The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Secure areas

You secure physical business locations to prevent unauthorised access, damage and interference to personal data.

Ways to meet our expectations:

  • You protect secure areas (areas that contain either sensitive or critical information) by appropriate entry controls such as doors and locks, alarms, security lighting or CCTV.
  • You have visitor protocols in place such as signing-in procedures, name badges and escorted access.
  • You implement additional protection against external and environmental threats in secure areas such as server rooms.
  • Office equipment is appropriately placed and protected to reduce the risks from environmental threats and opportunities for unauthorised access.
  • You securely store paper records and control access to them.
  • You operate a clear desk policy across your organisation where personal data is processed.
  • You have regular clear desk 'sweeps' or checks and issues are fed back appropriately
  • You operate a 'clear screen' policy across your organisation where personal data is processed.

Can you answer yes to the following questions?

  • Are printer/fax areas secure?
  • Do staff follow protocols and are they clearly communicated?
  • Would we see appropriate environmental controls in your secure areas?
  • Would a tour of your offices reveal an effective clear desk policy?
  • Are screens left unlocked?