Common use of Transfer of Client Data Clause in Contracts

Transfer of Client Data. 2.1 Any proposed transfer of Client data, whether hard copy or electronic, must be approved by the Client’s appropriate Data Guardian in writing. If the Contractor is unsure whether the necessary approval has been obtained the data transfer must not proceed. Where electronic data transfers are necessary in the performance of the Contract, they should be made by automated electronic secure transmission via the Government Secure Internet (GSI) with the appropriate level of security control. Individual data records (unless as part of a bulk transfer of an anonymised respondent survey data) will require specific transfer arrangements. Transfer of aggregated data such as results, presentations, draft and final reports may also need discussion and agreement, again in advance of any such transfer. Whenever possible, putting data on to removable media should be avoided. Where this is unavoidable: hard drives and personal digital assistants must not be used except in the circumstances set out in the Client’s Data Security booklet; and CD-ROM/DVD/floppy/USB sticks are only to be used after discussion and agreement with the Client in advance of any such transfer. If the use of removable media is approved, data must be written to them in a secure, centralised environment and be encrypted to HMRC standards. If you anticipate transferring data, especially using removable media, during the delivery of this project please set out proposed transfer procedures for consideration;

Transfer of Client Data. 2.1 Any proposed transfer of Client data, whether hard copy or electronic, must be approved by the Client’s appropriate Data Guardian in writing. If the Contractor is unsure whether the necessary approval has been obtained the data transfer must not proceed. Where electronic data transfers are necessary in the performance of the Contract, they should be made by automated electronic secure transmission via the Government Secure Internet (GSI) with the appropriate level of security control. Individual data records (unless as part of a bulk transfer of an anonymised respondent survey data) will require specific transfer arrangements. Transfer of aggregated data such as results, presentations, draft and final reports may also need discussion and agreement, again in advance of any such transfer. Whenever possible, putting data on to removable media should be avoided. Where this is unavoidable: • hard drives and personal digital assistants must not be used except in the circumstances set out in the Client’s Data Security booklet; and • CD-ROM/DVD/floppy/USB sticks are only to be used after discussion and agreement with the Client in advance of any such transfer. • If the use of removable media is approved, data must be written to them in a secure, centralised environment and be encrypted to HMRC standards. If you anticipate transferring data, especially using removable media, during the delivery of this project please set out proposed transfer procedures for consideration;