NCFI Data Protection Guidelines for Staff and Volunteers
NCFI, as an NGO running events, sending out electronic publications (including journals, newsletters and training materials) and regularly communicating with member fellowships and associate members in many different countries, handles a lot of data about organisations and individuals. These guidelines relate to how staff and volunteers processing data at events and for electronic and other communications should handle that data securely and appropriately. These guidelines relate particularly to how we handle all personal data of individuals, around which there are several legal requirements in different jurisdictions.
NB – these guidelines should be read in conjunction with the NCFI Policy of Privacy
1) Keeping personal information secure
- keep passwords secure – change regularly, no sharing
- lock / log off computers when away from their desks
- dispose of confidential paper waste securely by shredding
- prevent virus attacks by taking care when opening emails and attachments or visiting new websites
- work on a ‘clear desk’ basis – by securely storing hard copy personal information when it is not being used
- position computer screens away from windows to prevent accidental disclosures of personal information.
- encrypt personal information that is being taken out of the office if it would cause damage or distress if lost or stolen?
- keep back-ups of all information in a secure location.
2) Meeting the reasonable expectations of members, volunteers and employees:
- collect only the personal information that we need for a particular organisational purpose
- explain new or changed purposes for which we will need data to members, volunteers an d employees
- obtain consent or provide an opt-out where appropriate
- update records promptly – for example, changes of address
- promptly delete personal information the NCFI no longer requires
- be aware that you are committing an offence if you release member, volunteer or employee records without consent
3) Disclosing personal information over the telephone or by email
- be aware of fraudsters and other who will try and trick you to give out personal information
- to prevent these disclosures, you should carry out identity checks before giving out personal information to someone making an incoming call or email
- perform similar checks when making outgoing calls
- limit the amount of personal information given out over the telephone or by email and to follow up with written confirmation if necessary.
4) Handling requests from individuals for their personal information
(In some documents this may also be referred to as ‘Subject Access Requests’)
- people have a right to have a copy of the personal information you hold
- If you receive a subject access request, you must respond within 40 days
- you must carry out identity checks on the person requesting the information to ensure that they are the person whose data you hold
- if you are uncertain, refer to an appropriate member of the NCFI Executive Committee
Adopted October 27th 2018 by the NCFI Executive Committee
President, NCFI International Board
This policy will be reviewed every 2 years.
This policy will be distributed to every National Nurses Christian Fellowships