Data Protection Policy
To protect Biffs taxis information assets to reduce any potential risk, which could expose sensitive data, to an unnecessarily high level of risk, particularly in circumstances where data is taken out of the information system. To maintain confidentiality of all information processed or held by Biffs taxis
This Data Protection Policy applies to all data assets of Biffs taxis Specifically, it includes:
• Intellectual Property (IP), whether owned by Biffs taxis or provided by a third party.
• Personally Identifiable Information (PII) for employees, clients or other third parties.
• Financial information for Biffs taxis its employees, clients or other third parties.
• Other non-public data or information assets deemed the property of Biffs taxis
• Other public data or information assets deemed the property of Biffs taxis
1. All privileged information, whether stored in system or out of system (via information media) will be protected by data protection mechanisms to ensure the highest levels of confidentiality, integrity and availability. Non-privileged information will be protected to ensure the highest levels of integrity and availability.
2. Only personnel that have previously been authorized are allowed to enter information into an information system. Inputs will be restricted according to granted permissions, though these restrictions may be lifted on a temporary basis based on pre-defined project responsibilities. In such circumstances, additional authorization is required and must be granted before restrictions are lifted.
3. Where possible, information systems will check entered information for accuracy, completeness, validity and authenticity. These checks will be performed as close to the point of information entry as possible and will attempt to ensure that data corruption does not occur.
Procedure 1 Configure systems to store confidential and sensitive data in a secure manner:
Procedure 2 Positively dispose of data that is no longer required:• Use software or hardware delete functions to remove non-confidential data from systems once that data is no longer required.
Procedure 3 Configure systems to transmit confidential and sensitive data in a secure manner:
Procedure 4 Configure systems to restrict and validate data input:
• Data should only be input by those with appropriate accounts and account permissions.
• Inputted data should be checked for accuracy, authenticity, completeness and validity by the system in operation. Policy to be reviewed in 2 years by owners Chris and Trina Bithell
Violation of any of the constraints of these policies or procedures will be considered a security breach and depending on the nature of the violation, various sanctions will be taken:
• A minor breach will result in written reprimand.
• Multiple minor breaches or a major breach will result in suspension.
• Multiple major breaches will result in termination.