Data Access and Confidentiality Policy

Purpose and Scope

In the course of Intersect’s business, we will receive confidential information from, and give confidential information to, other parties. This policy provides a set of guidelines to define acceptable standards in relation to handling confidential information and is intended to apply to Intersect, its employees and members, and to other parties such as suppliers with which Intersect engages.

This policy should be read in conjunction with other relevant Intersect policies and documents, including the Code of Conduct, the Intellectual Property Rights Policy, the Privacy Policy, and the Intersect Membership Agreement (all of which are available at https://docs.intersectmbo.org/).

This policy applies to all recipients of confidential information in the course of Intersect’s business, including employees regardless of working pattern or nature of employment contract. It also applies to anyone working within the premises of and / or for Intersect (for example sub-contractors, consultants, secondees from another organisation or agency staff). The word employee(s) in the context of this policy should be taken to mean all such individuals, unless specifically referred to as being directly employed by Intersect.

Intersect also expects other parties with which it engages to observe this policy, whether or not it is expressly incorporated in relevant contractual documents. The expression “Recipient” in this policy therefore includes Intersect itself, its members, employees, and affiliates, third parties with which Intersect engages, and their representatives: and the expression “Discloser” refers to those same parties when they disclose confidential information to a Recipient.

Policy Statement

Although Intersect is committed to upholding and promoting open-source principles, there are many situations in which the parties involved will expect information disclosed to the other or others will be treated as confidential. Recipients must always err on the side of caution in considering whether information is sensitive or confidential.

Recipients shall keep confidential any non-public or proprietary information (“Confidential Information”) that the Recipient may receive from a Discloser (or have access to) and shall not disclose such Confidential Information. Confidential Information excludes information that: (i) is released into the public domain by the Discloser; or (ii) the Recipient is required to disclose pursuant to court order (provided that such Recipient, if an employee or member of Intersect, shall promptly notify Intersect of such court order, so that Intersect can take legal measures to protect such disclosure).

Implementation, monitoring and review of the policy

Overall responsibility for policy implementation, monitoring and review lies with Intersect. Everyone covered by the scope of the policy is obliged to adhere to and facilitate implementation of the policy. Appropriate action will be taken to inform all new and existing employees and others covered by the scope of the existence of the policy and their role in adhering to it. The policy will be reviewed at such times as legislation or a change to the Intersect policy position requires it. The policy will be made available to the general public.

Requirements

Disclosure of Information

Intersect is committed to making the organisation as open, accountable and transparent as practicable, subject to statutory provisions covering the handling of personal data (on which see the Privacy Policy). It is important that all employees:

• only access information related to work they have been required to carry out

• remember, that even if confidential or personal information appears trivial or widely known, it should not be disclosed to anyone outside the office except in the terms of this policy or with specific authorisation,

• ensure that all papers and electronic files associated with the work of Intersect are kept securely.

Employees must not disclose knowledge gained in the course of their work in social settings or on social media and should avoid discussions of a confidential nature in any setting where they may be overheard.

When photocopying or working on confidential documents, Recipients must ensure that these are not seen by people in passing. This also applies to information on computer screens. Recipients should ensure that when they are working with confidential information, be that in hard copy or electronically, others who are not party to the information do not inadvertently see it. Laptops, computers and other digital devices used to view Confidential Information should all have password protected log in screens and/or screensavers so that their contents cannot be viewed without the proper authorisation if they are left unattended for any time. The duty of confidentiality continues to apply after an individual leaves Intersect employment

Data Protection Act

Intersect recognises that information about individuals, whether held electronically or on paper, falls within the scope of the Data Protection Act and must be handled in such a way as to comply with the data protection principles. Intersect will ensure that personal data is:

• obtained and processed fairly and lawfully

• processed for limited, specified purposes

• adequate, relevant and not excessive

• accurate and up to date

• not kept longer than necessary

• processed in accordance with the individual’s rights, as set out in the Data Protection Act and the UK GDPR

• kept secure and protected

• not transferred unless to a country which has adequate protection for the individual or as otherwise permitted by law.

Breaches of the Policy

Anyone who does not comply with this policy, and is directly employed by Intersect, may be subject to disciplinary action as set out in the disciplinary procedures.

Any other person covered by this policy, and found not to comply, will be reported to the relevant office/employer. This may also result in Intersect terminating any contract.