Seminar Report

Seminar: A Practical Approach to Data Protection in Associations
Wednesday 16 April 2008 1 Queen Anne's Gate, Westminster, London SW1
Data protection is designed to protect human rights and privacy. Burt how do we protect our associations and offer stakeholders the reassurances they need – at the same time using our data in the best way possible? How can we comply with a complex series of data protection requirements and ever-changing regulations? Stewart Room, President of NADPO (National Association of Data Protection Officers) offered inside analysis from the point of the barrister, solicitor and expert practitioner. Data protection laws have been around since 1945, but data privacy has become a major public concern since the Data Protection Act came onto the scene in 2000. Directives now cover a broad range of information types such as electronic data. More agencies (such as the Office of Communications (OfCom), the Financial Services Authority (FSA) and the Health and Safety Executive) have more powers to regulate, and companies and individuals are more litigious than ever before. We need to be aware of our rights and responsibilities. “Many of us may not have the basics in place,” say Rosemary Smith, MD, RSA Ltd and Chair of the Board of Directors of the Data Management Association, and Director of OPT-4, and Christine Andrews, Business Development Director of DQM Group Ltd . “Stakeholders are becoming more aware of the law and association managers need to have an excellent understanding of the issues in order to protect not only their data, but also their reputation.”		View presentations made at this event: Data protection and the role of the Information Commissioner Key things you need to know in data protection Managing member privacy collecting and securing your data assets A practical approach to data protection in associations Note: These presentations are not refereed publications and IofAM assumes no liability for the information contained within. The opinions expressed are those of the presenting authors and do not necessarily reflect those of IofAM or its representatives.
Basic techniques such as establishing robust policies, training all new staff, developing a working process to ensure safe employee access to data, remaining transparent, ensuring the protection of electronic data and removing staff access when needed are good practice and likely to meet minimum legal requirements. But what exactly is personal data? “There is no one definition,” comments Stephen McCartney, Head of Private Sector Data Protection Promotion at the Information Commissioner's Office - the UK's independent authority set up to promote access to official information and to protect personal information. “To some extent, what constitutes personal data depends on who is holding the data. Most of us are data controllers – we make decisions regarding data, and this means we have responsibilities and an obligation to process lawfully and transparently.” He suggests that we mitigate risks by only collecting what is necessary, keeping it accurate, updated, secure, and as long as necessary – and to be exceptionally careful to safeguard sensitive and exported data. The idea is to bridge the fine line between allowing the access we need to do business and protecting access when it is likely to be invasive or misused. It’s a constantly moving target that requires us all to stay informed. As managers we need to be aware and vigilant – taking full advantage of the resources offered by the expert public and private agencies offering guidance on a complex topic.