Common use of Data Transfer Method Clause in Contracts

Data Transfer Method. All parties to this agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. Regular flow (specify frequency) Daily Ad hoc N/A Give full details of how the transfer will be made and what security measures will be in place e.g. encryption, business secure mail or recorded signed for etc. Face to face N/A Telephone Contact schools to resolve pupil levels data conflicts. AnyComms N/A Secure E Mail To facilitate additional data validation from the DfE. Secure Mail N/A Secure Courier N/A Encrypted Removable Media N/A Other (please state method) Pupil level data is transferred from the schools Management Information System using encrypted third party file transfer. The transfer of this data is automatic and secure. Has a risk assessment been carried out on the chosen methods of transfer? Risk Factors have been assessed in DPIA number DPO21-47. What are the identified risks? Risks identified in DPIA number DPO21-47.  An employee may gain unauthorised access to the system, accessing personal data inappropriately. Either via password sharing or IT system error.  A user may download the data and use it for an unauthorised purpose.  An outside agency tries to access the data (hacking)  Data not being backed up, data which is lost is not capable of being retrieved  An employee changes sensitive data for their own purposes  Personal Sensitive Data is being shared with multiple parties in a joint project and there is the possibility of it going to the wrong place or ensuring the compliance of data protection of the other parties  Inadequate functionality (risks: not able to locate/delete records)

Data Transfer Method. All parties to this agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. Regular flow (specify frequency) Daily Ad hoc N/A Give full details of how the transfer will be made and what security measures will be in place e.g. encryption, business secure mail or recorded signed for etc. Face to face N/A Telephone Contact schools to resolve pupil levels data conflicts. AnyComms N/A Secure E Mail To facilitate additional data validation from the DfE. Secure Mail N/A Secure Courier N/A Encrypted Removable Media N/A Other (please state method) Pupil level data is transferred from the schools Management Information System using encrypted third party file transfer. The transfer of this data is automatic and secure. Has a risk assessment been carried out on the chosen methods of transfer? Risk Factors have been assessed in DPIA number DPO21-47. What are the identified risks? Risks identified in DPIA number DPO21-47.  • An employee may gain unauthorised access to the system, accessing personal data inappropriately. Either via password sharing or IT system error.  • A user may download the data and use it for an unauthorised purpose.  • An outside agency tries to access the data (hacking)  • Data not being backed up, data which is lost is not capable of being retrieved  • An employee changes sensitive data for their own purposes  • Personal Sensitive Data is being shared with multiple parties in a joint project and there is the possibility of it going to the wrong place or ensuring the compliance of data protection of the other parties  • Inadequate functionality (risks: not able to locate/delete records)