Data Security

Data encryption and password protection

We've outlined below the data protection responsibilities of our Providers and what actions are required to make sure data sent by email is secure. Included in this guidance are examples of security breaches.

How secure is your data and learner information?

Data encryption compliance reminder

All Providers must encrypt and also password protect all data files including learner details when they are sending them by email to the Service Desk.

This includes all spreadsheet files and ILR files sent via email and which include personal information about learners such as names, postcodes and date of birth.

Following the correct security procedure means that your learners’ information is better protected.

Your data protection responsibilities: 

Protecting your learners’ personal information is a compliance requirement under the Data Protection Act. Click here for more information from the Information Commissioner’s Office regarding how to work with personal data and basic principles.

What must you do before sending data by email to the Service Desk:

1. Any file that is to be sent by email to the Service Desk needs to be encrypted to AES 256 bit encryption standards using acceptable encryption software such as WinZip version 12.

2. Create and use a passphrase with a minimum of 15 alpha numerical characters including symbols, for example Hell0H0wAr3y0UT0dAy?

3. After emailing us your encrypted files, you must contact the Service Desk and communicate the password using a different communications method such as telephone.

What constitutes a security breach?

  • Neither encrypting nor password protecting your data.
  • Encryption alone or password protection alone does not constitute adequate protection of your data files and could still be deemed a security breach.
  • Communicating your password using the same medium used to transmit your data files.
  • If you use another colleague’s user name and password to access OLDC.

Customer service contact details:

E: servicedesk@thedataservice.org.uk

T: 0870 267 0001

(you must only email encrypted files to the Service Desk)