The Society has a responsibility to ensure that there is no unauthorised access or accidental loss of personal or sensitive data.
This applies to the following types of data:
Personal Data - any data which relates to a living individual who can be identified from the data ( name, address, post code, etc)
Sensitive Personal Data - concerns the subject’s health or criminal record, or financial information (sort code, account number, debit or credit card details)
Commercially Sensitive Data - any information that could lead to commercial risk to the Society (eg members’ details, group leaders’ details, volunteers’ details)
Group Leaders and Group Volunteers have access to the Society’s membership data. Lists and reports are provided to Group Leaders which include personal details of members living in the group area and of other volunteers in the locality. These may be provided in print or electronic format.
The Society’s policy is to ensure that no person’s details are passed on to a third party without the express permission of that individual. Group Leaders and Volunteers have a responsibility to ensure that any personal details they are given or collect are treated with care.
The information provided on the reports is confidential and is not to be passed to any third-party. Names and addresses, email addresses and phone numbers are not to be published, distributed or used outside of the Society.
If a Group Leader wishes to share information on any of their group members with other parties, they must obtain permission from the individuals concerned and record that this permission has been asked for and given.
All hard copies of personal details are to be kept safe and stowed away at night and all redundant documents containing personal details should be shredded.
Hard copies of data should only be taken with you when travelling away from home when absolutely necessary. It should never be left in an exposed or unsecure place and should always be stored out of sight in a vehicle. Hard copies should not be given to other people.
Any personal data stored on desk top computers, laptop computers and mobile phones should be password protected. Passwords should be changed regularly.
Portable devices should not be left unsecured or unattended. Electronic documents and files should be deleted when no longer required. Lost or stolen data should be reported to the Regional Manager immediately.
On leaving the position of Group Leader, the Group Leader should ensure all reports, documents and files containing Society data are either passed on to the next Group Leader or to the Regional Manager, or, if no longer required, are deleted and shredded.
If you receive a subject access request (ie someone requests all the information the Society holds about them) this should be passed on immediately to the Society’s Data Protection Officer, John McKay, at Head Office – Telephone 01264 350 551
Version 4: 12 February 2020