Data protection in guiding
Good practice for unit records
- If you leave records at the meeting place they must be locked away. Personal data must not be displayed in any public place.
- If you store records at home, lock them away when not in use.
- Keep all computer records in a password-protected database or file. Do not use an obvious password and never write the password down. Keep a password-protected backup copy of the information in a separate, safe place.
- Check with each data subject that his/her record is correct at least once a year.
- Destroy out-of-date records by burning or shredding. Make sure out-of-date computer records are deleted from the database or file and any discs are completely destroyed.
- Do not give lists to non-guiding people or organisations such as churches unless you have gained permission from the girls' parents or guardians to do so.
- Do not use your records for anything other than guiding purposes.
- Be prepared to show the girls, their parents or guardians, and adult Leaders what information you hold on them if they ask.
- Try to keep your records in a way that, while looking at one person's details, you are not revealing someone else's on the same page.
- Only record facts not opinions.
- Only collect the information you need to carry out your role as a Leader or Commissioner.
- If you keep lists of non-members, eg badge testers, then ensure that you have their approval to include them on a list.
Eight data-protection principles
Data must be:
- processed 'fairly and lawfully'
- obtained for a 'specified and lawful purpose'
- adequate, relevant and not excessive to that purpose
- accurate and up-to-date
- kept only for as long as required for the purpose for which it was obtained
- processed in accordance with the rights of data subjects
- secure - the level of security being proportionate to the level of harm that could result if unauthorised access occurs
- not transmitted outside the EEA without consent from the data subject.
Rights of data subjects
Data subjects have the right:
- To know that the information is held and the purpose for which it is held.
- To stop any automated processing (eg preference expressed that no data is held in a computer system).
- To stop processing likely to cause 'substantial damage or distress'.
- To receive prompt replies to queries concerning data held about the subject. (If requests are received from data subjects, copies of their records must be made available within 40 days.)
- To prevent processing for the purposes of direct marketing.
For further information visit the Data protection website at http://www.dataprotection.gov.uk/ (this link will open in a new window).