We collect personal data by email, paper forms, telephone, video recordings, photographs, and we move data around to each other every day.
But what’s the safest way to do this?
Data collected should be kept to the minimum for your purpose. It must also be kept no longer than needed; see page 12 of the Group Handbook.
When you collect personal data, always include a privacy statement. The Resource Library has guidance on learning how to write a privacy statement.
Here are some ways to move and store data safely:
Cloud (online) storage. Please only use cloud providers we’ve approved, e.g. OneDrive on Office 365. If you use any other storage please contact us.
Emails. If you need to send personal information via an email attachment, password protect the document and telephone the recipient with the password. Please use MS society email accounts when you can and remember to use the BCC field.
Paper forms and applications. Lock these away until you can upload them to a secure network (office 365 or your password protected device) and/or they can be safely destroyed. If out and about, be responsible for papers, don’t use transparent folders or leave them unattended.
USB sticks/flash drives. We don’t favour these, but to use them, they must be encrypted or password protected. Files should be uploaded to a secure network as soon as possible and then deleted from USB device.
For more information contact the Data governance team