Information security and privacy

The British Council creates international opportunities for the people of the UK and other countries and builds trust between them worldwide. We collect and use personal information to offer individuals information, products and services. 

This policy will apply in all locations where we operate, including where local regulations do not exist, to all forms of information – both electronic and physical – and to all systems used to collect, store, process or transfer information. 

In countries where different privacy and data protection laws are in place, we will comply with those laws insofar as they meet internationally accepted privacy principles and fair information practices.

 

The British Council is committed to:

• protecting the confidentiality, integrity and availability of the information it collects, stores, transfers and processes in accordance with UK law and international good practice, and to meeting legal requirements and its contractual obligations

• explaining why it needs personal information and only asking for the personal  information it needs

• protecting the information it is given and making sure that only those who need access are able to gain it

• only sharing personal information within the British Council and with other organisations where such sharing is necessary or where it has the individual’s consent

• allowing people to request access to the personal information it holds on them and to complain if they believe it has mishandled their information 

• not keeping personal information for longer than necessary

• taking measures to protect the rights and freedoms of individuals whose personal information may be transferred to countries with differing data protection laws

• ensuring that actual or suspected breaches of information security are reported to the British Council’s Information Security Officer and investigations are conducted as necessary

• applying these standards to its supply chain and delivery partners

• annually assessing and measuring the maturity of its information security. 

 

We will provide adequate and appropriate resources to implement this policy and will ensure it is communicated and understood.

The British Council will review this global policy statement annually to reflect new legal and regulatory developments and ensure good practice.

This global policy statement was approved by Sir Ciarán Devane, Chief Executive, in February 2016 and is due for review in February 2017.