We recognise that our robust digital and physical security must be supported by our staff. 

We provide a structured training program to all staff appropriate to their level of data access.  This includes their induction training, regular ‘top-up’ training as well as additional training as it becomes appropriate. We also provide training to our data engineers and data scientists to ensure that we "bake privacy in by design". 

We encourage a culture whereby staff hold each other to account, they are able to challenge each other on their use of data, and to report any concerns either through their supervisor or anonymously through a promoted ‘whistle-blower’ process.  As a management team, we take all data concerns seriously.

When we are developing our applications we approach these projects with a ‘Baking privacy in by design’ mindset.  We undertake privacy ‘risk assessments’ before embarking on new developments and only use PII where absolutely necessary to achieve the goals of the development.  Staff are trained on the impact of ‘big data’ on privacy of individuals.

Access to data by staff is carefully controlled to authorised staff members only.   Authorised access is granted to staff who have a genuine requirement to access the data and who have been appropriately trained in the relevant data protection legislation.

We have a range of Policies that staff must abide by including; Data Access Policies, Privacy Policies.