Given the sensitive nature of some land information and the potential consequences if inaccurate information exists and is released, it is important that information on a register is managed properly and securely. Quality assurance procedures will minimise the occurrence of inaccurate data. Register security is also necessary to avoid data corruption or accidental or inappropriate data release.
This chapter does not describe every security exposure or control possibility, or specify how security might be maintained in an electronic database. Rather, the following sections identify areas that need to be considered by a local authority holding and managing information that may be sensitive, or that it wishes to protect.
5.1 Information security
The initial registration of a site or a change in category should be undertaken by an authorised local authority officer, following the process set out in section 3.6. Modifications to existing register records that do not result in changes of site category may be made by designated local authority officers, or data entry personnel under their supervision. Every care should be taken to ensure that the entry is accurate (eg, by checking a printout of electronic data).
Unless otherwise agreed between local authorities, it may not be appropriate for territorial authorities to alter the master register. When a territorial authority becomes aware of information conflicting with that on the master register, the information should be passed to the regional council, who will undertake verification and entry onto the register, as appropriate.
Internal controls are needed to regulate the input, alteration of, and access to, data by local authority staff. Alterations should only be done by authorised staff. Local authorities should develop and implement procedures for the use of the register, release of information and staff training.
5.2 Audit trail
All entries or alterations to, or releases of data from, the register should be recorded in order to provide an audit trail. The record should include the date and identity of the person making the change or releasing the data.
The total set of information relating to a site is made up of a series of records, both current and superseded. Entries onto the register should not be deleted. Adding information or changing a classification should be carried out by making the appropriate changes to the record for the site concerned, with explanatory notes. This process should also be followed for moving sites into the category 'error'. Local authority officers with full access rights will be able to view − but not change − previous entries.
All electronic and paper-based documents should be filed appropriately. Local authorities may choose to keep a record of information releases relating to a site, such as copies of letters, LIM statements or official information requests.