ICO report helps Victims Services Alliance organisations meet data protection challenge

The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals

The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals

The Information Commissioner’s Office (ICO) has published a new report highlighting how organisations attached to the Victims Services Alliance are looking after individuals’ information in compliance with the Data Protection Act.

The Victims Services Alliance (VSA) is a national network of 69 charities and voluntary groups who work with the victims of crime. They strive to improve services to victims of crime, their families and others who may have been affected by criminality.

In order to provide these services they may be handling sensitive personal information, including details of individuals’ health and welfare. These organisations also rely on volunteers and temporary workers which means they can have a high turnover of staff.

The report provides an overview of the ICO’s findings from examining the data protection practices at five VSA organisations and the results of a data protection survey responded to by 27 representatives from other VSA members.

Victoria Heath – manager of the ICO’s Good Practice Group for the Criminal Justice Sector – explained: “Members of the Victims Services Alliance face a difficult challenge when it comes to looking after personal information. They often rely on a regular stream of volunteers to provide support to the victims for whom they care while handling sensitive details relating to the abuse or mistreatment of vulnerable people. This creates a unique challenge and one we’re very pleased to say many organisations are meeting.”

Heath continued: “Nevertheless, there are still a number of areas where organisations could be doing more to keep individuals’ information secure. For example, most VSA organisations don’t appear to have a formal retention schedule explaining when personal information should be securely deleted. There was also inconsistent advice given to home workers. With 41% of VSA staff working from home these are important issues that need to be addressed. Our report will help organisations achieve this by introducing relatively minor changes to their existing practices.”

Outlining areas of Best Practice

Some of the Best Practice areas identified in the outcomes report that other VSA organisations can learn from include the following:

*The majority of staff (85%) are vetted by the Disclosure and Barring Service before being appointed

*The Criminal Justice Secure Mail e-mail system is used for sending personal information between agencies ensuring that the information remains secure

*Most staff working at VSA organisations are aware of the need to only record personal information that’s adequate and relevant for a specific purpose

The outcomes report also highlights the need for improvements in a number of priority areas including:

*Organisations should identify which party (known under the Data Protection Act as the data controller) is ultimately responsible for keeping the personal information being processed secure, and which organisation (known under the Data Protection Act as a data processor) is handling the information on behalf of another body

*Organisations need to have a formal home and remote working policy in place to ensure personal information continues to be handled correctly outside of the office environment

*Organisations should ensure that data sharing agreements are in place so that both parties know the circumstances under which personal information should be shared (and the secure process for doing so)

Importantly, the report provides links to relevant guidance from the ICO and other recognised bodies to help VSA organisations look after people’s information.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts