19 th june 2014
This presentation is the property of its rightful owner.
Sponsored Links
1 / 27

Data Protection webinar: Data Protection & Volunteers PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on
  • Presentation posted in: General

19 th June 2014. Data Protection webinar: Data Protection & Volunteers . Welcome. We’re just making the last few preparations for the webinar to start at 11.00. Keep your speakers or headphones turned on and you will shortly hear a voice! .

Download Presentation

Data Protection webinar: Data Protection & Volunteers

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


19 th june 2014

19th June 2014

Data Protection webinar:Data Protection & Volunteers

Welcome. We’re just making the last few preparations for the webinar to start at 11.00. Keep your speakers or headphones turned on and you will shortly hear a voice!


Data protection webinar data protection volunteers

This presentation is intended to help you understand aspects of the Data Protection Act 1998 and related legislation.It is not intended to provide detailed advice on specific points, and is not necessarily a full statement of the law.


The main topics for this webinar

The main topics for this webinar:

The roles volunteers play

Quick overview of Data Protection

The legal background

Data Protection & Confidentiality

Responsibilities

The Data Protection Principles in practice

4


The roles volunteers play

The roles volunteers play

Volunteers work in a range of settings, including:

Running the whole organisation

Working in the office alongside paid staff

Delivering part or all of the organisation’s service

Running local branches

Acting as trustees on the Board or Management Committee


What data protection is about 1

What Data Protection is about: 1

Prevent harm to the individuals whose data we hold, or other people

Keep information in the right hands

Hold good quality data

Protecting data

Protecting people

6


What data protection is about 2

What Data Protection is about: 2

Reassure people that we use their information responsibly, so that they trust us

Be transparent – open and honest, don’t hide things or go behind people’s back

Offer people a reasonable choice over how you use their data, and what for

Give us more money!

Support our campaign!

We sold your details to someone else

7


What data protection is about 3

Comply with specific legal requirements, such as:

What Data Protection is about: 3

  • Right to opt out of direct marketing

  • Right of Subject Access

  • (And others)

8


The data protection principles

The Data Protection Principles

Data ‘processing’ must be ‘fair’ and legal

You must limit your use of data to the purpose(s) you obtained it for

Data must be adequate, relevant & not excessive

Data must be accurate & up to date

Data must not be held longer than necessary

Data Subjects’ rights must be respected

You must have appropriate security

Special rules apply to transfers abroad

9


The legal background 1

The legal background: 1

An organisation is “vicariously liable” for most actions of an employee

The situation with volunteers is not so clear cut, but measures can be put in place to emphasise their responsibilities in regard to Data Protection and Confidentiality without creating a contract of employment


The legal background 2

The legal background: 2

  • Most information about people is “personal data” as soon as it is recorded somewhere

  • If the organisation fails to comply with the Data Protection Principles, it may face:

    • A penalty from the Information Commissioner

    • A claim for compensation from affected individuals

    • Reputational damage

  • The Principles on their own are not enough: policies and procedures must ensure compliance


Data protection and confidentiality overlap a lot but they are not the same

Data Protection and Confidentiality overlap a lot, but they are not the same

Data Protection

Confidentiality

Clear boundaries

12


Confidentiality

Confidentiality

Define the boundaries: who has access to what information for what purposes

Employees have an implied duty of confidentiality

Volunteers are subject to the common law duty of confidentiality (as long as they know what information is confidential)

A signed confidentiality pledge should underpin all volunteers’ responsibilities


Ways of breaking confidentiality

Ways of breaking confidentiality

Discussing confidential information with partner

Talking about confidential information in public

Working on confidential material in public

Giving out information carelessly over the phone

Sharing or disclosing computer access details

Losing confidential documents/leaving them around

Sharing information about people who have not given permission

Disposing of information carelessly


Responsibilities internal

Responsibilities: Internal

The organisation is responsible for Data Protection compliance

Where volunteers work alongside paid staff they should be following exactly the same procedures

Volunteers should also be subject to the same checks, supervision and monitoring as paid staff would be if they were in the same role(s)


Responsibilities branches

Responsibilities: Branches

  • Branches are part of the parent organisation or they are autonomous; there is no half-way house

  • In a unified structure, full responsibility lies with the parent organisation:

    • The volunteers running the branch must be given clear procedures and instructions, and held to account

  • In a federal structure, full responsibility lies with each branch:

    • The volunteers running the branch must know this; they may be given guidance


Security principle 7

Security (Principle 7)

The Data Protection Act says you must prevent:

unauthorised access to personal data

accidental loss or damage of personal data

The security measures must be appropriate.

They must also be technical and organisational.

£500,000

The Information Commissioner can impose a penalty of up to £??????? for gross breaches of security.

17


Key security areas

Key security areas

  • Security in the office

  • IT security (data at rest)

  • IT security (data in transit)

  • Website security

  • Non-electronic data in transit

  • Personnel


Data quality principles 3 4

Data quality (Principles 3 & 4)

The Data Protection Act says that data must be:

Adequate

Relevant

Not excessive

Accurate

Up to date (where necessary)


Guidance volunteers might need

Guidance volunteers might need

  • Use centrally-produced materials where possible

  • What information to collect, and in what format

  • How to design data collection forms

  • How to ensure that the information they record is as neutral and accurate as possible

  • How to keep information up to date – including how and when to offer people the chance to check that the information held about them is correct


Fair processing principles 1 2 transparency choice

‘Fair’ processing (Principles 1 & 2): Transparency & Choice

People generally need to know:

who is collecting their information

what purposes you hold their data for

who you might pass the data on to

how to contact you if they want to stop you from using their data or check what you are doing

They also must be given a reasonable choice over how their information is used, especially regarding Direct marketing

21


Guidance volunteers might need1

Guidance volunteers might need

Use centrally-produced materials wherever possible

Use standard wording provided by the organisation

Record people’s preferences carefully, and respect their preferences

Use the Information Commissioner’s

Privacy Notices Code of Practice if

designing own materials


Retention periods principle 5

Retention periods (Principle 5)

  • Data must not be held longer than ‘necessary’

  • Volunteers who hold data do so on behalf of the organisation

  • They must follow the organisation’s retention schedule

  • When their role ends they must not retain any confidential information

    • Return it for archiving if required

    • Otherwise destroy it securely


Data subject rights principle 6

Data Subject Rights (Principle 6)

Volunteers must be aware of any restrictions on marketing, resulting from choices the Data Subject has made

Most volunteers (or other staff) should not normally handle Subject Access Requests; these should be referred to the organisation’s Data Protection Officer


Transfers abroad principle 8

Transfers abroad (Principle 8)

  • Most UK voluntary organisations do not transfer information outside Europe. However, transfer may take place if:

    • cloud computing (online applications such as Dropbox or SurveyMonkey) is used and the location of the data storage is outside Europe

    • information is published on a website that is designed to be accessible throughout the world

  • Volunteers should be given guidance on the risks


The data protection principles1

The Data Protection Principles

Data ‘processing’ must be ‘fair’ and legal

You must limit your use of data to the purpose(s) you obtained it for

Data must be adequate, relevant & not excessive

Data must be accurate & up to date

Data must not be held longer than necessary

Data Subjects’ rights must be respected

You must have appropriate security

Special rules apply to transfers abroad

()

()

()

()

26


Data protection the absolute basics

Data Protection:the absolute basics

We are trying to:

Prevent harm by

Keeping data only in the right hands (and being clear what ‘the right hands’ are)

Holding good quality data (accurate, up to date and adequate)

Reassure people so that they trust us

Making sure people know enough about what we are doing

Giving people a choice where possible

27


Many thanks

Many thanks

Follow-up questions: [email protected]

To come by e-mail:

  • Link to evaluation questionnaire

  • Link to download the presentation, after you have completed the questionnaire


  • Login