Upload
teresa-thompson
View
217
Download
0
Tags:
Embed Size (px)
Citation preview
Managing Data and Parish Records
Parish Officer Training : 18th October 2014
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Why do it?
The legal stuff…
Since 1978 with the passing of the Parochial Registers and Records Measure, the long-term care of parish registers and other important parochial archives has been covered by law.
The 1978 Measure was brought up to date by the Church of England (Miscellaneous Provisions) Measure 1992, which came into force on 1st January 1993.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Why do it?
In addition to the legal stuff, many areas of parish activity are subject to external regulation; for example:
Child protection, Finance and the preservation and maintenance of our historic buildings.
Good records management practice is part of the Church’s wider accountability to Society.
Records can also act as a testimony of the Churches various activities as part of its continuing witness to Christians, those of other faiths and Society at large.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Churchwardens are required to compile and maintain a terrier and inventory and a logbook?
They must also be presented by the churchwardens to the PCC at the beginning of each year, together with a signed statement.
Former Terriers, Inventories and Logbooks are permanent records (deposits).
The Terrier and inventory and the logbook is inspected as part of the Triennial Inspection.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How?Identify and Classify..
What you’ve got and what it’s about.
Prioritise..How important it is?
Secure it and store it..Establish how you can look after it and how long you need it for.
Preserve and Archive…Think about protecting it for future reference.
Retrieval and Tracking…Establish systems to record what’s where.
Destroy it…Establish a process for safe disposal, if applicable.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Records fall into two categories:
Electronic records and Paper records.
Both types are subject to the same rules of management, particularly in regard to retention and destruction.
How?
Managing Data and Parish RecordsParish Officer Training :18th October 2014
• Tackle the preservation of electronic records with permanent historical value. ‘Capture’ these to paper, where there is not a supported electronic archive or document management system;
• Back up your system regularly and store these off-site or, at the least, in a different room in the same building;
• Ensure systems have virus checking software;
• Ensure compatibility of existing data when buying new computers etc;
• Take a ‘snapshot’ of your web site periodically and ‘capture’ to paper any master documents made available via it.
How? – Electronic Records
Managing Data and Parish RecordsParish Officer Training :18th October 2014
• Give thought to the length of time the record will need to be retained for;
• Avoid using brown paper, envelopes or newspaper for wrapping up records;
• Ensure they are stored safely and appropriately: Registers and other vital documents should be stored in a safe;
• Safeguard them from fire, flood, theft or unauthorised access.
- Check all electrical circuits have been tested during the last two years;
- Keep a carbon dioxide fire extinguisher nearby;
How? – Paper Records
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Church Services;
Church Buildings and Property;
General Parish Administration;
Parish Finance;
Pastoral Care, Safeguarding and Health and Safety;
Legal Documents;
Other Parish Records;
Parish Organisations and
Publications.
How? – Record Subject Categories
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How? – Retention Periods
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How? – Retention Periods
http://www.bristol.anglican.org/i/wp-content/uploads/2012/10/Information-Sharing-and-Storage.pdf
Managing Data and Parish RecordsParish Officer Training :18th October 2014
So, What is Data Protection
Personal data is…Any information about a living individual which is capable of identifying that individual.
NameOn it’s own, not personal data
Address or other data..
+=
Data Protection is about avoiding harm to individualsby misusing or failing to look after their personal data or information.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Sensitive personal data is…Any information relating to an individual's:
It is all governed by the Data Protection Act 1998
Racial or ethnic origin
Political opinions
Religious beliefs
Trade union membership
Physical or mental health condition
Sexual life
Criminal record
Any data you hold about me is
Sensitive Personal Data
Quiz Question 4 - Answer
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Who’s responsible?
The person you hold data about is the DATA SUBJECT;
The CONTROLLER decides how the Data Subject’s data will be processed: what happens to it and how it’s used;
DATA PROCESSORS have access to the data but can only use it for very specific purposes.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Who’s responsible?
In a Parish…
The Vicar is a DATA CONTROLLER
So are the PCC, because each is a separate legal entity that processes personal data.
Generally
Exempt
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Who’s responsible?
Incumbents (or priests-in-charge) will need to notify if records of pastoral care discussions are in an organised filing system, assuming such records concern beliefs, relationships and opinions, as opposed to simply factual information such as dates of birth or baptism.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Who’s responsible? If you are…
Gathering
Ordering
Sorting
Securing
Destroying
YOU are DATA PROCESSING
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How many principles are there?
The Data Protection Act 1998
8
Schedule 1 of the DPA outlines these.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
Principle 1
Personal data shall be obtained and processed fairly and lawfully.
Schedule 2 of the DPA sets out a number of conditions that can fulfil this principle.
Only one of these conditions needs to be met for any processing operation to proceed lawfully
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
One condition is obtaining consent from data subjects for the processing of their data – this is probably the easiest way to ensure you are compliant. There are others but this is, by far, the simplest.
There are additional conditions for processing sensitive personal data.
Principle 1
Personal data shall be obtained and processed fairly and lawfully.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
Principle 1
Personal data shall be obtained and processed fairly and lawfully.
Sensitive Personal Data conditions are narrower
Schedule 3 of the DPA sets out the additional conditions for processing sensitive personal data.
In addition to satisfying one of the conditions under Schedule 2, the data controller must also satisfy one of the conditions under Schedule 3.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
Sensitive Personal Data conditions:
• Data subjects giving their explicit consent;• Data processing carried out by a body which
exists for religious purposes, and which is not established or conducted for profit;
• Data processing necessary for equal opportunities monitoring.
Principle 1
Personal data shall be obtained and processed fairly and lawfully.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
This means that an organisation can’t collect data for one thing and then use it for another without
Permission.
Principle 2
Personal data shall be obtained only for specified and lawful purposes and shall not be used for any other purpose.
STOP
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
What and why – don’t collect unnecessary data e.g. if driving is not part of the job then collecting information about a driving licence is not relevant!
Keeping records for historical and research purposes is a legitimate reason for holding data. - keeping information in case it might be useful is NOT!
Principle 3
Personal data should be adequate, relevant and not be more than is necessary to complete the task for which it was collected for.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
Ensure that you have systems in place to obtain new data and relevant updates e.g. contact details - the Diocese uses a data consent form to do this;
Ensure electronic and paper filing systems are maintained.
Principle 4
Personal data shall be accurate and, where necessary, kept up-to-date.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
Retention schedules are a good way of demonstrating good record keeping and therefore compliance.
Principle 5
Personal data should not be kept for longer than is necessary for completion of the task it was collected for.
Remember, if people leave you may want to keep some information for your records but will need to ‘delete’ or dispose of anything that’s no longer needed.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
Data Subjects have rights – including the right for individuals to find out what personal data is held about them on computer and in paper records in a “relevant filing system”.
Such a request for information is known as a Subject Access Request – different from Freedom of Information (FOI) requests.
Principle 6
Personal data shall be processed in accordance with the rights of data subjects under the Data Protection legislation.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
Principle 7
Personal data should be kept securely and safely with appropriate technical and organisational measures being taken against unauthorised or illegal processing, accidental loss or destruction of personal data.
Managing Data and Parish RecordsParish Officer Training :18th October 2014
Keeping data secure also means managing the disposal of machines that may store data.
Copiers and or ScannersPersonal Computers/LaptopsBackup DrivesPrintersFax
How should you process data?
Managing Data and Parish RecordsParish Officer Training :18th October 2014
How should you process data?
Principle 8
Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country ensures an adequate level of protection of the rights of data subjects.
Three examples:
“Cloud” based services;
Details on websites;
Online Surveys
Managing Data and Parish RecordsParish Officer Training :18th October 2014
The implication of these principles?Organisations should have procedures in place to cover the review of personal information held on files and databases.
This means organisations must assess:
How long they need to keep information for;
The purpose for which they are holding it; and
When it will be destroyed.
Sounds suspiciously like Data Management to me!
Where to get more information?Record Management toolkit: What is records management; Organising your recordsLooking after your paper recordsLooking after your electronic recordsLooking after your emailsLooking after your multimedia recordsAgreements with record officesAddress to recordsData ProtectionCopying and CopyrightGlossary
Download from:https://www.churchofengland.org/about-us/structure/churchcommissioners/church-administration/librariesandarchives/recordsmanagementguides.aspx
Lynette CoxT: 0117 906 0100;E: [email protected]
Information Commissioner’s Office
www.ico.org.uk