All information users within the Company are responsible for protecting and ensuring the security of the information to which they have access. Managers and staff are responsible for ensuring that all information in their direct work area is managed in conformance with this policy and any subsequent procedures or documents. Staff who act in breach of this policy, or who do not act to implement it, may be subject to disciplinary procedures.
The Company will ensure that staff does not attempt to gain access to information that is not necessary to hold, know, or process and that restrictions and/or encryptions are in place for specific roles within the organisation relating to personal and/or sensitive information.