ICO to give one-day training to charities on data protection
The Information Commissioner’s Office has offered small and medium-sized organizations a free day advisory visit to improve their data protection practices.
Advisory visits are provided free of charge and give small and medium-sized organisations the opportunity to discuss and receive practical advice from the ICO aimed at improving their data protection practices. The visits last one day and each organisation is provided with a short report summarising the ICO’s findings and providing practical advice on how they can improve. Information on visits can be found on its website.
Sam Younger, chief executive of the Charity Commission said:
“Trustees are responsible for ensuring their charity complies with relevant legislation – including the Data Protection Act – and for protecting their charity’s reputation. Mishandling sensitive data not only causes individuals serious distress, it can also damage the good name of your charity.
"So I encourage trustees of charities that handle sensitive data to take note of the ICO’s guidance and consider taking part in an ICO advisory visit.”
The ICO’s top five areas for improvement are:
- Tell people what you are doing with their data. People should know what you are doing with their information and who it will be shared with. This is a legal requirement (as well as established best practice) so it is important you are open and honest with people about how their data will be used.
- Make sure your staff are adequately trained. New employees must receive data protection training to explain how they should store and handle personal information. Refresher training should be provided at regular intervals for existing staff.
- Use strong passwords. There is no point protecting the personal information you hold with a password if that password is easy to guess. All passwords should contain upper and lower case letters, a number and ideally a symbol. This will help to keep your information secure from would-be thieves.
- Encrypt all portable devices. Make sure all portable devices – such as memory sticks and laptops – used to store personal information are encrypted.
- Only keep people’s information for as long as necessary. Make sure your organisation has established retention periods in place and set up a process for deleting personal information once it is no longer required.
This article was taken from www.civilsociety.co.uk – http://www.civilsociety.co.uk/it/news/content/13142