The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Security for transfers

You have appropriate security measures in place to protect data that is in transit, data you receive or data you transfer to another organisation.

Ways to meet our expectations:

  • You document rules to protect the internal and external transfer of records by post, fax and electronically, for example in a transfer policy or guidance.
  • You minimise data transferred off-site and keep it secure in transit.
  • When you transfer data off site, you use an appropriate form of transport (for example secure courier, encryption, secure file transfer protocol (SFTP) or Virtual Private Network (VPN)) and you make checks to ensure the information has been received.
  • You have agreements in place with any third parties used to transfer business information between your organisation and third parties.

Can you answer yes to the following questions?

  • Are staff aware of the policies and procedures and do they follow them?
  • Do staff know how to send emails or information by post or fax securely?
  • Have they been using appropriate forms of transport?