ART holds significant amounts of personal data about its members and those who sign up to its training schemes. We have a legal duty to protect this information and its loss or any breach of its security could have serious consequences for the operation of the Association and could lead to possible legal action against ART by the Information Commissioner’s Office (ICO).
A Data Security Breach is not just about the loss of personal data. The ICO defines it as: “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.” Examples would be:
Time is of the essence in dealing with any breach. Serious cases are required to be reported to the ICO with 72 hours of discovery. Therefore any staff member or volunteer who discovers or suspects a breach must report it to the IT Team (it@bellringing.org) and the Data Protection Adviser by email (dataprotection@bellringing.org) immediately.
The Data Protection Adviser will assess the reported breach and decide whether it is serious enough to warrant a notification being made to the ICO. The Adviser will also decide whether the breach is likely to result in a high risk of harm to the rights and freedoms of the data subjects involved in the breach. If there is such a high risk, then the data subjects must be informed of the breach. The adviser will document any decisions taken and the reasons for them in case of subsequent inquiry by the ICO.
ART lays down guidelines for the security of its data and all staff and volunteer members should take steps to abide by these. See Data Security Guidelines.
Last Modified: October 2019
If you have any questions about this policy or data protection you are invited to contact the Association at: