For data protection we do not allow automatic forwarding to external email addresses or storing sensitive data on personal devices.
The Diocese of St Albans hold a lot of personal data about thousands of people within our diocese which we all have a responsibility to protect and to comply with The Data Protection Act 2018 (UK GDPR) legislation.
Diocese IT systems and devices are configured to secure data held by the organisation. Data that leaves diocesan IT systems and devices, such as emails and files that are shared or forwarded externally, may not necessarily have the same protections as they do within diocesan IT systems and devices.
When sharing emails and files, careful consideration must be made as to the protection of this data in transit, such as adding a password to a share link, and how it will be stored by the recipient person and their device.
For emails, it is therefore in the best interest of protecting diocesan data to block automated forwarding to external email addresses.
For both emails and files, access is restricted to diocesan devices and personal devices that are registered and prove compliance with security requirements. For other devices, access is granted to view emails and files in internet browsers only so that data remains in diocesan IT systems.
For more information please see the following articles:
What is the diocesan personal device usage policy? >
Gov.uk > The Data Protection Act 2018 >