when photography is frequently used,
carers/social workers should be notified and written consent gained;
259 </li>
260 <li>
260 Children/young people must be clothed and their torsos covered when being photographed or
videoed. Cultural and religious traditions of clothing must be observed where needed;
260 </li>
261 <li>
261 Staff must not take any photographic images of children/young people to their own home or
keep them in their private possession;
261 </li>
262 <li>
262 If photos or videos are to be used for public display e.g. for publicity purposes,
specific permission must be sought from anyone with
262 <span class="bold">
262 Parental Responsibility
262 </span>
262 , parents/carers/social workers and from the child/young person if appropriate. A separate
consent form will be used for this particular purpose and children must always be dressed
in the images. The name of the child/young person in the image must never be used;
262 </li>
263 <li>
263 Images of children must not be posted on facebook or any other social networking internet
pages.
263 </li>
264 </ul>
265 <h3>
265 3.7 Reporting Security Incidents
265 </h3>
266 <p>
266 Staff should immediately notify their Manager of any loss, theft or wrongful disclosure of
personal or sensitive data/mobile devices.
266 </p>
267 </div>
268 <div class="section1">
268 </div>
274 <div class="section">
275 <h2 id="home">
275 4. Working from Home/Remote Working
275 </h2>
276 <p>
276 It is important to remember that principles of data protection and confidentiality apply
equally when working in a home environment as they do when working in an office environment.
276 </p>
277 <p>
277 A home environment may pose additional risks and issues of which you must be aware.
277 </p>
278 <p>
278 For instance:
278 </p>
279 <ul>
280 <li>
280 Ensure that confidential material and devices containing such material (eg phones/laptops)
cannot be viewed or accessed by other members of the household. It is important to make
sure that children and pets, for instance, do not have access to work laptops. It must be
remembered that the same rules apply to adult members of your household, such as partners;
280 </li>
281 <li>
281 If you have paper copies of personal data, these must be disposed of securely, i.e by
shredding;
281 </li>
282 <li>
282 Be mindful of ensuring that confidential telephone conversations cannot be overheard;
282 </li>
283 <li>
283 Beware of 'smart home' devices (Alexa, Google Home, Nest, Ring, 'nanny cams' etc). These
devices may be 'listening' in to conversations and/or 'watching'. These devices must be
disabled if they are sited close to where you are working;
283 </li>
284 <li>
284 Cloud storage should not be regarded as secure unless specifically provided and approved
by your employer. Likewise with personal devices such as telephones and computers;
284 </li>
285 <li>
285 Remember that you are still working, and appropriate standards of professionalism should
be maintained at all times. Do not post anything on personal social media accounts that
could inadvertently disclose any confidential work material/issues/identifying information
in relation to service-users.
285 </li>
286 </ul>
287 </div>
288 <div class="section1">
288 </div>
291 </div>
294 <div id="footer">
295 <div class="copyright">
296 <p>
296 <a href="http://www.trixonline.co.uk/" target="_blank" rel="noopener">
296 <img src="images/logo/trix-logo.png" width="75" height="75" alt="trix logo">
296 </a>
296 Copyright© signisgroup
296 </p>
297 </div>
298 </div>
299 </div>
300 </div>
302 </div>
304 </div>
305 <div class="container">
307 <div class="modal modal-wide fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModal"
aria-hidden="true">
309 <div class="modal-dialog modal-lg">
309 <div class="modal-content">
309 <div class="modal-header">
309 <strong>
309 Local Resources
309 </strong>
309 </div>
309 <div class="modal-body">
311 
E960 [WCAG21 4.1.2 (A)] Do not use role=presentation|none or aria-hidden=true on a focusable element:
Using either of these on a sequentially focusable element will result in some users focusing on 'nothing'. A sequentially focusable element is an interactive element, or one with a positive 'tabindex'. See Fourth Rule of ARIA Use. <iframe src="https://proceduresonline.com/trixcms1/warringtoncs/doc-library/" title="Document library
popup">
311 </iframe>
313 <script>
313 </script>
313 </div>
313 <div class="modal-footer">
313 E960 [WCAG21 4.1.2 (A)] Do not use role=presentation|none or aria-hidden=true on a focusable element:
Using either of these on a sequentially focusable element will result in some users focusing on 'nothing'. A sequentially focusable element is an interactive element, or one with a positive 'tabindex'. See Fourth Rule of ARIA Use. <a href="#closepopup1" id="closepopup1" class="close" data-dismiss="modal" aria-hidden="true">
313 Close
313 </a>
313 </div>
313 </div>
313 </div>
313 </div>
313 </div>
315 <script src="js/val/test/jquery-1.11.3.min.js" defer>
315 </script>
316 <script type="text/javascript" src="js/highlight.js" defer>
316 </script>
317 <script src="js/iframe/iframeResizer.js">
317 </script>
319 <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" defer>
319 </script>
320 <script src="js/jqueryui/jquery-ui-1.9.1.custom.min.js" defer>
320 </script>
321 <script src="js/jquery.tocify.js" defer>
321 </script>
322 <script src="js/dropdowns-enhancement.js" defer>
322 </script>
323 <script src="js/scroll.js" defer>
323 </script>
324 <script src="js/custom.js" defer>
324 </script>
325 <script src="js/dmss.js" defer>
325 </script>
326 <script type="text/javascript"
src="https://cabbiepete.github.io/jQuery-Share-Email/js/jquery.tmpl.min.js" defer>
326 </script>
328 <script type="text/javascript" src="js/jQuery.print.js" defer>
328 </script>
329 <script src="js/jquery.shareemail.js" type="text/javascript" defer>
329 </script>
330 <script src="js/cookie-code/jquery.cookiebar.js" defer>
330 </script>
333 <a id="scrollup">
333 <i class="up">
333 </i>
333 </a>
334 <div id="background">
335 <p id="bg_text">
335 Trix procedures
335 </p>
336 <p id="bg_text_msg">
336 Only valid for 48hrs
336 </p>
337 </div>
342 <script type="text/javascript">
350 </script>
353 </body>
354 </html>