Security Statement Regarding Handling and Administering Personal Information for and on behalf of the Association for Cognitive Analytic Therapy

This document relates to the storage, handling and security of information collected by and through the ACAT Office and the ACAT website database.

1. Personal Data will be collected and handled with due care and attention. Sensitive personal data (including addresses and other contact information) will be stored in safe location, either in a locked office or password-protected directory of the internet. Any information relating to financial transactions will be archived in a locked office or managed by a third party using a secure server for recording the transaction. In the case of an electronic payment being made only the confirmation code of the transaction will be logged by ACAT. The Data Controller works with the Council and Administrator of ACAT to ensure that the data held is securely and appropriately used. Personal data can be withdrawn from the record stores should there be any significant concerns on the part of those whose data is stored.
2. Physically Securing the data collected will be undertaken by locking the Office where the files are held while the officers of ACAT are absent. The information held on the online database will be secured in a password-protected directory. The Administrator of ACAT or the Data Controller can change passwords and usernames at any time if there is any cause for concern regarding the security of the data held.
3. All data held on the ACATonline website is subject to password protection. Only the Data Controller and one consultant have full access to the security systems in place on the website. The Administrator and Council are able to access and alter data records in the course of their duties in ACAT.
4. A full backup of the files and records held on the database are taken every 7 days. These are burned onto a cd-rom and stored in a locked filing cabinet. The entire database can be rebuilt from these archives.
5. The Administrator and every member of Council are given support and training to use the database system.
6. All uses of the database are monitored. All access to the database records requires registration with the site and access to private information requires full membership of ACAT. There are three tiers of access to the records:
7. Public: free access to basic information about Cognitive Analytic Therapy and the Association for Cognitive Analytic Therapy and to official contacts in the organisation.
8. Registered User: access only after registering with the site - to events and training and public information about finding a local therapist.
9. Full Member: access only by a paid and verified member of ACAT with full address and contact details supplied - to public information about CAT, articles and networks for CAT practice and discussion.
10. Online payment of membership fees will be handled by SECpay using the highest transaction security available.
11. ACAT does not see or store your credit card details at any time. All transactions will be overseen by the Administrator, to who any concerns or questions should be sent
12. Any infringements or complaints will be investigated and appropriate action will be taken. Membership or User Registration may be suspended as a result. Any concerns about the inappropriate, unsafe or unethical use of data can be raised with a member of council or through the Chair of the Ethics Panel.

Jon Sloper
Data Controller for ACAT - 7th September 2004

SECpay and Contact Information

Full details of SECpay‘s security systems can be found here.

If you have any further questions or queries regarding online security please contact the ACAT Administrator or Website Support Team

Susan van Baars [ACAT Administrator]
Jon Sloper [ACAT Website Support]