Community Embrace UK Data Protection Policy
COMMUNITY EMBRACE UK recognises the importance of a Data Protection policy in order to ensure compliance with the law, maintenance of good practice, protection of service users, and protection of the organisation itself.
COMMUNITY EMBRACE UK undertakes all measures to ensure that information regarding service users is held as securely as possible and to train those who work with such information.
The Data Controller responsible for complying with the Data Protection Act shall be the management of COMMUNITY EMBRACE UK and the responsibility for updating the data held regarding service users lies with the director.
Consent
COMMUNITY EMBRACE UK believes that requiring the consent of service users to the holding of information about them is in direct opposition to the principle of confidentiality.
COMMUNITY EMBRACE UK believes that service users must feel comfortable talking to the organisation and any pre-emptive demand for consent would undermine this relationship.
COMMUNITY EMBRACE UK therefore does not obtain, or attempt to obtain, the consent of service users.
COMMUNITY EMBRACE UK does not believe that this contravenes the 1998 Data Protection Act because the information held is non-specific; because it is never used to identify a particular person; and because the service user is responsible for giving COMMUNITY EMBRACE UK the information and therefore may be said to understand that COMMUNITY EMBRACE UK is aware of such data.
Subject Access
Due to the anonymous nature of the information held regarding service users, COMMUNITY EMBRACE UK is unable to verify the identity of any service user. It is therefore impossible to provide access to any subject.
If a complaint is made in accordance with the Service Users Grievance Policy, the service user will be asked to provide proof of identity. The service user will be required to prove to the satisfaction of the manager that they are in fact the subject in question.
Security
The 1998 Data Protection Act demands that personal information held by an organisation is kept secure through the use of appropriate technical and administrative measures.
It is particularly important for COMMUNITY EMBRACE UK to protect the data held on its service users in order to ensure confidentiality.
COMMUNITY EMBRACE UK observes the following procedures in order to protect the data it holds:
- Volunteers are obliged to sign to indicate their agreement to abide by the Confidentiality Policy. This prevents them from discussing any information regarding a service user with anyone outside COMMUNITY EMBRACE UK
- Written records concerning a service user are kept to a minimum and include only what is necessary in order to allow the Organisation to provide a useful and effective service.
- Data concerning a service user is only available to members of COMMUNITY EMBRACE UK. Personal information regarding a service user is kept in written form only and is not held on any computing facilities.
Volunteer Training and Policy Review
Members of COMMUNITY EMBRACE UK are extensively trained regarding confidentiality and the responsibility for reviewing the policy lies with the Constitution, Policies, and Support