Encryption policy

At Accord, we respect everyone’s right to privacy. If you use our services, we want to keep your personal data private. This policy sets out how and when we'll encrypt our emails to protect your personal information. This policy is part of our overall Privacy policy.

This policy was last updated in June 2023

Why we use encryption

We have a legal responsibility to protect your personal information. We must also prevent unauthorised people from having access to it without your say so.

We've all become used to sending emails that include our personal details. Email is not a secure method of communication, yet we often treat it as if it is. Phishing, spoofing and other malicious attacks have been on the increase, but there are steps we can take to ensure your personal information remains protected.

Adding encryption to our emails ensures that only the intended people can access the information we're sharing. Of course, it doesn't stop people accessing emails if your mailbox is compromised, but it does mean that nobody else can read messages while they're being sent across the internet.

By using encryption, we can also control what happens with the message once it's sent. For example, we could set an expiry date, or prevent it being forwarded or printed. This added protection ensures we're in control of the information if it were to land in the wrong hands.

What we use encryption for

Encryption should be used to protect your personal information when it's being sent across the internet. There are certain pieces of personal information which by law are considered sensitive and require added protection. For Accord members, these are:

Union membership status (see note at the end of this section).
Union membership number
Name (when combined with other information such as address or date of birth)
Address
Contact details
Date of birth
Bank details
Equality information (for example disability or sexual orientation)
Health information
Other sensitive information shared during casework such as mitigating personal circumstances

Accord's team will consider the following points to decide if encryption is required:

Are we disclosing to a third party that you are a member (or not) of Accord? For example, if you've included a third-party on an email chain, we can't assume they know whether you have a disability or not. We may take a third-party off the email chain because we're not authorised to disclose information without your permission.
Whether we're including additional information such as your membership number or other pieces of sensitive information.
We'll check we're responding directly to you, and what you have already disclosed in the email chain.
Whether attachments, passwords, or casework information is being shared.
We encrypt and password protect email attachments where they contain personal information.

Accessing secure email

You will automatically have access to secure emails sent by Accord, however if you're not using a work email address, you will have to logon to access the email. We've tried to make this as simple as possible. Some email providers allow us to use your email account to verify your identity, such as Gmail. If we can't verify you using your email provider, you will have the option to request a onetime passcode which is emailed to you.

Once you've got access to the secure email any replies you make will also be sent securely, unless you start a new email chain.

If you want to send us something securely, you can ask us to send you a secure email first so that you can respond to it.

Need more information?

You can obtain more information from Accord's Data Protection Officer, contactable at [email protected].

Who we are

Accord is the data controller for the information you provide. Our HQ address is:

Accord
Simmons House
46 Old Bath Road
Charvil, Reading
Berkshire, RG10 9QR

Accord’s Data Controller is Paula Tegg, contactable at [email protected].
Accord's Data Protection Officer is Chris Rimell, contactable at [email protected].