Voluntary organisations face particular challenges in their efforts to respect data protection laws.
Often, a dedicated core of professional staff will work with teams of volunteers, many of whom may cease volunteering after a few months, realising that it’s just not for them. Other volunteers remain with the organisation for years – and can feel a far greater sense of affinity with its aims and objectives than do some of its staff. Many volunteers process considerable amounts of sensitive personal information about clients. But, information governance controls can be extremely hard to implement at the local level.
How can the professional staff within such organisations engage with these different types of volunteers and get them to follow good data handling practices? With some difficulty, according to a recent ICO report.
A quick glace at the ICO’s website enables the casual reader to appreciate that a report has just been published about the data handling practices of a number of charities and voluntary groups that work with either victims of crime or people that are associated with victims of crime.
Evidently, “many organisations” are meeting the difficult challenges that are faced. However, there are still a number of areas where they could be doing “more to keep people’s information secure.” These are “important areas that need addressing.”
What then follows is a list of three areas of best practice and three areas where improvements are required in a number of priority areas. The areas of best practice are described in 61 words. The areas where improvements are required are described in 100 words.
So, no real cause for concern, then.
Or is there?
Because when the committed reader reads the actual report, a slightly different story emerges.
If all were well and good, I might expect the actual report to spend about twice as long referring to the areas for improvement than it does on the areas of good practice. That’s what I’ve been led to assume, after reading the blurb.
Alas, this is not the case.
The areas of good practice can described on a single page.
But it takes 12 pages to set out the areas for improvement, which should be considered as a priority for all VSA organisations.
The ICO is keen to spell out what is going wrong, but not in a manner that draws too much attention to the casual reader (i.e. the reader that doesn’t read the actual report).
I only hope its message – when expressed directly (and possibly privately) to the VSA organisations - is a lot clearer than the general statement on the website. The public message doesn’t draw sufficient attention to the serious issues that do need to be addressed.