Information and Data Policy

NATIONAL FIELD SERVICES INFORMATION SECURITY POLICY

The objective of information security is to ensure the company’s business continuity and minimise business damage by preventing and minimising the impact of any security incidents, and breaches of privacy and data protection.

OUR POLICY
The purpose of the Policy is to protect our information assets 1 from all threats, whether internal or external, deliberate or accidental

Information takes many forms and includes data stored on computers, transmitted across networks, Intranets, the Internet, printed out or written on paper, sent by fax, stored on tapes and diskettes, or spoken in conversations over the telephone.

It is the Policy of National Field Services to ensure that:

  • Information will be protected against unauthorised access.

  • Confidentiality of information will be assured2.

The protection of valuable or sensitive information from unauthorised disclosure or intelligible interruption.

  • Integrity of information will be maintained3.

Safeguarding the accuracy and completeness of information by protecting against unauthorised modification.

  • Regulatory and legislative requirements will be met4.

This applies to record keeping and the controls we have  in place; it includes the requirements of legislation such as the companies Act, the Privacy Act 2001, MRSA/ESOMAR Codes of Conduct.

Business Continuity plans will be produced, maintained and tested5.

This will ensure that information and vital services are available to users when they need them.

  • Information security training will be available to all staff.

  • All breaches of information security, actual or suspected, will be reported to, and investigated by the Senior Management of the Company.

  • National Field Services’ Standards have been produced to support this policy and form part of our Quality Management System (QMS).  These include e-mail policy, telephone and voicemail protocol, data privacy and data protection, virus control, passwords and encryption, Internet access, and the use of unauthorised software.

  • All managers are directly responsible for the implementation this Policy and security standards within their departments and teams and for adherence by their staff.

  • It is the responsibility of each employee to adhere to this Policy and the associated security standards.

NATIONAL FIELD SERVICES - Data Privacy and Data Protection Policy

National Field Services needs to collect and use certain types of information about people with whom it deals in order to operate. These include current, past and prospective employees, interviewers, suppliers, clients and others with whom it communicates. In addition, it may occasionally be required by law to collect and use certain types of information of this kind to comply with the requirements of government departments for business data for example. This personal information must be dealt with properly however it is collected, recorded and used – whether on paper, in a computer, or recorded on other material – and there are safeguards to ensure this is done in the Privacy Act 1998, Privacy Amendment (Private Sector) Act 2000 and the Market and Social Research Privacy (M&SRP) Principles (August 2003). 

We regard the lawful and correct treatment of personal data by National Field Services as very important to successful operations, and to maintaining confidence between those with whom we deal and ourselves. We ensure that our organisation treats personal information lawfully and correctly.  To this end we fully endorse and adhere to the M&SRP Principles as our Industry specific Privacy Principles enumerated in the Privacy Act 1998, Privacy Amendment (Private Sector) Act 2000. 

The approval of the  M&SRP Principles Market on 27 August 2003 indicates that the Privacy Commissioner is satisfied that the Market and Social Research Privacy Principles included in this Code are at least the overall equivalent of all of the obligations set out in the National Privacy Principles in the Privacy Act 1988 (Commonwealth).  These Principles seek to give effect to the National Privacy Principles in the Privacy Act 1988 (Commonwealth) in a manner that is tailored to the research context, while providing the public and business community with the assurances needed to encourage informed and willing participation in market and social research activities. The M&SRP Principles replace the National Privacy Principles in the Privacy Act 1988 (Commonwealth) in governing the collection, retention, use, disclosure and transfer of information about the subjects of and participants in market and social research, that is, any individual about or from whom any information is sought, collected, retained, used, disclosed and/or transferred by a research organisation for the purposes of research.  These principles reflect the fact that participation in market and social research is voluntary, that market and social researchers are generally not interested in making use of the identity of research participants and that they use, disclose and/or transfer the information collected only for research purposes.

In summary, our principles for all personal information are:

  1. Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met;

  2. Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those    purposes;

  3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed;

  4. Shall be accurate and, where necessary, kept up to date;

  5. Shall not be kept for longer than is necessary for that purpose or those purposes;

  6. Shall be processed in accordance with the rights of data subjects under the Act;

  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;

    Shall not be transferred to a country or territory unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.