Central Church of Ireland has issued the following advice to protect again breaches of data.
Data breaches are more likely to occur in crises, in which we need to quickly respond to a situation or change how we work. There may be more requirements to share personal data (e.g. for continuing to provide pastoral care and support) and more of our activities may need to be brought online, often by using social media more frequently.
The data protection page in Parish Resources provides a range of guidance to help parishes with this responsibility, especially in our current challenging times: www.ireland.anglican.org/gdpr
Please ensure you have permission (consent) to use personal data before, for example, sharing a phone number, uploading a personal photo, or holding a virtual kids’ club.
Parishes need to consider data protection implications when planning for, installing or using any new technology, including recording equipment. This can be done by completing a seven–step Data Protection Impact Assessment (ideally before installation but this can be done retrospectively if the system is already in place). It’s important to undertake a DPIA prior to recording any services. As part of this, you will need to outline how long these recordings will be kept, how will they be stored, and how will the data be protected from unauthorised access.
Remember: data protection is there to protect individual people and their data. If there are no people attending a service, data protection is not an issue. If there is only a small number of people (e.g. clergy and a church warden), once consent is sought (and recorded) no further action is required at this time.
Once church buildings begin to reopen, considerations about privacy will be ever more important. Please consult the resources at www.ireland.anglican.org/gdpr for help with seeking consent from people taking part in services (e.g. the choir, those reading lessons, and children or adults at risk), and responding to requests from individuals for personal data which the parish may hold.
Data protection principles need to be followed at all times, especially during a crisis. If you need any guidance or support, please contact the Church of Ireland’s Data Protection Officer, Rebekah Fozzard, at: firstname.lastname@example.org.