Security of Personal Data

The church Privacy Policy gives a good overview of the commitments on privacy which we are making  – this document is intended for any staff or volunteers who may need to gather, store or use personal data.

What is personal data
Personal data is any information relating to an individual – whether hard copy or digital

Basic precautions

Most issues arise because the vast majority of users don’t take basic steps to protect their data

Physical security
Ensure sensitive hard copy data is securely stored when not in use – ensure that you know who has keys for filing cabinets, doors etc.
Ensure that PC’s and phones which allow access to personal data are not exposed to misuse by others – be careful when allowing others to use your phone/pc as this may result in data being compromised.

Lock screen
You can set an auto screen lock on windows and on most phones so that if you are not using them a login is required.

2 Factor authentication
Most mainstream applications like email etc now allow for an additional layer of security beyond a password – e.g. a  code sent to a mobile or generated by an authentication app. I’d recommend that this is enabled as it makes it much more difficult for anyone to gain unauthorised access to systems protected in this way – however there are a number of ‘mobile phishing’ scams which allow criminals to clone a  mobile number so  a code generation app such as google authenticator is probably more secure.

Anti virus
Viruses may compromise data or allow unauthorised access to data on PC’s or phones – WIndows has a decent built-in system but ACF also has a subscription to ‘Eset’ which is a more comprehensive tool. For mobiles apps such as ‘Lookout’ provide a good level of protection.

Strong passwords
Consider using phrases – a group of words which means something to you but would be almost impossible to guess – e.g. the first three cars you owned , alternatively get a password manager such as ‘Lastpass’ which can generate and store all your passwords in a secure app.

We’re pretty good at getting consent for gathering personal data but it’s worth keeping this at the front of our minds – especially given the number of different types of data which we’re now dealing with – consent forms etc. are a good foundation but we may for example have to include some signage relating to video capture of services if we ever start using live streaming.

Disposal of equipment
Dispose of old equipment properly – anything which stores data should be securely wiped
See the tech team for any help with this or any of the above.