Confidentiality is a fundamental principle of the delivery of security services. Enigma must preserve and maintain the confidentiality of the information and assets we hold. Enigma and its employees have an obligation not to disclose confidential information, be it personal or otherwise, as a result of various Acts of Parliament. These are:
Data Protection Act 1998 – this Act was passed as a result of the EU Directive and it protects personal data held on all media.
Human Rights Act 1998 – this Act was passed as a result of the European Convention on Human Rights. This is intended to protect certain rights of individuals. In terms of confidentiality, the key part is Article 8 "the right to respect for private and family life, home, and correspondence." This gives the individual the right to live their life with personal privacy in a way that does not infringe on the rights of anyone else. This could include information held about them in the form of diaries or personal records and the correspondence aspect is equally as broad.
Regulation of Investigatory Powers Act 2000 – this Act is intended to combat cyber crime. It ensures that any interceptions do not breach any individual's human rights and requires that appropriate authorisations are obtained when required. The Act also supplements existing legislation, for example, any information collected under this Act still falls under the Data Protection Act and its principles.
Public Information Disclosure Act 1998 – this Act provides protection from victimisation and dismissal of members of staff who speak out against corruption and malpractice at work.
Computer Misuse Act 1990 – this Act makes it a criminal offence to access or damage computer data without authority.
Enigma offers a personal responsibility to their customers and clients to safeguard them from any malpractice or wrongdoing, regarding the handling of, and access to, any sensitive information including voice recordings that may occur in the course of any duties, visits and general service delivery. With this in mind, all employees are requested to sign a confidentiality agreement before they join the company and the relevant BS7858 Vetting Security Checks will occur, to ensure they are security cleared to the required level, before they are allowed to visit a customer's or client's premises.
Enigma is accredited with ISO9001:2008 and follows these procedures, which includes keeping an audit trail of every call-out, and as a result Enigma has full visibility of all service delivery, when it was made and by whom.
Access to any customer or end user equipment is only ever done with the prior permission of the customer or client. In the case of a face-to-face visit, it is arranged directly with the customer or end user, and in the case of any diagnostic access required, Enigma uses a remote service that ensures that the customer or end user is the host, which means that Enigma must gain permission to access the equipment, alleviating any possibility of unauthorised access to data.
Enigma employees will never read, duplicate, copy, or remove any customer information; and in the case of voice recordings, search, copy, playback or remove call records, unless with customer or end user, or in line with their code of confidentiality practice, and conducive with Enigma's requirements to successfully deliver the service required to the third party.
Enigma's employees will use their discretion whenever they are on third party premises and act in a professional, sensitive and shrewd manner during their visit. In the event that they come into contact with information of a sensitive or confidential nature whilst on the premises, they must report it immediately to a key member of staff on site and from then on follow the third party's code of confidentiality.
Any employee who breaches these codes of conduct will be subject to disciplinary action and dismissed from the company as a result of gross misconduct.