Keeping data safe
2 September 2015
The world contains an unimaginable amount of data which is growing each day, and much of what we do day-to-day is driven by this—from our shopping habits to the apps on our smart phones. It’s no surprise that our interest in this data has also increased, with questions about access, ownership, use and privacy coming to the fore. There is not a one-size-fits-all answer to these issues—use of data and data protection are complicated topics—so perhaps it’s no wonder than charities have struggled to adapt to the ‘data revolution’.
Recent media stories have unfortunately highlighted the problems that data mismanagement can cause and charities can’t afford the risk to reputation—not to mention the potential harm to beneficiaries—of a serious data handling mistake. In recent months a number of our clients and contacts have got in touch with questions about data protection, reflecting the current atmosphere and increasing profile data has within the sector. Many of these discussions have been shrouded in confusion and even fear—but charities need to use data. Well managed and effective data collection can do a lot of good: to improve services, help reach the right people and evidence impact. We don’t want charities to be afraid of data, however they do need to be aware of the responsibilities they have to those whose data they hold.
The 1998 Data Protection Act (DPA) lays out the key principles and guidance on data protection, but with 75 sections, 16 schedules and continuous use of legal jargon it is not a quick or easy read. NPC’s new paper Protecting your beneficiaries, protecting your organisation aims to introduce non-specialists to UK data protection regulations, risks and good practice—as well as pointing to trusted sources of information and training. The paper lays out ten points charities need to consider when collecting, storing and using personal data, which are based on the eight DPA principles. As well as these ten points, the paper also provides examples of when things may have gone wrong in the past. Looking at these examples will help charities be more aware of potential pitfalls and take action to avoid making similar mistakes.
Though the topic of data can often seem dry or geeky, it is of the utmost importance and I would urge charities to read this guide. I think it’s important to point out it is for ALL employees in an organisation to understand how data is collected, stored and used—staff need to properly understand the data protection procedures. Our paper should provide a useful starting point for a charity to assess its current data protection practices and consider what needs changing and improving, although I would stress that this is not legal advice and you should aim to understand the DPA in full—the Information Commissioner’s Office (ICO) offers useful guidance. The EU General Data Protection Regulation (GDPR) is expected to come into force in 2018 and is likely to strengthen data protection laws further— so now really is the time to get started.
Much of our work at NPC encourages charities to realise the potential of data, for example through our Data Labs project (opening up administrative data), the Inspiring Impact programme (data to understand impact) and Improving your Evidence (supporting the criminal justice sector to identify and use good quality evidence). If you have any questions about our data work, please contact Tracey.