The Managing Director's Statement on Data Protection
Buy tickets for any train journey in Britain. We cross more of the country than any other train company.
CrossCountry will strive for continual improvement in managing it's compliance with the Data Protection Act 1998. This policy will be shared with our employees and has the active support of the executive board. At CrossCountry we have a legal obligation to comply with all appropriate legislation in respect of Data, Information and IT Security. We also have a duty to comply with guidance issued by the Information Commissioner's Office.
All legislation relevant to an individual's right to confidentiality and the ways in which that can be achieved and maintained are paramount to CrossCountry. Penalties could be imposed upon CrossCountry and/or employees for non-compliance with relevant legislation.
Our Data Protection Policy (XCTL-904) aims to detail how CrossCountry meets its legal obligations for confidentiality and information security standards. The requirements within the Policy are based primarily upon the Data Protection Act 1998 that is the key piece of legislation covering security and confidentiality of personal information.
There are eight principles of good practice reflected in the Data Protection Act 1998. These are normally referred to as the 'data protection principles'.