ICO publish a report on its findings from 32 Advisory Visits to charities
ICO publish a report on its findings from 32 Advisory Visits to charities
The Information Commissioner’s Office (ICO) is the regulator responsible for ensuring that organisations comply with the Data Protection Act 1998.
In 2012/13 the ICO undertook 32 advisory visits at various charitable organisations to gain a better understanding of the processing they undertake and the circumstances in which they operate, and has published a report on its findings.
The ICO’s top five areas for improvement in the charities it visited were:
- Charities should tell people what they are doing with their data. People should know what the charity is doing with their information and who it will be shared with. This is a legal requirement (as well as established best practice) so it is important charities are open and honest with people about how their data will be used;
- Make sure staff are adequately trained. New employees must receive data protection training to explain how they should store and handle personal information and refresher training should be provided at regular intervals for existing staff;
- Use strong passwords. There is no point protecting the personal information with a password if that password is easy to guess. All passwords should contain upper and lower case letters, a number and ideally a symbol. This will help to keep your information secure from would-be thieves;
- Encrypt all portable devices. Make sure all portable devices are encrypted for example memory sticks and laptops;
- Only keep people’s information for as long as necessary. Make sure your organisation has established retention periods in place and set up a process for deleting personal information once it is no longer required.
IBB’s specialist charity lawyers have a wealth of experience in delivering practical commercial advice to charities and not for profit organisations and those who work with them. Contact our charity law team here, call 01895 207809 or email charities@ibblaw.co.uk.