Data Protection Guidelines: Difference between revisions

From Freegle Wiki
Jump to navigationJump to search
Line 3: Line 3:
== Guidelines for Volunteer Moderators ==
== Guidelines for Volunteer Moderators ==


This guidance is aligned to the freegle Data Protection Policy sections [[Data Protection Policy]]  
This guidance is aligned to the freegle [[Data Protection Policy]] sections 


Definition of Personal Data - This is anything that can identify a living person. In your role as a moderator it will typically be things like their email address, location and possibly other things they write in emails.
Definition of Personal Data - This is anything that can identify a living person. In your role as a moderator it will typically be things like their email address, location and possibly other things they write in emails.


Obtaining Consent - We don't expect you to ask for consent to use emails people send you. However, if information is sent to you clearly only about Freegle, as good practice you should not use this information outside of the Freegle context.
Obtaining Consent - you are not expected to ask for consent to use emails people send you. However, if information is sent to you clearly only about Freegle, as good practice you should not use this information outside of the Freegle context for which is was sent.


Allowing Access to Data -  
Allowing Access to Data - All personal information you retain for your role in Freegle could be in scope of a Subject Access Request. This is where anyone can ask for a copy of all the information about them that Freegle (including its moderators) hold. These requests would come through the Data Protection Officer to ensure that they were reasonable and to give you search criteria to use to find it. For instance we may ask you to send us all information you have pertaining to fred.bloggs@hotmail.com. This would include any correspondence about them, even if it wasn't address to them.
Deleting Data - Right to be forgotten
Minimising Data retained - Review and retention rules
Storing data securely


Keeping Personal Data - If you keep data on any system, be it you PC, Yahoo group files, Google Docs or written in a note book  you must take responsibility to do the following
Deleting Data - Right to be forgotten - If anyone asks Freegle to delete their data we have by law to ensure we do this. Typically this will be by deleting their user from a group. Due to the service we offer we will only do this in line with our published policy, so we may have their posts on the group visible for some time until they expire due to our data retention policy. However, if we do get a request under this law asking for all data to be deleted we will ask that moderators try to delete information in line with search criteria the Data Protection Officer will send to them. i.e. please can you delete all information you have on fred.bloggs@hotmail.com
 
1. Keep only what is necessary to effectively run the group. Although it may be tempting to keep everything that has ever been emailed to you about Freegle this means you may have out of date information
2. Everything you have kept about anyone who was or is a member will be in scope of a subject access request


Minimising Data Retained - However tempting it is to keep everything you've ever had about Freegle we recommend that you only retain information that is essential for you fulfilling the role you have.
Practically we would advise you to maintain a separate folder for Freegle emails and periodically reviewing what you have in that folder. Our guidance would be to delete email that is over XX years old. You may wish to keep information you are sure will be needed longer term in a separate folder so it doesn't get lost in any general periodic deletions.


Storing data securely - You should keep the access to all personal data you hold to only those with a legitimate need to see it. So if you have emails in a mailbox or file store (e.g. Google Docs), ensure that access is password protected. Where the mailbox or file store is a group one, ensure that only those that should be able to see it can have access by periodically checking who has rights and changing passwords when moderators leave the group.


== Guidelines for Functional Groups (i.e. freegle Growth, Freegle Media etc ) ==
== Guidelines for Functional Groups (i.e. freegle Growth, Freegle Media etc ) ==

Revision as of 19:13, 22 October 2017

This Page will contain Guidelines for the implementation of Data Protection Policies

Guidelines for Volunteer Moderators

This guidance is aligned to the freegle Data Protection Policy sections

Definition of Personal Data - This is anything that can identify a living person. In your role as a moderator it will typically be things like their email address, location and possibly other things they write in emails.

Obtaining Consent - you are not expected to ask for consent to use emails people send you. However, if information is sent to you clearly only about Freegle, as good practice you should not use this information outside of the Freegle context for which is was sent.

Allowing Access to Data - All personal information you retain for your role in Freegle could be in scope of a Subject Access Request. This is where anyone can ask for a copy of all the information about them that Freegle (including its moderators) hold. These requests would come through the Data Protection Officer to ensure that they were reasonable and to give you search criteria to use to find it. For instance we may ask you to send us all information you have pertaining to fred.bloggs@hotmail.com. This would include any correspondence about them, even if it wasn't address to them.

Deleting Data - Right to be forgotten - If anyone asks Freegle to delete their data we have by law to ensure we do this. Typically this will be by deleting their user from a group. Due to the service we offer we will only do this in line with our published policy, so we may have their posts on the group visible for some time until they expire due to our data retention policy. However, if we do get a request under this law asking for all data to be deleted we will ask that moderators try to delete information in line with search criteria the Data Protection Officer will send to them. i.e. please can you delete all information you have on fred.bloggs@hotmail.com

Minimising Data Retained - However tempting it is to keep everything you've ever had about Freegle we recommend that you only retain information that is essential for you fulfilling the role you have. Practically we would advise you to maintain a separate folder for Freegle emails and periodically reviewing what you have in that folder. Our guidance would be to delete email that is over XX years old. You may wish to keep information you are sure will be needed longer term in a separate folder so it doesn't get lost in any general periodic deletions.

Storing data securely - You should keep the access to all personal data you hold to only those with a legitimate need to see it. So if you have emails in a mailbox or file store (e.g. Google Docs), ensure that access is password protected. Where the mailbox or file store is a group one, ensure that only those that should be able to see it can have access by periodically checking who has rights and changing passwords when moderators leave the group.

Guidelines for Functional Groups (i.e. freegle Growth, Freegle Media etc )

Its assumed that

Guidelines for the Data Protection Officer

"How To" Section for Users

Useful Links