Information regulator reminds charities they need adequate data-sharing policies

In a report publised yesterday, the Information Commissioner's Office examines the data-protection practices of some of the voluntary groups that make up the Victims' Services Alliance

Data protection
Data protection

The Information Commissioner’s Office has warned charities to ensure they have adequate policies for data sharing and retention after it carried out a study into the practices of some charities.

The information regulator yesterday released a report that looks at the data-protection practices of some of the 69 charities and voluntary groups that make up the Victims’ Services Alliance.

The report draws on findings from voluntary visits to five VSA members and the results of a survey completed by a further 27 members.

The report says that staff generally had good awareness of the requirement to keep data safe and were keen to do so, that personal data was anonymised by these organisations when producing statistics to share with funders, or for management information, and that office premises were generally physically secure.

But the report also makes a number of recommendations for improvement. It says formal agreements should be in place for the sharing of personal information, and VSA members should be clear which party is ultimately responsible for the security of personal information when sharing between organisations.

The report says charities should consider how long they need to retain information. "All VSA organisations should review the types of records holding personal data and identify how long they need to be retained after the relationship with the client, employee, counsellor or therapist ends," the report says. "If the information is no longer required, it should be securely destroyed."

The ICO says charities "need to have a formal home and remote working policy to ensure personal information continues to be handled correctly outside of the office", and it found inadequate protection for staff using portable or mobile devices or using personal devices for work purposes. The report says organisations must make sure their IT providers can give the same level of data security the charity itself would.

Victoria Heath, good practice group manager for the criminal and justice sector at the ICO, said: "Members of the VSA face a difficult challenge when it comes to looking after personal information. They often rely on a regular stream of volunteers to provide support to the victims they care for, while handling sensitive details relating to the abuse or mistreatment of vulnerable people. This creates a unique challenge and one we are pleased to say many organisations are meeting. Nevertheless, there are still a number of areas where organisations could be doing more to keep people’s information secure."

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus