How the CAA protects personal data
CAA information security policy and procedures provide appropriate technical and organisational measures, that safeguard against the unauthorised or unlawful processing of personal data, and against accidental loss or destruction of, or damage to, personal data (the Seventh Data Principle). In particular, these policies cover:-
· The secure management of information
· Controlled access to information
· Business Continuity
· Information Management & Privacy
· Information Rights, and
· IT Security
On occasions when third party organisations process personal or sensitive personal data on behalf of the CAA appropriate contractual arrangements will be made.
A request for access to personal data by the data subject is a Subject Access request under the terms of the Data Protection Act. Access to personal information about another person (third party data) can be exempt from disclosure, if necessary we will contact the data subject, and discuss the request and determine if it can be lawfully met.