|

Data protection in guiding

Good practice for unit records

  • If you leave records at the meeting place they must be locked away. Personal data must not be displayed in any public place.
  • If you store records at home, lock them away when not in use.
  • Keep all computer records in a password-protected database or file. Do not use an obvious password and never write the password down. Keep a password-protected backup copy of the information in a separate, safe place.
  • Check with each data subject that his/her record is correct at least once a year.
  • Destroy out-of-date records by burning or shredding. Make sure out-of-date computer records are deleted from the database or file and any discs are completely destroyed.
  • Do not give lists to non-guiding people or organisations such as churches unless you have gained permission from the girls' parents or guardians to do so. 
  • Do not use your records for anything other than guiding purposes.
  • Be prepared to show the girls, their parents or guardians, and adult Leaders what information you hold on them if they ask.
  • Try to keep your records in a way that, while looking at one person's details, you are not revealing someone else's on the same page.
  • Only record facts not opinions.
  • Only collect the information you need to carry out your role as a Leader or Commissioner.
  • If you keep lists of non-members, eg badge testers, then ensure that you have their approval to include them on a list.

Eight data-protection principles

Data must be:

  • processed 'fairly and lawfully'
  • obtained for a 'specified and lawful purpose'
  • adequate, relevant and not excessive to that purpose
  • accurate and up-to-date
  • kept only for as long as required for the purpose for which it was obtained
  • processed in accordance with the rights of data subjects
  • secure - the level of security being proportionate to the level of harm that could result if unauthorised access occurs
  • not transmitted outside the EEA without consent from the data subject.

Rights of data subjects

Data subjects have the right:

  • To know that the information is held and the purpose for which it is held.
  • To stop any automated processing (eg preference expressed that no data is held in a computer system).
  • To stop processing likely to cause 'substantial damage or distress'.
  • To receive prompt replies to queries concerning data held about the subject. (If requests are received from data subjects, copies of their records must be made available within 40 days.)
  • To prevent processing for the purposes of direct marketing.

Further information

For further information visit the Data protection website at http://www.dataprotection.gov.uk/ (this link will open in a new window).