Using the Neighbourhood Watch Register
The simplest and most secure way of managing your scheme membership is to use the Neighbourhood Watch Member Area that you can log into via the OurWatch website ourwatch.org.uk/get-involved/become-member/login. Once you have applied to start a scheme and it has been approved, you can invite your neighbours to join using the email facility in the member area, which will automatically blind copy those to whom you send any message and create an audit trail. Your members can then register themselves to join your scheme, give their consent to Neighbourhood Watch being able to view their contact details, choose what information they receive from other organisations and keep their own information up to date. Coordinators can view the contact details of their own members.
The responsibilities of coordinators in these circumstances are simply to make sure you protect the privacy of their members by:
- not sharing or giving anyone else access to your members’ information – including police officers
- keeping your computer / mobile phone password protected and locking it when you are not using it
- not printing out members’ details
- making sure members are blind copied in on any messages you send to your scheme members so contact details are not shared with others.
Keeping your own records
If you choose not the use the Neighbourhood Watch Register to manage your membership and prefer to keep your own records, either in hard copy or on a spreadsheet or other document on your computer, you have extra responsibilities.
- You need to ensure that people whose information you hold know that you have got it and consent to it being used for Neighbourhood Watch purposes, either verbally or in writing.
- You need to keep your members’ contact details up to date and ensure that their information is removed from your records if they ask you to do so, move away or otherwise cease to be a member of your scheme.
- Limit the information you hold about a person to a minimum – name and relevant contact details should suffice.
- If one of your members asks for information that you hold about them, then this must be supplied to them within one month of them requesting it, either in an e-mail or hard copy.
When should you report a data breach to the Information Commissioners’ Office (ICO)?
Should the personal details of one or more of your members be destroyed, lost, altered, disclosed or accessed without authority by yourself or any other person, this is called a data breach. You first need to consider the likelihood and severity of the risk to people’s rights and freedoms as a result of the breach.
If it’s unlikely that there will be a risk, e.g. you forget to bcc when sending a message to scheme members or you inadvertently destroy, lose or alter the personal details of one or more of your members, it is courtesy to let the person(s) concerned know what has happened and apologise and /or correct their data.
You do not need to report every breach to the ICO.
If it’s likely there will be a risk, e.g. of fraud, harassment, etc, you must alert the person(s) concerned so they can take steps to protect themselves, and you must also report the breach to the ICO. These examples from the ICO may help you decide on the level of risk and what needs reporting https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach/personal-data-breach-examples/
You also need to let the Central Support Team know about any data breach, whether it is reported to the ICO or not, at firstname.lastname@example.org. They will give you any advice you need and record the breach on your behalf.