|
Home
[Accessibility Options]
Information Team

45. How does the Data Protection Act affect volunteering?

In law any organisation that collects personal data about individuals is known as a data controller and will have to comply with the Data Protection Act 1998. The Act covers information held on a computer or in paper files about a living individual who could potentially be identified from the data. Anything that you do with data is known as 'processing'. There are eight data protection principles that anyone processing data should follow. Data must be:

  • Fairly and lawfully processed
  • Processed only for specified particular purposes
  • Adequate, relevant and not excessive for the purposes for which it is kept
  • Accurate and kept up to date
  • Not kept longer than necessary for the purpose
  • Processed in accordance to the subject's rights
  • Kept with appropriate security measures
  • Not transferred to countries outside the EEC (data published on the internet is automatically regarded as an overseas transfer)

Data processing should only take place if:

  • The person who the information is about has given permission, knows who is using the information, what for and who it is likely to be passed on to. It is assumed that by agreeing to fill out application forms etc. people have given implicit permission because it is obvious what the information will be used for. However when collecting sensitive data (criminal records, health, equal opportunities information etc.) explicit permission must be sought

Or:

  • It is necessary for the completion of a contract with the data subject

Or:

  • It is necessary to protect the interest of the individual or carry out public functions

Or:

  • There is a legal obligation to process the information

For most organisations the main points that they will need to remember are: to make sure that everyone that you hold information about knows that you do and has given permission for it to be stored and used. To make sure that records are not held for longer than necessary and are stored and disposed of securely and to make sure that records are held in such a way that individuals who wish to see what information you hold about them can.

It is a good idea to have a Data Protection Policy. This will be particularly useful for organisations who are going to register with the Criminal Records Bureau as the CRB wants to know how very confidential Disclosure material will be stored and dealt with before it agrees to send it out.

Useful links from this page:

Data Protection Act 1998

Information Commissioner (office responsible for overseeing the Act)

Bookmark with:

  • Submit this page to del.icio.us
  • Submit this page to Digg
  • Submit this page to Newsvine
  • Submit this page to Reddit
  • Submit this page to Facebook
  • Submit this page to StumbleUpon
 
 
© Volunteering England, 2008