Charities are having a tough time with data protection at the moment. The Daily Mail is pursuing them for their donor practices, and even when their behaviour is compliant, the reputational impact is enormously damaging to all charities, not just the few cited in the press.
Now the Altzheimer’s Society has fallen foul of the ICO because its volunteers were not trained in data protection, and were following inadequate processes, particularly in relation to sensitive personal data – for example using personal email addresses for sharing and receiving data about users of the charity; storing unencrypted data on their home computers; and not keeping paper records locked away securely.
This case does illustrate the need for charities to provide data protection training, not only among its own employees, but also to its volunteers. Volunteers give selflessly of their time and energy, but even with the best intentions in the world, they cannot be expected to know the nuances of what is and is not acceptable in terms of data compliance and security. Where sensitive personal data is concerned, this becomes a significant failing that will rebound on the charity and generate a great deal of negative attention. At the same time, lack of procedure and training creates an enormous risk of potential damage and distress to the very vulnerable individuals the charity is seeking to help.
Training volunteers as well as staff in data protection is essential to ensure security is maintained, that users are protected, and to provide reassurance that the charity is adopting a robust approach to data protection – particularly important to the Trustees as they are accountable and liable for breaches.
In addition, the charity’s own policies and procedures should be distributed and explained to all volunteers without exception. And finally, checks should be carried out on an ongoing basis to ensure that volunteers are adhering to the charity’s documented policies and procedures.
Data Compliant is pleased to offer face to face training, and / or online data protection training – in each case, covering the 8 principles of the Data Protection Act, Privacy and Electronic Communication Regulation, data security and information on the upcoming European General Data Protection Regulation (GDPR).
Data Compliant training courses are written in clear, easy language. The online training includes relevant and engaging gamification, and is ideal for employees, volunteers and Trustees. If you’d like more information, please email email@example.com or call 01787 277742.
Victoria Tuffill, CEO Data Compliant