Thursday 22 Jan 2015 @ 15:05
Information Commissioner's Office
Printable version

New report helps Victims Services Alliance organisations meet data protection challenge

The Information Commissioner’s Office (ICO) has published a report highlighting how organisations attached to the Victims Services Alliance (VSA) are looking after people’s information in compliance with the Data Protection Act (DPA).

The VSA is a national network of 69 charities and voluntary groups who work with victims of crime. They work to improve services to victims of crime, their families and others who may have been affected by crime. In order to provide these services they may be handling sensitive personal information, including details of individuals’ health and welfare. These organisations also rely on volunteers and temporary workers which means they can have a high turnover of staff.

The report provides an overview of the ICO’s findings from examining the data protection practices at five VSA organisations and the results of a data protection survey responded to by 27 representatives from other VSA members.

ICO Good Practice Group Manager for the Criminal and Justice Sector, Victoria Heath, said:

“Members of the Victims Services Alliance face a difficult challenge when it comes to looking after personal information. They often rely on a regular stream of volunteers to provide support to the victims they care for, while handling sensitive details relating to the abuse or mistreatment of vulnerable people. This creates a unique challenge and one we are pleased to say many organisations are meeting.

“Nevertheless, there are still a number of areas where organisations could be doing more to keep people’s information secure. For example, most VSA organisations don’t appear to have a formal retention schedule explaining when personal information should be securely deleted. There was also inconsistent advice given to home workers. With 41% of VSA staff working from home these are important issues that need addressing. Our report will help organisations achieve this by introducing relatively minor changes to their existing practices.”

Some of the areas of best practice identified in yesterday’s outcomes report that other VSA organisations can learn from include:

  • The majority of staff (85%) are vetted by the Disclosure and Barring Service before being appointed.
  • The Criminal Justice Secure Mail email system is used for sending personal information between agencies ensuring the information remains secure.
  • Most staff working at VSA organisations are aware of the need to only record personal information that is adequate and relevant for a specific purpose.


The outcomes report also highlights the need for improvements in a number of priority areas including:

  • Organisations should identify which party is ultimately responsible for keeping the personal information being processed secure, known under the DPA as the data controller, and which organisation is only handling the information on behalf of another body, known under the DPA as a data processor.
  • Organisations need to have a formal home and remote working policy to ensure personal information continues to be handled correctly outside of the office.
  • Organisations should ensure that data sharing agreements are in place so that both parties know the circumstances under which personal information should be shared and the secure process for doing so.

The report provides links to relevant guidance from the ICO and other recognised bodies to help VSA organisations look after people’s information.

Findings from ICO advisory visits and contact with Victims’ Services Alliance Organisations

Action we've taken

PDF (219.45K)

Notes to Editors

  1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  1. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
  1. The ICO is on TwitterFacebook and LinkedIn. Read more in the ICO blog and e-newsletter.Our Press Office page provides more information for journalists.
  1. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive

 

Channel website: https://ico.org.uk/

Share this article

Latest News from
Information Commissioner's Office

ICO statement on Upper Tribunal ruling

25/04/2024 14:10:00

The Upper Tribunal has ruled on our action to require Experian Limited to change how it handles people’s personal data, dismissing our appeal of the First-tier Tribunal’s ruling of 20 February 2023.

ICO fines two companies a total of £340,000 for making aggressive and unwanted marketing calls

24/04/2024 15:20:00

The Information Commissioner’s Office (ICO) has fined Cardiff-based Outsource Strategies Ltd (OSL) £240,000 and London-based Dr Telemarketing Ltd (DRT)£100,000 after the companies made a total of almost 1.43 million calls to people on the UK’s “do not call” register, the Telephone Preference Service (TPS).

Housing association reprimanded for exposing personal information on online portal

19/04/2024 14:10:00

We have issued a reprimand to Clyde Valley Housing Association in Lanarkshire after personal information was accessible to other residents on an online customer portal. 

ICO publishes guidance to improve transparency in health and social care

16/04/2024 09:10:00

The Information Commissioner’s Office (ICO) is supporting health and social care organisations to ensure they are being transparent with people about how their personal information is being used.

Information Commissioner’s Office seeks views on accuracy of generative AI models

12/04/2024 12:25:00

The Information Commissioner’s Office (ICO) has launched the latest instalment in its consultation series examining how data protection law applies to the development and use of generative AI.

ICO joins global data protection and privacy enforcement programme

04/04/2024 15:20:00

The Information Commissioner’s Office (ICO) has signed onto a new international multilateral agreement with the Global Cooperation Arrangement for Privacy Enforcement (Global CAPE) to cooperate in cross-border data protection and privacy enforcement.

ICO sets out priorities to protect children's privacy online

04/04/2024 09:10:00

The Information Commissioner’s Office (ICO) is calling on social media and video-sharing platforms to improve their data protection practices so children are safer when using their services. 

ICO publishes new fining guidance

19/03/2024 09:10:00

The Information Commissioner’s Office has published new data protection fining guidance setting out how it decides to issue penalties and calculate fines.

ICO reprimands Dover Harbour Board and Kent Police over information sharing

18/03/2024 10:20:00

The Information Commissioner’s Office (ICO) has issued reprimands to Dover Harbour Board and Kent Police after they breached data protection law.