Data Protection

Data protection in guiding

Good practice for unit records

• If you leave records at the meeting place they must be locked away. Personal data must not be displayed in any public place.
• If you store records at home, lock them away when not in use.
• Keep all computer records in a password-protected database or file. Do not use an obvious password and never write the password down. Keep a password-protected backup copy of the information in a separate, safe place.
• Check with each data subject that his/her record is correct at least once a year.
• Destroy out-of-date records by burning or shredding. Make sure out-of-date computer records are deleted from the database or file and any discs are completely destroyed.
• Do not give lists to non-guiding people or organisations such as churches unless you have gained permission from the girls' parents or guardians to do so. 
• Do not use your records for anything other than guiding purposes.
• Be prepared to show the girls, their parents or guardians, and adult Leaders what information you hold on them if they ask.
• Try to keep your records in a way that, while looking at one person's details, you are not revealing someone else's on the same page.
• Only record facts not opinions.
• Only collect the information you need to carry out your role as a Leader or Commissioner.
• If you keep lists of non-members, eg badge testers, then ensure that you have their approval to include them on a list.

Eight data-protection principles

Data must be:

• processed 'fairly and lawfully'
• obtained for a 'specified and lawful purpose'
• adequate, relevant and not excessive to that purpose
• accurate and up-to-date
• kept only for as long as required for the purpose for which it was obtained
• processed in accordance with the rights of data subjects
• secure - the level of security being proportionate to the level of harm that could result if unauthorised access occurs
• not transmitted outside the EEA without consent from the data subject.

Rights of data subjects

Data subjects have the right:

• To know that the information is held and the purpose for which it is held.
• To stop any automated processing (eg preference expressed that no data is held in a computer system).
• To stop processing likely to cause 'substantial damage or distress'.
• To receive prompt replies to queries concerning data held about the subject. (If requests are received from data subjects, copies of their records must be made available within 40 days.)
• To prevent processing for the purposes of direct marketing.

Further information

For further information visit the Data protection website at http://www.dataprotection.gov.uk/ (this link will open in a new window).