Moulton Allotments C.I.C. takes its duties regarding data protection very seriously. In this regard the board has undertook to formally appoint Kevin White as the IT director. Kevin is an IT professional with more than 20 years experience. He has a degree in software engineering and a post graduate diploma in IT management. Kevin is primarily responsible for IT governance including compliance.
In order to comply with the Data Protection Act 1998, Moulton Allotments C.I.C. has taken a number of steps:
- absolutely no personal data will be sent unencrypted via email or any another insecure channel (1)
- board and committee members have already received brief training but will receive further regular training on correct and compliant data handling
- all data held centrally on a secure server that is only accessible over a secure channel and only to people that require access
- ‘double-lock’ encryption: personal data are not in plain text day-to-day which technically means that we do not even hold personal data and is the ultimate protection against data breaches
- no use or storage of “sensitive data”
- fair use of data: schedule 2, point 6
- annual review and compliance assessment
- voluntary annual registration with the ICO
Furthermore, Moulton Allotments C.I.C. only uses data that is readily available from the public domain. Constructing our up-to-date mailing list has been a simple task due to our strong connections within the parish and the allotment holders in particular. As an exercise, a search was performed to see if the address of the counsellors could be located from the public domain. A quick Google search revealed the following result: https://www.daventrydc.gov.uk/EasySiteWeb/GatewayLink.aspx?alId=35706.
In addition, personal email addresses and telephone numbers are easily discovered. Common sources of personal details include:
- land registry (http://houseprices.landregistry.gov.uk/)
- Google search results
- electoral roll (http://www.192.com/)
- face-to-face conversations
- personal contacts
(1) A secure channel is a communications term that describes the movement of data in a way that cannot be easily intercepted. Commonly this is referred to as HTTPS when using browsers or SSL more generally. Conversely, an insecure channel is one where data can easily be intercepted.