Section outline

  • Encryption methods are always used to protect confidential and personal information within the Company and when transmitted across data networks. We also use encryption methods when accessing the Company network services, which require authentication of valid credentials (usernames and passwords). 

    Where confidential data is stored on or accessed from mobile devices (for example, laptops, tablets, smartphones, external hard drives, USB sticks, digital recorders) the devices themselves are encrypted (using "disk" encryption), irrespective of ownership. Where strictly confidential data is stored in public, cloud-based storage facilities the data must be encrypted prior to storing to ensure that it is not possible for the cloud service provider to decrypt the data. 

    Where data is subject to an agreement with an external organisation, the data should be handled (stored, transmitted, or processed) in accordance with the organisation’s specified encryption requirements. 

    Where there is a requirement to remove or transfer personal information outside of the Company, it is always kept in an encrypted format. Encryption is used whenever appropriate on all remote access connections to the organisation’s network and resources.  

    All confidential and restricted information transmitted via email is encrypted. Where a secret key is provided to decrypt, this is done so in a separate format from the original email.