Data Transfer Method Sample Clauses

Data Transfer Method. All parties to this agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. (1) (f) of the GDPR. St Bart’s and all academies must make sure they have procedures in place to prevent:

Data Transfer Method. The parties to this Agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data.  Accidental compromise or damage during storage, handling, use, processing, transmission or transport;  Deliberate compromise or opportunist attack;  Unauthorised disposal or destruction of the data;  Unauthorised access;  Accidental loss of personal data should be avoided through the implementation of appropriate security procedures. Regular flow (specify frequency) See Appendix A More than 21 items per flow Yes Give full details of how the transfer will be made and what security measures will be in place e.g. encryption, business secure mail or recorded signed for etc. Face to face Named point of contact at BMBC and school Electronically (state method) Perspective Lite Secure File Transfer (Angel Solutions) Secure E Mail Yes – Egress, 7zip, password protected Other Synergy – Servelec (Orchestra) Has a risk assessment been carried out on the chosen methods of transfer? Yes – BMBC Information Security Team What are the identified risks? Email is sent to the wrong email address – training provided to all staff – access to email can be revoked.

Data Transfer Method. All parties to this agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data.

Data Transfer Method. All parties to this agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. (1) (f) of the GDPR. BMDC and schools must make sure they have procedures in place to prevent: Where BMDC requests information from schools we will ensure we prescribe the manner of the delivery in an appropriate secure method. The data transfer method may change depending on the information to be provided, however BMDC will provide a secure alternative where necessary. BMDC will ensure information is collected and maintained in a secure manner compliant with the DPA/GDPR obligations.

Data Transfer Method. All parties to this agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. Regular flow (specify frequency) Daily Ad hoc N/A Give full details of how the transfer will be made and what security measures will be in place e.g. encryption, business secure mail or recorded signed for etc. Face to face N/A Telephone Contact schools to resolve pupil levels data conflicts. AnyComms N/A Secure E Mail To facilitate additional data validation from the DfE. Secure Mail N/A Secure Courier N/A Encrypted Removable Media N/A Other (please state method) Pupil level data is transferred from the schools Management Information System using encrypted third party file transfer. The transfer of this data is automatic and secure. Has a risk assessment been carried out on the chosen methods of transfer? Risk Factors have been assessed in DPIA number DPO21-47. What are the identified risks? Risks identified in DPIA number DPO21-47.  An employee may gain unauthorised access to the system, accessing personal data inappropriately. Either via password sharing or IT system error.  A user may download the data and use it for an unauthorised purpose.  An outside agency tries to access the data (hacking)  Data not being backed up, data which is lost is not capable of being retrieved  An employee changes sensitive data for their own purposes  Personal Sensitive Data is being shared with multiple parties in a joint project and there is the possibility of it going to the wrong place or ensuring the compliance of data protection of the other parties  Inadequate functionality (risks: not able to locate/delete records)

Data Transfer Method. All parties to this agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. (1) (f) of the GDPR. Primary Engineer and the school must make sure they have procedures in place to prevent: Accidental compromise or damage during storage, handling, use, processing, transmission or transport; Deliberate compromise or opportunist attack; Unauthorised disposal or destruction of the data; Unauthorised access; Accidental loss of personal data should be avoided through the implementation of appropriate security procedures. Where Primary Engineer requests information from schools we will ensure we prescribe the manner of the delivery in an appropriate secure method. The data transfer method may change depending on the information to be provided, however BMDC will provide a secure alternative where necessary. Primary Engineer will ensure information is collected and maintained in a secure manner compliant with the DPA/GDPR obligations.

Data Transfer Method. All parties to this agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. Regular flow (specify frequency)  The Provider submits details of the children eligible to free early education and care on a termly basis i.e. school term.  The Provider also submits their data for the Annual Early Years Census return by the deadline set in January.  Providers must submit their data in accordance with the deadlines set out in the claim deadlines and payment schedule, the schedule for the financial year 2019/20 can be downloaded here: xxxx://xxx.xxxxxxxx.xxx.xx/beta/working-with- children/pdf/childcare-providers/free-early-education-care-funding-calendar-19.pdf  Academies must continue to provide daily/weekly pupil data transfers to the School Data Quality Team via the automated transfer system as per the Data Sharing Agreement with the School Data Quality Team. Give full details of how the transfer will be made and what security measures will be in place. Other (please state method)  Transfer of child data from the Provider to Kirklees Council is via a secure online portal provided by Servelec. Each Provider has a secure login xxxxx://xxxxxxxxxx.xxxxxxxx.xxx.xx/ProviderPortal  Transfer of child data from Academies to Kirklees Council is also via Groupcall Xporter and Anycomms+, authorised officers/staff have a secure login xxxxx://xxx.xxxxxxxx.xxx.xx/Login.aspx  Transfer of Early Years Pupil Premium eligibility confirmation from Kirklees Council to Academies is via AnyComms+, authorised officers/staff have a secure login xxxxx://xxx.xxxxxxxx.xxx.xx/Login.aspx  Transfer of eligibility evidence from the Provider to Kirklees Council is via a secure document upload xxx.xxxxxxxx.xxx.xx/xxxxxxxxxx  Transfer from Kirklees Council to the Department for Education is via a secure online portal, authorised officers have a secure login xxxxx://xxxxxxxx.xxxxxx.xxxxxxxxx.xxx.xx Has a risk assessment been carried out on the chosen methods of transfer? Yes What are the identified risks?  Council network violation  Department for Education network violation  Login details accessed by unauthorised officers/staff  Data sent to incorrect recipient Address Kirkgate Buildings, Xxxxx Street, Huddersfield, HD1 1BY Responsible Manager Xxxxxx Xxx Contact number 00000 000000 Review Date January 2020

Data Transfer Method. Data is transferred via an automated electronic data interchange (data feed). An automated process has been created to collect and transfer the data securely. When the agreement is signed, each school will approve the set up of the data feed which may involve some installation of software. Once the data feed is approved there is no manual input. Stability of the data feed is monitored by Wakefield Council to ensure data is transmitted daily. Regular flow (specify frequency) Data flow is entirely automated and data will be extracted from connected schools on a daily basis for transfer to the EYES system Ad hoc N/A More than 21 items per flow Yes Fewer than 21 items per flow No Face to face N/A Telephone N/A Safe haven fax (or faxed following procedure) N/A Electronically (state method) Using an electronic data interchange methodology data is extracted from the school’s management information system using the functionality of the Groupcall Xporter module on a daily basis. This will then be stored in the XVault database which is hosted by Liquidlogic on a secure network on behalf of Wakefield Council. The XVault database stores the latest set of data collected from each connected school. The EYES systems has a connection enabling the system to query the XVault to collect data to import into EYES. The imported data is held securely in a set of staging tables for processing where pupil records are matched to existing records in the EYES system and data differences are highlighted for resolution. Secure Mail N/A Secure Courier N/A Encrypted Removable Media N/A Other N/A The methods used will vary dependent on individual circumstances and organisational policies and procedures. Has a risk assessment been carried out on the chosen methods of transfer? The transfer of data is through an automated process using accredited and trusted software. The software also enables the data to be held in a database on a secure network which is hosted by Liquid Logic on behalf of the Council What are the identified risks? As part of the procurement and ongoing implementation process, due diligence has been carried out by Wakefield Council’s Technology Service on the range of functionality of the EYES and this has included system and integration within the Council network. Functionality and security arrangements have been found to be fully compliant with Council requirements.

Data Transfer Method. All parties to this agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. Regular flow (specify frequency) Quarterly in 2017 thereafter monthly in 2018 More than 21 items per flow Yes Give full details of how the transfer will be made and what security measures will be in place e.g. encryption, business secure mail or recorded signed for etc. Encrypted Removable Media Yes Has a risk assessment been carried out on the chosen methods of transfer? Yes What are the identified risks? The table below identifies the risks associated with the extraction of the data and the safeguards to mitigate risks: Identifying patients Patient identifiers are removed or replaced from the extraction. NHS number is pseudonymised Trusted organisation retains the source key of the pseudonym process Information held at BTHFT and the Ark Data is stored in a secure data environment Controls are implemented to ensure secure data access All data processor users are required to sign a confidentiality agreement Data contributors restrict data provided for patients that have registered an objection in line with recommendations from Dame Xxxxx Xxxxxxxxx’x report BTHFT and the University of Leeds have a Level 2 (satisfactory) IGT score Re-identifying patients GPs and Consultants will be provided access to the linked datasets providing direct care to patients only where the patient has specifically consented. Including patients that have opted out of the programme The extraction ignores patient records that have opted out of the programme where any of the opt out read codes in section 4 have been recorded. Transfer of data from data sources to the Trusted organisation / Data Processor The Trusted organisation and data contributors apply technical and physical controls on the transfer of data between data sources and the trusted organisation/data processor to minimise the risk of unlawful access, data loss and hacking. The public are unaware of the Connected Yorkshire programmes, the data that is collected, how it is used and the personal and public benefit A communications campaign is implemented to ensure that the public are informed and aware of the Connected Yorkshire programme. Patient information materials are made available which include details of where to find out more about the programme including data sharing and how to object if they do not wish ...

Data Transfer Method. All parties to this agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. Less than 21 items per flow For Police Data: It is expected that parties of this agreement will have in place baseline security measures compliant with or be equivalent to BS17799: 2005 and ISO/IEC 27001:2013 and HMG standards in relation to information security.