Charity trustees, data protection and risk

Charity trustees, data protection and risk

Charity trustees are faced with many legal requirements and much guidance about good practice. Keeping on top of what is expected of them to comply with their duties and responsibilities as charity trustees is by no means easy. The need for charities and charity trustees to comply with legislation that is not charity specific, in addition to the requirements of charity law, makes life for charity trustees that much more difficult.
   
Compliance with data protection legislation is just one such requirement. Processing personal data will be part and parcel of the operation for many charities. Indeed, as the Information Commissioner acknowledged in its warning to charities this year, charities will very often be vulnerable to more serious breach of data protection given that they will often process sensitive personal data.

The fine of £70,000 imposed by the Information Commissioner on the charity Norwood Ravenswood Ltd, as reported this week, is the first of its kind. Perhaps fines of that size are unlikely to become common place. But the episode illustrates the very real risks for charities posed by lack of compliance with this legislation.
    
The consequences of non compliance will not always be so severe, of course. The Information Commissioner reported in August having issued three warnings to charities regarding the loss of personal data this year, which on the face of it does not sound so bad.

But when you hear that those incidents arose through the use of memory sticks and laptops, which are now commonplace, it does bring home the risks. Risks which would fall within the scope of the Charity Commission guidance Charities and Risk Management CC26 and which charity trustees are expected to manage and mitigate. (Risk in this area might potentially, but you would hope less likely, fall within the remit of Reporting Serious Incidents updated by the Charity Commission in September this year).

Help is at hand however for charity trustees looking to mitigate this particular risk. Start with the bespoke guidance for charities issued by the Information Commissioner in August on how to steer clear of danger, including five top tips and the opportunity to arrange free advisory visits. 

See http://www.ico.gov.uk/news/latest_news/2012/charities-urged-to-sign-up-for-ico-data-protection-check-up-top-five-tips-08082012.aspx