Information regulator reminds charities they need adequate data-sharing policies

In a report publised yesterday, the Information Commissioner's Office examines the data-protection practices of some of the voluntary groups that make up the Victims' Services Alliance

Data protection
Data protection

The Information Commissioner’s Office has warned charities to ensure they have adequate policies for data sharing and retention after it carried out a study into the practices of some charities.

The information regulator yesterday released a report that looks at the data-protection practices of some of the 69 charities and voluntary groups that make up the Victims’ Services Alliance.

The report draws on findings from voluntary visits to five VSA members and the results of a survey completed by a further 27 members.

The report says that staff generally had good awareness of the requirement to keep data safe and were keen to do so, that personal data was anonymised by these organisations when producing statistics to share with funders, or for management information, and that office premises were generally physically secure.

But the report also makes a number of recommendations for improvement. It says formal agreements should be in place for the sharing of personal information, and VSA members should be clear which party is ultimately responsible for the security of personal information when sharing between organisations.

The report says charities should consider how long they need to retain information. "All VSA organisations should review the types of records holding personal data and identify how long they need to be retained after the relationship with the client, employee, counsellor or therapist ends," the report says. "If the information is no longer required, it should be securely destroyed."

The ICO says charities "need to have a formal home and remote working policy to ensure personal information continues to be handled correctly outside of the office", and it found inadequate protection for staff using portable or mobile devices or using personal devices for work purposes. The report says organisations must make sure their IT providers can give the same level of data security the charity itself would.

Victoria Heath, good practice group manager for the criminal and justice sector at the ICO, said: "Members of the VSA face a difficult challenge when it comes to looking after personal information. They often rely on a regular stream of volunteers to provide support to the victims they care for, while handling sensitive details relating to the abuse or mistreatment of vulnerable people. This creates a unique challenge and one we are pleased to say many organisations are meeting. Nevertheless, there are still a number of areas where organisations could be doing more to keep people’s information secure."

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Already registered?
Sign in
Follow us on:

Latest Management Jobs

RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners


Expert Hub

Insurance advice from Markel

Charity property: could you be entitled to a huge VAT saving?

Charity property: could you be entitled to a huge VAT saving?

Promotion from Third Sector promotion

When a property is being constructed, VAT is charged at the standard rate. But if you're a charity, health body, educational institution, housing association or finance house, the work may well fall into a category that justifies zero-rating - and you could make a massive saving