information protective marking ... - wolverhampton.gov.uk · wolverhampton city council has...

Wolverhampton City Council

INFORMATIONPROTECTIVE MARKING &

INFORMATIONHANDLING

IG Team, March 2015, v1.1

Introduction

Information Protective Marking (IPM) is an information security classification scheme thatrequires the prominent marking of information and documents with a short standardwording that indicates how the information should be handled from a security point ofview.

Wolverhampton City Council has approved a protective marking approach based on theold government protective marking scheme, which is used widely in the public sector.

The aim of this presentation is to help you understand how IPM affects you and your

work. The presentation is in four sections:

1. Why Use IPM

2. The Benefits of IPM

3. How to Apply IPM

4. IPM and Information Handling

You will need to be able to refer tothe IPM Quick Reference Guideduring this slideshow

1. Why Use Information Protective Marking (IPM)?

We all use a great deal of information in our work for the Council, information isthe lifeblood of the organisation, but it comes with responsibilities. For example:-

Sometimes we hold the sensitivepersonal information of service users orour employees. They expect us to keepthis confidential.

We should not disclose personalinformation inappropriately.

Sometimes we deal with contractsand information that is confidential tobusinesses that we deal with

We should not damage a business bydisclosing sensitive commercial

information.

Sometimes we have information instrategies, plans and legal or otherinvestigations that could cause problems ifit was released prematurely.

We need to balance personal rights,operational needs and the public interest.

Most of all we need to know what the potential impact is if the information that we use isnot properly protected.

Adding a protective marking to adocument indicates how that informationshould be handled.

These exampledocuments containpersonal information,so are markedPROTECT -Personal

2. The Benefits of IPM

There are a number of benefits from protectively marking information:

It gives instant information about a document’s security status andhandling requirements at a glance

It encourages everyone to think about how they handle information.

It allows information to be shared and exchanged with other publicsector organisations using IPM with an expectation thatinformation will be handled appropriately.

It enables the Council to carry out business sharing and transferringinformation using the secure government network.

IPM and your work

You may already receive and handle information that has a protective marking ofsome kind, if you do, what type of information is it and how is it marked?

For example it could be marked CONFIDENTIAL, PERSONAL, PRIVATE, or ADDRESSEEONLY. These are not specifically part of the Wolverhampton City Council (WCC)protective marking scheme, but are in regular use, particularly on external post.

The WCC scheme uses just three markings: ‘RESTRICTED’, ‘PROTECT’ and ‘NOTPROTECTIVELY MARKED’.

The new Government Security Classification scheme consists of threecategories ‘OFFICIAL’ , ‘SECRET’ and ‘TOP SECRET’. You are unlikelycome into contact with ‘SECRET’ and ‘TOP SECRET’.

The three WCC approved markings will usually take precedence over any other security

marking.

IPM and your work

Think about what you might need to know about the security requirements of anydocument that arrives in your inbox or in-tray?

Here are some ideas:

Is it information that you can forward or copy to someone else?

Is it information that you can send by normal email or doyou need to ensure that it is sent securely?

Is it information that you can safely leave on your desk whileyou go to a meeting?

IPM can help you decide. Here are some more examples.....

IPM can helpIn which of the following scenarios could protectivemarking help.

Q. You find a report left in a meetingroom by the coffee machine and areuncertain whether to leave it in casesomeone returns for it.

A. If it was protectively marked you wouldknow you needed to remove it and hold itsafely while making enquiries.

Q. You have been sent a copy of a draftpolicy, but you think it might not bethe latest version.

A. Protective marking will not help withthis.

Q. You notice a large documentcontaining names has been thrown in anormal bin, should you leave it there?

A. If the document is protectively markedPROTECT or RESTRICTED you will know that itshould be disposed of in the confidential wastebin.

Q. A contact at a neighbouringauthority wants you to send them acopy of one of the Council’s draftstrategy documents.

A. If the document is protectively marked youwill know that you need to get permission fromthe author or originator to send a copy.

3. How to Apply Protective MarkingIf you are the ‘originator’ of a document or record (i.e the author or someone responsible forreceiving and / or distribution) then you are responsible for adding a protective marking if it isnot already marked.

Post room staff are not expected to mark documents.

If you are forwarded a document that has no marking, query this with the originator,especially before forwarding it on.

There are just three steps to protective marking:

ActionDetailStep

1 ASSESS Assess the document to see if it contains information that could

cause a problem if it were disclosed inappropriately, unavailable,altered or damaged.

2 MARK Add a protective marking so that other users know that the

document needs to be handled securely

3 SECURE Follow the secure handling procedures for the protectivelymarked document.

How to Apply Protective Marking

STEP 1. ASSESS

A document should be protectively marked either:

RESTRICTED or PROTECT

If there would be significant impact to the Council if the confidentiality, integrity oravailability of the document was compromised.

The Quick Reference Guide gives more detailed examples of impacts.

Page10

Choosing the Right Protective Marking

RESTRICTED

Information should be marked as RESTRICTED where the impact of disclosure or loss could besignificant inconvenience, damage, harm or financial loss to the Council or individuals. Thismarking particularly applies to bulk customer or employee records.

Examples of the types of information are:

A complete set of an individual’s socialcare files or health records.

A smaller multiple of complete customer/employee records where information issensitive, or includes financial or identity data(The protective marking will always reflectsthe highest impact individual item in acollection of records)

Volumes of “Protect” data about a reasonablylarge number (hundreds) of service users oremployees

Investigation files

Page11


PROTECT

Where disclosure or unauthorised access would be inappropriate, inconvenient, cause harm orhave a financial impact, then the document will be clearly marked as “PROTECT” in the titleand first line of text (email) or header or footer of a document type.

Examples of the types of information are:

Personal information relating to anycustomer or employee such as a name,address and contact details, VAT number orNI number for which we have a duty of care

A customer case file

An employee record

Exempt Committee papers excluded frompublic access under the Local Government Act

Draft documents before approvalfor release to the public

Page12


NOT PROTECTIVELY MARKED

It may sound like a contradiction to mark information as ‘NOT PROTECTIVELY MARKED’, but thisis to make clear to the reader that the information has been assessed and not simply overlooked.Examples of the types of information are:

Council policies and procedures Names and contact details of specific employeesor individuals that are publically available

Documents available in the public domain oron the WCC public website

A property address record where it does notidentify the individual owner or residents

Page13


STEP 2. MARK

All PROTECT, RESTRICTED and NOT PROTECTIVELY MARKED information must be marked atthe centre top or bottom (Header or Footer) of each page. In an email the marking must bein the title line and first line of text.

A ‘descriptor’ may also be used if this would be helpful to the reader of the document.

For example:

PROTECT - COMMERCIAL Disclosure would be likely to damage a third party orcommercial establishment’s processes or affairs

PROTECT - PERSONAL Information that is personal to an individual or the senderand/or recipient

PROTECT - MANAGEMENT Policy and planning information affecting theinterests of the Authority or staff.

A full list of approved descriptors is in the IPM Quick Reference GuidePage14


STEP 2. MARK – Exemptions

Some types of document are exempt from Protective Marking.

These are:-

· Correspondence with the public.

· Formal Publications – leaflets, annual reports, guides etc.

· Any other information primarily intended for public consumption.

Information and records pre dating the introduction of IPMneed not be retrospectively protectively marked unless thiswould be helpful now and would justify the time spent; orunless the information is being added to or updated.

Page15

4. IPM and Information Handling

STEP 3. SECURE - Information Handling

All information must be stored and handled appropriate to its protective marking, asdetailed in the full schedule in the IPM Quick Guide.

In summary the information handling procedures specify how information andrecords marked PROTECT or RESTRICTED should be handled, for example how it is:

· Shared appropriately and with thepermission of the originator

· Securely emailed

· Secure in the internal and externalpost

· Safeguarded when beingtransported

· Kept safe in the office

· Disposed of securely

· Printed or photocopied securely

· Faxed only to a secure (safe haven) fax.

· Secured when on removable storage media

· Secure on portable devices

· Secured when working at home

· Protected by password control

Note that not all of these actions are permissible forRESTRICTED information. See the IPM Quick Reference Guide

Page16

IPM Frequently Asked Questions

Question Answer

Q. I am confused, I know somepersonal information and otherinformation we have to disclose underthe Freedom of Information Act or theData Protection Act, how doesprotective marking fit in with this?

Q. I work with a large database howcan I possibly protectively mark thisinformation?

Q. How do I get the permission of theowner or originator of a – PROTECTPERSONAL document to copy thedocument to someone else if I cannottrace them?

A. IPM is a quick and general indication of how to handleinformation in a document. Freedom of Information andData Protection disclosure and exemption rules are morecomplicated, so the protective marking of a document willnot be sufficient to make disclosure decisions in thosecases. You must re-assess the information according to FOIAand DPA rules.

A. IPM be will mainly concerned with report outputs andinformation produced from the database. So adding amarking to headers or footers of printed or PDF outputor the titles of exported files (e.g. Excel) would meetthe requirement.

A. Hopefully you will know the team that currently dealswith the issue, but if not you can still share. Just beespecially sure that the person you are sharing with has alegitimate need, that you share the minimum information,and you share in a secure way. If in doubt seek furtheradvice.

Page17

IPM Frequently Asked Questions (continued)

More FAQs in the Quick Reference Guide Page18

Question Answer

Q. What about protective markings thatcould be out of date? For example ifinformation is now public?

Q. Why can’t we just mark everythingPROTECT or RESTRICTED then it will all besecure?

Q. Why is this suddenly necessary now?

A. Some protective markings will be time limited and willneed to be updated. It is the responsibility of the author ororiginator to ensure that this happens. With the circulationof multiple copies this is a problem and a good reason touse links to an original document whenever possible.

A. That would severely restrict the way the Council doesbusiness, imposing unnecessary handling and usagerestrictions on information where there is no need. Theprotective markings would also soon become meaningless.

A. The way we use and share information is changingrapidly and secure handling is a challenge. IPM is a toolthat can help us manage this. These changes do not justaffect Wolverhampton City Council, but all largeorganisations.



Question Answer

Q If I have a large file full of PROTECTinformation (individual reports anddocuments), I understand that should behandled as RESTRICTED, but how do Imark this?

Q. Is there a way I can use Word to savehaving to remember to mark documents?

A. Where there is a large collection of PROTECTinformation and this will be transported or transferredtogether then the file cover can be marked RESTRICTED,or if it is an electronic file or folder then RESTRICTEDshould be included in the file name or folder name,especially if it is not being transferred by an email withRESTRICTED already in the title.

It is not necessary to include a protective marking infilenames or folder names on the WCC network.

A. If you use an MSWord template for some standard typesof documents that are usually PROTECT you can manuallyamend the template to include the marking. Alternativelyyou can also add a marking using the classifier software,just select the appropriate protective marking, right clickand select ‘insert label’.



Question Answer

Q. What do I do if I receive informationwith other markings like ‘private’ how dothese fit in with Wolverhamptonprotective marking scheme?

Q What should I do if I receive a documentthat should be protectively marked, butisn’t, should I mark it myself?

Q. What do I do if I receive somethingmarked ‘SECRET’ from a governmentagency?

A. If you cannot contact the originator of the document forclarification, you need to use the assessment criteria inthis guide to assess the information under theWolverhampton scheme and add the appropriate marking(see below for government agencies and protectivemarking).

A. It is important that you refer this issue back to theoriginator of the document. If their reason for not markingdoes not satisfy you, seek advice from your Informationasset administrator or information governance contact.

A. The government uses three types of classification;Official, Secret and Top Secret. Secret and Top Secret arethe highest level security markings and it is very unlikelythat you will receive information from a governmentagency with this marking. If you do first store the lockinformation away and contact Corporate InformationGovernance immediately for advice.



Question Answer

Q. We have hundreds of unmarkeddocuments in our team. Are they supposedto be marked too and if not doesn’t thisundermine the value of protective markingoverall?

Q. Where can I find the Council’sInformation Protective Marking andHandling Policy?

Q. Reference is made to the Government’sSecurity Classifications. Where can I finddetails of how this scheme is applied?

A. You are not required to retrospectively mark documentsand obviously there will be a transition period until themajority of records that we hold and use regularly aremarked appropriately. For some services this period will bequite short, while for others, where a service continues forseveral years it will take longer. Protective marking islikely to remain the key tool for ensuring that informationis handled and shared appropriately in the future.

A. You can access the Council’s Information ProtectiveMarking and Handling Policy and other supporting guidancevia the Council website Information Governance page.

A. It is not a mandatory requirement yet for localauthorities to apply the Government’s SecurityClassification scheme that came into force on 2 April 2014.Further information is contained in a briefing note‘Government Security Classifications’ available on theCouncil website Information Governance page and theGovernment Security Classification policy andaccompanying guidance can be found via the CabinetOffice.

IPM in context

Protective Marking is part of a broader initiative to improve Wolverhampton City Council’sInformation Governance and as such it ties in with the e-learning training modules: ProtectingInformation, Freedom of Information and Data Protection; all available on the Learning Hub.

There is further information in the Information Governance Guide also on the Learning Hub.

Protective marking also has a direct relevance to Records Management and the Council’sRecords Management Policy is aimed at improving the standard of records management. A keyaspect of this is ensuring that we have sufficient standard information held about our individualrecords and documents to enable them to be managed efficiently. This includes, for example,knowing who the author is, whether it is a draft or final version, the version number, theretention rules applicable, and of course, its protective marking.

One further important point to remember that if you become aware of any breach or potentialbreach of information security or handling procedures, you must report these to theInformation Incident Contact Point Extn 8000.

Page22

Recap

We have looked at why IPM is now being introduced, why it is important and what thebenefits will be. We have also looked in more detail at how to assess, mark and secureprotectively marked documents. It will be apparent that putting a protective marking on adocument needs to become as routine to us all as including a title.

The period following the introduction of IPM was one of transition, but there isnonetheless an expectation that the majority of current and new documents will beprotectively marked from now on and managers will be expected to report backincreasing compliance levels.

Finally, we are all aware that local authorities are under increasing scrutiny from theInformation Commission and that key questions when an information security breachoccurs will be:-

· Was the document protectively marked?

· Did employees act correctly based on the protective marking?

If you have any specific questions about IPM in your service area please contact theInformation Governance team.

Page23