1.2Legal requirements and codes of practice: issues relating to the legal requirements for secure recording of information eg the common law duty of confidence, the legal requirements for accuracy of information and for information to kept up-to-date, obtaining personal data only for specific, lawful purposes and for personal data to be relevant and not excessive for its purpose; issues relating to the legal requirements for the secure storage of information eg the legal requirements that personal data should not be kept for longer than is necessary for its purpose, security measures to protect against the accidental loss, destruction or damage to personal data, legal requirements for the storage of electronic and manual data and access to secure information; issues relating to the legal requirements for sharing information eg freedom of information, principles of confidentiality, agreed ways of inter-agency and multi-agency/integrated working.
2 Be able to implement good practice in handling information
Good practice in handling information: understanding the features of both manual and electronic information storage systems to ensure security eg encryption, secure passwords, electronic audit trails, secured IT networks, identity checks, security passes; understand how to ensure security when storing and accessing information, eg following Information Governance procedures, ensuring confidential information is not disclosed without consent, preventing accidental disclosure of information, practicing strict security measures, like shredding paperbased information, logging out of electronic data systems and operating effective incident reporting processes; ensure the security of access to records and reports according to legal and organizational procedures, ethical codes or professional standards; the importance of keeping legible, accurate, complete and up-to-date records eg signed and dated, specifying individual