Guidance and Criteria for Determining Public vs. Private Information for inclusion on the Interchange
Ensuring Data Security and Privacy
Introduction
In a world increasingly reliant on digital information, it is essential to establish clear guidelines and criteria for determining what information should be made publicly accessible and what should remain private on the Council’ Interchange Site.
This guidance aims to outline the principles and practices for safeguarding sensitive information and ensuring that only appropriate data is shared publicly on the interchange and what information should be within restricted employees access.
Criteria for Public Information
Public information is data that can be freely accessed by anyone without risking the privacy, security, or reputation of individuals or the council. The following criteria can help determine if information should be public:
Non-Sensitive Data.
This includes:
- Information that is already publicly available from other sources.
- Data that does not include personal identifiers, financial details, or confidential business information.
- General information about the council’s structure, public policies, and contact details.
Educational Content
This includes:
- Resources and materials intended for public education and awareness.
- Research findings and reports that do not contain sensitive or private data e.g. budgets, personal data of school staff etc.
Transparency and Accountability
This includes:
- Annual reports, financial statements, and governance documents that demonstrate transparency.
- References to meeting minutes and decisions that do not disclose confidential deliberations or personal information.
Criteria for Private Information
Private information must be protected to preserve the privacy and security of individuals and the council. The following criteria can help determine if information should remain private:
Personal Identifiable Information (PII)
- Names, addresses, phone numbers, and email addresses of individuals.
- Any other identification details, financial information, and other sensitive personal data.
Confidential Business Information
- Private data and intellectual property e.g. financial details/projections, budgets etc.
- Contracts, agreements, and internal communications.
Security and Compliance
- Information that, if disclosed, could compromise the council’s security or integrity e.g. passwords
- Data subject to legal or regulatory restrictions on distributing e.g. service user’s details.
Access Controls and Data Management
It is crucial to implement robust access controls and data management practices to ensure information is appropriately classified and protected. Where the information you wish to share contains any of the criteria for private information, then you must ensure that the required access permissions are set when you upload your document
Alternatively, when you require ICT to upload your documents, ICT will assign access permissions based on the instructions you have provided so it is important that you consider the content before submitting your request. This will ensure that only authorised staff can access sensitive information and access to the public is not available. All requests for ICT to upload a document to the interchange should be submitted via a service desk request.
If you are in any doubt, please discuss with your line manager and remember the Interchange is not a document repository like Sharepoint and should not be used for storing files.
Good Practice requires Regular Audits and Reviews
Conduct regular audits to ensure compliance with data protection policies. It is often too easy to forget the documents you have shared on the Interchange so building in regular reviews and updating information helps manage information effectively.
Remember to review access permissions and update them as needed based on changes in the council.
By adhering to these guidelines and criteria, the council can ensure that we strike the right balance between transparency and privacy. Proper classification and protection of information help maintain trust, comply with legal and regulatory requirements, and safeguard sensitive data from unauthorised access or disclosure.
Further resources:
Learnpro: GDPR eLearning Module
March 2025