Making your privacy notice fit for purpose
7 December 2022
David Green
Providing privacy information is a legal requirement
We see lots of links to privacy notices on the web, but does anyone ever read them?
Yes, they can be annoying when they invade the screen. Maybe we don’t see their relevance. Or perhaps we trust the organisation that has collected our data to use it sensibly. Then again, some privacy notices are so long-winded that reading them becomes a chore. Others are too complicated, written in legal speak that only a few will understand.
Yet a privacy notice is a key document. It is meant to tell us how and why the organisation uses our personal data and how it keeps it safe. In fact, this is one of our a data protection rights, and something I am sure we'd want to help enable.
So how do we make privacy notices relevant and readable?
The UK GDPR says that privacy information must be provided at the time an organisation collects an individual’s personal data. So on a website, a pop-up notice would certainly meet that requirement. But so too would a link to the notice or a download if they were clearly highlighted at the point data was to be collected. But these methods don’t necessarily result in the privacy notice being read.
So if an organisation wants to do more than the minimum required by law; and actually encourage individuals to see how you use their data, then the following might help.
- When linking to or highlighting privacy information, use proactive wording such as Find out what we do with your personal data here.
- Use a dashboard approach, with links such as How is my data used? Who can see my details? How we protect your data, etc. (Such links can also be added to user profiles where applicable).
- Keep privacy notices as short as possible; and use a layered approach (providing key information first, and then linking to a layer of more detailed information).
- Segment information to the relevant audience where appropriate (for example, provide information on using volunteers data to that particular group only, rather than to others such as supporters and donors etc).
- Use clear and plain language. Definitely avoid legal speak, jargon and technical wording.
- Make it accessible. If your user community uses other languages, then provide your privacy information in those languages.
Of course, many organisations will collect personal data in person or through paper forms. If these apply to you then your privacy information should still be provided at the point of collection. You can do this orally, or in writing, but the above points still apply.
To help, the Information Commissioner's Office (ICO) has a template that can be used to develop a privacy notice; and they have a whole detailed section on the Right to be Informed which explains how to provide privacy information.
For your organisation providing privacy information is a legal requirement, so you need to get it right. Indeed, its importance is up there with other key policies such as health and safety or safeguarding, so it must be fit for
The importance of risk management cannot be overstated. It is an essential aspect of charity governance, helping trustees to act in the best interests of their organisation. So what is involved? Ideally, you will have a risk register. This will serve as a compass, guiding your trustees through the unpredictable waters of potential hazards. It's a comprehensive document that identifies, assesses, and prioritises risks that could impede the achievement of an organisation's objectives. These risks can range from financial uncertainties and operational setbacks to reputational damage and regulatory compliance issues. In particular, it should also suggest options for avoiding or mitigating each risk. By regularly reviewing your risk register, the trustees will be in a much better place to assess emerging threats and review the severity of existing risks. Not surprisingly, developing your register requires a thorough assessment of all anticipated risks. Common risks faced by charities include financial mismanagement, fraud, reputation damage, cybersecurity threats, regulatory compliance issues, loss of key personnel, and loss of funding. But there will likely be others specific to your circumstances. So your assessment of risk should cover internal processes, external factors, beneficiary and other stakeholder expectations to create a comprehensive risk profile. Once risks are identified, the trustees must develop and implement robust risk management strategies to mitigate potential threats. This involves establishing actions to be taken, assigning responsibilities to key personnel, and fostering a culture of risk awareness and accountability within the organisation. Then once you have your risk register, regular monitoring and evaluation of risk management practices are essential. You must be ready to adapt to new and evolving risks and ensure the effectiveness of mitigations you have put in place. In conclusion, charity risk management is a vital process that requires proactive identification, assessment, and mitigation of risks to safeguard the mission and reputation of the organisation. By implementing effective risk management strategies, charities can enhance their resilience, build trust with beneficiaries and other stakeholders, and continue making a positive impact on the communities they serve.
In today's interconnected world, every organisation, regardless of size, should be promoting equality, diversity, and inclusion (EDI). For small charities, embracing EDI principles is not just an ethical goal but also a strategic necessity to better serve their communities. So, what practical strategies can small charities adopt to enhance EDI in their service delivery? Hopefully, you are already working along these lines: Cultivate a Diverse Team : Try to improve diversity within your charity's team. Where possible seek candidates from different backgrounds, cultures, and experiences to bring varied perspectives and insights that reflects the communities you serve. Establish Inclusive Policies and Practices : Develop clear policies that uphold equality and inclusion. Include anti-discrimination measures, flexible working arrangements, and accessibility measures for full participation. Engage with the Community : Build strong connections with the communities you serve. Where practical, aim to be more user-led. Gather input from beneficiaries and other stakeholders through community forums, social media, or surveys to tailor services effectively. Provide Training and Education : Invest in training to raise awareness of EDI issues among staff and volunteers. Cover topics like unconscious bias, cultural competence, and inclusive communication. Offer Culturally Relevant Services : Customise services to reflect the community's diversity. Provide materials, where appropriate, in different languages, incorporate cultural traditions, and offer specialised support for different demographic groups. Foster Partnerships and Collaboration : Collaborate with organisations sharing EDI commitment to address inequalities collectively. Share ideas and expertise for more effective interventions and a broader reach. Monitor and Evaluate Progress : Establish ways to monitor and evaluate EDI efforts. Assess team diversity, gather user feedback, and track outcomes to refine strategies over time. Integrating EDI principles into service delivery takes commitment, but if it leads to better engagement and outcomes, it will be worth the effort. Indeed, such an approach should mean that regardless of background, your beneficiaries have access to the support and opportunities they need to thrive.
Creating content with artificial intelligence
Post-COVID many organisations introduced a hybrid mixture of home and office working. But what are the pros and cons? The pros of hybrid working: Increased flexibility: Hybrid working allows staff to have a better work-life balance by giving them the flexibility to work from home on certain days. This can be particularly beneficial for those with long commutes or personal commitments. Improved productivity: Studies have shown that home working can increase productivity due to fewer distractions and interruptions in a home environment. Hybrid working allows staff to choose the most suitable environment for their tasks, leading to increased focus and efficiency. Cost savings: Hybrid working can result in cost savings. Staff can save money on commuting expenses, and meals etc. Employers can also save on office space and related expenses. Reduced environmental impact: With fewer people commuting to the office every day, hybrid working can contribute to a reduction in carbon emissions and traffic congestion, leading to a positive environmental impact. Enhanced satisfaction and retention: Offering hybrid working options can improve staff satisfaction and morale. It shows that the organisation values work-life balance and trusts staff to manage their time effectively. This, in turn, can lead to higher employee retention rates. The cons of hybrid working: Communication challenges: Hybrid working can create communication gaps between those in the office and those working at home. It may be more difficult to collaborate, share information, and maintain team cohesion, especially if not all staff have access to the same communication tools. Potential for decreased collaboration and innovation: In-person interactions often foster collaboration, creativity, and innovation. Hybrid working may limit spontaneous brainstorming sessions, informal conversations, and face-to-face problem-solving, which can hinder the development of new ideas. Blurred work-life boundaries: While hybrid working offers flexibility, it can also blur the boundaries between work and personal life. Some individuals may find it challenging to switch off from work when they are constantly connected to their home office. Inequality and fairness concerns: Hybrid working may not be feasible or accessible for all staff. Those with limited access to technology, suitable home working environments, or caregiving responsibilities may face disadvantages, leading to potential inequality and fairness concerns. Potential for decreased employee engagement: Without regular face-to-face interactions, some may feel isolated or disconnected from their colleagues and the organisational culture. This can impact engagement, motivation, and overall job satisfaction. Reinforcing existing prejudices and discrimination: Research by the TUC found that perceived issues with work commitment led to closer monitoring of hybrid workers from black and minority ethnic communities. The same study also found that hybrid working led to some people working longer and constantly being available in order to cope with increasing workloads or to prove their worth. It is important for organisations to consider all these pros and cons when implementing hybrid working and to find ways to address the potential challenges to ensure a successful transition. A good hybrid working policy can set out how such challenges can be avoided or overcome. For charities, a big problem is a lack of investment in IT. Traditionally, the private sector has had deeper pockets when it comes to installing the infrastructure needed for home based working. If charities are to deliver successful hybrid working, then they need to ensure their staff and volunteers have the technology and Internet speeds that will enable them to work smoothly from home as well as the office. What’s more, they must ensure their staff are trusted, treated fairly and feel supported. Involving staff (or their trade union) in the design of hybrid working systems, and staying in touch can help to anticipate and deal with any problems. As such, charities should ensure that communication within their team is as seamless as possible. Indeed, once hybrid working arrangements are up and running, regular monitoring is essential for success.
