Reviews and agrees internal policies and protocols governing the protection and use of person-identifiable information by the organisation’s staff, ensuring that these address the requirements of national policy, guidance and the law, and that their operation is monitored. Ensures they are in an understandable format and available to staff.