The inhabitants of our overcrowded island value their privacy highly. A survey earlier this year showed that only 10 per cent of us trust the Government with our personal data. Given the loss of the personal details of more than 80,000 prisoners this summer, the figures might now be even lower.
The well-documented rise in incidents of identity fraud and internet phishing scams means that the security of personal data now encompasses financial loss as well as the loss of public trust.
The fact that there hasn't been a voluntary sector data loss scandal does not mean there is any room for complacency. Whether it is the financial records of supporters or the sensitive records of beneficiaries, charities need to be proactive in ensuring the security of their information.
Outsourcing data management to professionals does not get a charity off the hook if something goes wrong: the legal responsibility and liability for what it does with that information remain with the charity.
A high number of security breaches are staff-related, so charities handling data in-house need to be confident about their recruitment and monitoring systems and have crisis plans in place. If outsourcing, they need to be confident that the data-management company applies rigorous screening, monitoring and management systems.
In the rare number of instances where charity data has been hacked into, public sympathy so far has been firmly with them. But no charity can rely on getting the sympathy vote if it is shown to have been negligent.
Trustees need to recognise that handling the data of donors and beneficiaries is a risk. For advice on how to manage it, see the good practice notes on the Information Commissioner's Office website.
- Rosie Chapman is executive director of policy and effectiveness at the commission.