Data Protection Policy
1. IDGN holds three types of information which are covered by this policy
– organisational information – publicly available information about organisations and some confidential information
– personal information – information about individuals such as names, addresses, job titles
– sensitive personal information – in general this kind of information is only held about employees and some clients. There are, however, instances where sensitive information is held about other people.
Information about organisations is not covered by the Data Protection Act.
However there is sometimes ambiguity about whether certain information is personal or organisational. For instance the contact details for a community organisation may be someone’s home address. Also IDGN should strive for best practice as regards organisational information. For these reasons organisational information is covered by this policy.
The organisations and people about which IDGN holds information are referred to in this policy as data subjects
2. IDGN will not hold information about individuals without their knowledge and consent.
3. IDGN will only hold information for specific purposes. It will inform data subjects what those purposes are. It will also inform them if those purposes change. The only exception to this is that IDGN will make it clear to members that it is a condition of their membership that IDGN will decide what should happen to information supplied about the organisation (but not about individuals within the organisation, other than postholder names).
4. Information will not be retained once it is no longer required for its stated purpose.
5. IDGN will seek to maintain accurate information by enabling data subjects to update the information held by telephone, post, email or personal visit.
6. Data subjects will be entitled to have access to information held about them by IDGN.
7. Information about data subjects will not be disclosed to other organisations or to individuals who are not members of IDGN staff or Trustee Board except in circumstances where this is a legal requirement, where there is explicit or implied consent or where the information is publicly available elsewhere.
8. IDGN has procedures for ensuring the security of all personal data. Paper records are held in a locked cabinet, and computerised information is password protected. Paper records containing confidential personnel data are disposed of in a secure way.
9. IDGN has a set of procedures covering all areas of its work which it follows to ensure that it achieves the aims set out above.
10. At the beginning of any new project or type of activity the member of staff managing it will consult the Chairman about any data protection implications.
11. There may be situations where IDGN works in partnership with other organisations on projects which require data sharing. IDGN will clarify which organisation is to be the Data Controller and will ensure that the Data Controller deals correctly with any data which IDGN has collected.
12. All new staff and trustees will be given training on the data protection policy and procedures.
13. IDGN will carry out an annual review of its data protection policy and procedures.