As a charity, you most likely responsible for thousands of donors’ personal data—all of which is protected by the Data Protection Act.
If your organisation misuses donors’ personal data, you risk fines and other penalties. To ensure that your organisation correctly handles and manages donors’ personal data, follow these four best practices:
1. Be transparent. You must clearly explain to your donors what you are doing with their personal information, how it will be stored and for how long it will be stored.
2. Train your staff. Provide staff with an annual data protection training that explains how they should handle and store personal information. In addition, all passwords should contain upper- and lowercase letters, numbers and special characters.
3. Encrypt all portable devices. Every portable device that contains personal information should be encrypted. In addition, you should develop safe practices for employees’ personal portable devices—including mobile phones.
4. Do not indefinitely store donors’ personal information. Establish retention periods and set up a process for deleting donors’ personal data once it is no longer needed.
There has evidently been a range of publicity around the use of personal data within charities in recent times, so maintaining good practice and accountability is of the utmost importance in retaining the confidence of donors and the public at large. Following these simple steps should help you to avoid costly data leakage or data misuse. and the reputational damage that comes with it.
Bollington offers cyber liability insurance to help protect your charity against these risks and others. Call us on 01625 348 029 for further assistance and information.
