Voluntary
organisations face particular challenges in their efforts to respect data
protection laws.
Often, a dedicated core of professional staff will work with
teams of volunteers, many of whom may cease volunteering after a few months, realising
that it’s just not for them. Other volunteers remain with the organisation for
years – and can feel a far greater sense of affinity with its aims and
objectives than do some of its staff. Many volunteers process considerable
amounts of sensitive personal information about clients. But, information
governance controls can be extremely hard to implement at the local level.
How
can the professional staff within such organisations engage with these
different types of volunteers and get them to follow good data handling
practices? With some difficulty,
according to a recent ICO report.
A
quick glace at the ICO’s website enables the casual reader to appreciate that a
report has just been published about the data handling practices of a
number of charities and voluntary groups that work with either victims of crime
or people that are associated with victims of crime.
Evidently,
“many organisations” are meeting the difficult challenges that are faced. However,
there are still a number of areas where they could be doing “more to keep
people’s information secure.” These are “important areas that need addressing.”
What
then follows is a list of three areas of best practice and three areas where
improvements are required in a number of priority areas. The areas of best
practice are described in 61 words. The areas where improvements are required
are described in 100 words.
So,
no real cause for concern, then.
Or
is there?
Because
when the committed reader reads the actual report, a slightly different story emerges.
If
all were well and good, I might expect the actual report to spend about twice
as long referring to the areas for improvement than it does on the areas of
good practice. That’s what I’ve been led to assume, after reading the blurb.
Alas,
this is not the case.
The
areas of good practice can described on a single page.
But
it takes 12 pages to set out the areas for improvement, which should be
considered as a priority for all VSA organisations.
The
ICO is keen to spell out what is going wrong, but not in a manner that draws
too much attention to the casual reader (i.e. the reader that doesn’t read the
actual report).
I
only hope its message – when expressed directly (and possibly privately) to the VSA organisations - is a lot clearer than the general statement on
the website. The public message doesn’t draw sufficient attention to the
serious issues that do need to be addressed.
Sources:
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2015/01/new-report-helps-victims-services-alliance-organisations-meet-data-protection-challenge/
https://ico.org.uk/media/action-weve-taken/audits-and-advisory-visits/1043091/outcomes-report-victims-services-alliance-organisations.pdf
.
Posts
