Data Protection
MITAC Partnership Ltd is registered under the Data Protection Act 1998 (PZ7961041). We take our responsibilities regarding the Act very seriously and are happy for any user to contact us if they have any query regarding the security of the Passport website. Please email help@e2epassport.com with your question.
Commitment
By entering data into Passport Online, learners and advisers are agreeing that we can hold this information about them in the Passport computer system.
Our commitment to users is to do everything in our power to keep this information between learners and their Passport Advisers and other people with whom they agree to share it. But users must also make a commitment not to let other people have their login name and / or password.
It’s important to remember too that Passport Advisers can change and the information collected will be available to another person.
Data Held
Passport stores the following personal information about you: name, date of birth address and telephone number although only your name is needed.
The activities in Passport collect further information about you. For example “Me” asks you what you like doing and who helps you; Views and Barriers help to identify what it is in your life that could stop you making progress; and the Programme Plan collects information about what you want to do in the future and skills and qualities you are working to develop.
All this information is added to your Passport voluntarily. It is connected to your name using various codes and devices to make sure only you and / or your Adviser can see it or change it.
It is important to remember that if you don’t want to add sensitive personal information, for example, about a criminal record or your health or lifestyle, then you don’t have to. We hope Passport will give you an opportunity to talk about these things with a professional, but it is not necessarily the best place to record details of that conversation.
Protecting your Data
We protect your information on the Passport website in a number of ways.
Only trained staff have access to the server where Passport data is stored. Staff are made aware of their responsibilities regarding data protection via in-house training and a yearly review of procedures.
Access to this server is password protected and can only be used from the Passport office. This office is locked and subject to human and electronic security measures.
Database servers are protected by a firewall program preventing unauthorised access.
Passport databases are organised so that data is identified only by code words and keys that are not easily connected with names.
User passwords and all data (v3.5 onwards) are encrypted into a non-readable format when stored in the database.
All activity on MITAC Partnership Ltd’s server is logged to show connections and attempted connections using standard protocols.
MITAC Partnership Ltd’s Technical Manager checks server logs on a daily basis to monitor for potential breaches of security and connection problems.
It is stated policy to take Immediate action to rectify breaches of security and connection failures.
From 1st February 2007 A new digital certificate was installed to ensure that all data sent and received from E2E Passport Online is encrypted. Encryption makes it impossible for a third party to intercept data as it travels over the Internet. Verisign verifies E2E Passport to be a secure and trusted system.
User Protection
You hold one of the keys to unlock your own Passport data, your Passport Adviser holds the other one. This is because we believe that as the information collected in Passport is about you, it should be owned by you.
Your user name and password will let you see your Passport at any time.
You should do everything you can to avoid other people seeing your password and should never let someone else use it.
You must also remember to logout when you have finished using your Passport. This is a little like closing a folder of work and putting it in a locker. Logging out will stop other people using the computer you have just used seeing your Passport.
Your Passport will be closed automatically if no activity is detected. This timeout is a security measure designed to protect you.
Your password and log-in name can be changed on request.
Your Adviser’s job is to help you and guide you as you complete your Passport which is why they need to enter their user name and password before you can add new information or make changes.
From time to time you may want to give your Adviser permission to use your password to enter data on your behalf. They will let you know that they are doing this.
Passport sessions are logged making it easy for us to check what you have completed and when and to help us track down any problems you may be having using Passport
Logs are checked on a weekly basis by the Data Controller, MITAC Partnership Ltd, and action taken to remedy any problems according to separate priorities procedures.
Backup
Passport data is backed up every day. In the event of loss or corruption of Passport data, we will restore from the most recent backup available.
We will make every effort to let you now about any problems and tell you when normal service is resumed.
We cannot guarantee you will not lose data, but we can guarantee we will keep data loss and downtime (times when Passport is not available) to a minimum.
Wherever possible, you should take a printout following completion of an activity or adding data to your Passport and keep these printouts in a folder.
Transfer of Information
Passport Programme Plan and Review data can be seen by your main Passport Adviser at any time. It is also possible for another Adviser, eg a Connexions Personal Adviser, to see the information you have collected. This feature is to help them keep track of your progress and you will always know who these advisers are.
Your Passport Advisers can also see a summary of the information you have entered. This may be transferred to local Connexions services and other professionals to support their work with you and to monitor progression and transition.
Passport data is not given or sold to any other organisation under any circumstances.
There is not and never will be advertising on any Passport installation held on MITAC Partnership Ltd’s servers.
You might decide to share your Passport with a family member or potential employer, but this is your decision. You will only be able to show other people information as you can only change your Passport with your Passport Adviser.
Technical Specification
Passport is a web application; essentially a database that can be accessed from a web browser using the Internet. The Passport system is designed to be compatible across recent browsers.
The Flash plugin is required. This will download automatically to stand-alone workstations although is likely to be blocked by bigger networks with tighter security protocols in place.
Passport will work with a standard dial-up modem on a single machine although a faster broadband connection is preferred and should be regarded as essential for networks.
Passport uses a MySQL database for its authentication tier. All other Passport data is stored in a native object database that forms the core of Passport’s form handling functionality.
In addition definitions for the content, structure and operation of Passport forms and activities are stored in a text format making the whole suite highly customisable without the need to reprogram.
All Passport installations run from MITAC Partnership Ltd\'s servers. |
|
|
