Using the Neighbourhood Watch Register
The simplest and most secure way of managing your scheme membership is to use the Neighbourhood Watch Register.
Once you have applied to start a scheme and it has been approved, invite your neighbours to join using the email facility in the member area. This will automatically blind copy recipients and create an audit trail. Your members can then register themselves to join your scheme. They can also give consent to Neighbourhood Watch being able to view their contact details, option to receive information from other organisations, and keep their own information up to date. Coordinators can view contact details of their own members. Coordinators are responsible for protecting the privacy of their members by:
- not sharing or giving anyone else access to your members’ information – including police officers
- keeping your device password protected and locking it when not in use
- not printing out members’ details
- blind copying members in on messages to your scheme members so contact details are not shared with others.
Keeping your own records
If you choose not the use the Neighbourhood Watch Register to manage your membership and prefer to keep your own records - in hard copy, on a spreadsheet or other document on your computer - you have extra responsibilities.You need to:
- ensure that people whose information you hold know that you have got it and consent to it being used for Neighbourhood Watch purposes, either verbally or in writing.
- keep your members’ contact details up to date and ensure that their information is removed from your records if they ask you to do so, move away or otherwise cease to be a member of your scheme.
- limit the information you hold about a person to a minimum – name and relevant contact details should suffice.
- supply information when asked. If one of your members asks for information that you hold about them, then this must be supplied to them within one month of them requesting it, either in an email or hard copy.
When should you report a data breach to the Information Commissioners’ Office (ICO)?
Should the personal details of one or more of your members be destroyed, lost, altered, disclosed or accessed without authority by yourself or any other person, this is called a data breach. You first need to consider the likelihood and severity of the risk to people’s rights and freedoms as a result of the breach.
If it’s unlikely that there will be a risk, e.g. you forget to bcc when sending a message to scheme members or you inadvertently destroy, lose or alter the personal details of one or more of your members, it is courtesy to let the person(s) concerned know what has happened and apologise and /or correct their data.
You do not need to report every breach to the ICO.
If it’s likely there will be a risk, e.g. of fraud, harassment, etc, you must alert the person(s) concerned so they can take steps to protect themselves, and you must also report the breach to the ICO. These examples from the ICO may help you decide on the level of risk and what needs reporting.
You also need to let the Central Support Team know about any data breach, whether it is reported to the ICO or not, at enquiries@ourwatch.org.uk. They will give you any advice you need and record the breach on your behalf.