Charities urged to sign up for ICO data protection Check up
Submit Articles Back to Articles
News release 8 August 2012
Charities urged to sign up for ICO data protection
‘check up’ as top five tips revealed
Charities and third sector organisations stand to
benefit most from a data protection ‘check up’, the Information
Commissioner’s Office (ICO) confirmed today as the ICO published its
top five areas for improvement for small and medium sized
With charities often handling sensitive
information, such as individuals’ medical details, they are potentially
more susceptible to encountering a serious data breach. This could
result in the ICO serving the organisation with a monetary penalty of
up to £500,000. However by using today’s top five tips and signing up
for a free one day advisory visit, the ICO is highlighting the support
available to help them keep their personal information secure.
Louise Byers, Head of Good Practice at the ICO,
“We are aware that charities are often handling
extremely sensitive information relating to the health and wellbeing of
vulnerable people. With these organisations often lacking the money to
employ dedicated information governance staff, there’s a danger that
many charities may be struggling to look after people’s data.Charities
urged to sign up for ICO data protection
“We have published today’s top five areas for
improvement to show the voluntary and charity sector that good data
protection practices can be cheap and easy to introduce, providing they
have the right help and support.
“A one day advisory visit from the ICO provides
charities with a data protection ‘check up’ and practical advice on how
they can look after people’s information. We
are now calling on these organisations to use the summer period to
check that their data protection practices are adequate and get in
touch before it is too late.”
Sam Younger, Chief Executive of the Charity
“Trustees are responsible for ensuring their
charity complies with relevant legislation – including the Data
Protection Act – and for protecting their charity’s reputation.
Mishandling sensitive data not only causes individuals serious
distress, it can also damage the good name of your charity.
So I encourage trustees of charities that handle
sensitive data to take note of the ICO’s guidance and consider taking
part in an ICO advisory visit.”
The ICO’s top five areas for improvement are:
- Tell people
what you are doing with their data. People should
know what you are doing with their information and who it will be
shared with. This is a legal requirement (as well as established best
practice) so it is important you are open and honest with people about
how their data will be used.
- Make sure your
staff are adequately trained. New employees
must receive data protection training to explain how they should store
and handle personal information. Refresher training should be provided
at regular intervals for existing staff.
- Use strong
passwords. There is no
point protecting the personal information you hold with a password if
that password is easy to guess. All passwords should contain upper and
lower case letters, a number and ideally a symbol. This will help to
keep your information secure from would-be thieves.
- Encrypt all
portable devices. Make sure all
portable devices – such as memory sticks and laptops – used to store
personal information are encrypted.
- Only keep
people’s information for as long as necessary. Make sure your
organisation has established retention periods in place and set up a
process for deleting personal information once it is no longer
are provided free of charge and give small and medium sized
organisations the opportunity to discuss and receive practical advice
from the ICO aimed at improving their data protection practices. The
visits last one day and each organisation is provided with a short
report summarising the ICO’s findings and providing practical advice on
how they can improve.
Today’s top five
list covers the main areas for improvement highlighted by previous
advisory visits carried out at small and medium sized charities and
third sector organisations.
information about the ICO’s advisory visits can be found on the ICO
Organisations that would like
to be considered for an advisory visit are invited to register their
interest by sending an email to email@example.com.
Summary reports of the advisory visits already
carried out by the ICO with small and medium sized organisations are
The ICO has also produced guidance for the charity
sector, which is available on the ICO website at:
If you need more information, please contact the
ICO press office on 0303
123 9070 or visit the website at: www.ico.gov.uk.
The Information Commissioner’s Office upholds
information rights in the public interest, promoting openness by public
bodies and data privacy for individuals.
The ICO has specific responsibilities set out
in the Data Protection Act 1998, the Freedom of Information Act 2000,
Environmental Information Regulations 2004 and Privacy and Electronic
Communications Regulations 2003.
Anyone who processes personal information must
comply with eight principles of the Data Protection Act, which make
sure that personal information is:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
to other countries without adequate protection
4. The Charity
Commission is the independent regulator of charities in England and Wales.
for further information.
About the Author
The Information Commissioner’s Office is the UK’s
independent authority set up to uphold information rights in the public
interest, promoting openness by public bodies and data privacy for
individuals. We do this by promoting good practice, ruling on
complaints, providing information to individuals and organisations and
taking appropriate action when the law is broken.
The ICO enforces and oversees the following
- Data Protection Act 1998
- Freedom of Information Act 2000
- Privacy and Electronic Communications
- Environmental Information Regulations
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2012-08-16 09:06:34 in Business Articles
All ICO Articles