I think the organisation also has to managing the potential risk that
"volunteers" might present - I agree that you should train them to the
same level as staff, and apply consistent policies, but access to
sensitive information should be strictly restricted by "the need to
know". You should take appropriate precautions to protect that
information. I always like to consider these issues in terms of what
would the equivalent measures would be in my personal life, and then
apply the same principles; ie. I might leave my house keys and burglar
alarm code with my neighbour, who I know and trust, but would only give
the latch key to a tradesman doing work in my house unsupervised; and
would also make sure my valuables were in a locked bedroom, just to be
on the safe side!
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Nick Landau
Sent: 19 May 2006 10:52
To: [log in to unmask]
Subject: Re: [data-protection] Status of volunteer staff
My experience as having worked in a number of organisations as a
volunteer is that the recruitment and retention of volunteers is
considered no differently from paid staff.
The legal framework is such that they have to - and also the
organisation considers that they have a responsibility to the volunteer
in terms of training - it is recognised that the volunteer is often
considering a career in that area.
In my own experience the person recruiting volunteers in an organisation
will be professional of the organisation - maybe a social worker - and
will be fully conversant with any risk matters (no doubt, in partnership
with colleagues).
Unfortunately, in some cases, this has meant that elderly volunteers who
have been working a long while in an organisation have had to be removed
from certain duties and (without knowing the full facts) because of, for
instance, Health and Safety reasons. The organisation has a duty of care
to the volunteer as well as the client/patient etc.
If a volunteer abuses the trust that has been given to them they
obviously can be asked to leave the organisation without the legal
constraints that would apply to an employee.
I would have thought that this might depend on the particular
infringement and that a volunteer is entitled to a warning in the same
way that an employee is.
I presume that references might be taken for volunteers and in serious
cases I would suggest that referees might be written to.
Nick Landau
----- Original Message -----
From: "Ian Welton" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, May 19, 2006 10:29 AM
Subject: Re: [data-protection] Status of volunteer staff
> Tim Trent on 18 May 2006 at 16:59 said:-
>
>> I still disagree with the concept of a different penalty or
>> treatment of staff. But I think you are now past the point
>> of the problem.
>
> Because the point appears to have been missed.
>
> I observe that a course of conduct carried out by a person with many
years
> of experience with an organisation or sector can generally be looked
upon
> differently than the same course of conduct carried out by a person
new to
> the organisation and unfamiliar with many things.
>
> One very real problem allied to an inherent issue contained in this
> discussion which can illuminate some relational factors there is that
> breaches of varying degrees of seriousness will take place, so one
> reaction
> for all degrees of breach is unlikely to be fitting.
> If a person makes a mistake because of poor training or memory, should
> they
> be fired or are they less likely to make that error again and hence be
> more
> valuable to the organisation as a result? In an allied way in IT
security,
> good practice guidance states a person who reports a security breach
> should
> not be treated harshly; otherwise security breaches will go
unreported.
> (The
> opposite of that is if you wish an organisations IT security to merely
> look
> good, be seen to harshly punish all reported security weaknesses in
some
> way
> and fewer weaknesses will be reported.)
>
>>We are not, surely, the judge, jury and executioner?
>
> As you state DPO's are not, as they should give clear advice straight
down
> the line of the act and the relevant guidance leaving people to make
their
> own choices within the parameters of the guidance provided. If a
> determination to move outside that guidance is made, provided the
guidance
> has been clearly given the decision maker must accept any
consequences.
> Unfortunately any DPO and others can be inexorably caught within those
> consequences if they are aware a breach is taking place or have failed
to
> create adequate protection.
>
> In my opinion the simplest and most effective way of attempting to
meet
> all
> the requirements and deal with various influencing factors is to link
any
> policy directly into an organisations terms of employment and
disciplinary
> procedures. In that way professionals who have looked closely at all
the
> known HR issues, considering and reviewing them regularly will provide
a
> more robust and appropriate training and disciplinary background
fitting
> for
> the organisation than a variety of individual policies containing
similar
> issues which will constantly require revision to match other
> organisational
> policy changes. Getting those individuals to understand DP issues and
the
> risk to an organisation so as to take them seriously may be another
thing.
>
>
> Ian
>
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This message is for the use of the intended recipient(s) only.
If you have received this message in error, please notify the sender and delete it.The British Council accepts no liability for loss or damage caused by software viruses and you are advised to carry out a virus check on any attachments contained in this message. Our purpose is to build mutually beneficial relationships between people in the UK and other countries and to increase appreciation of the UK's creative ideas and achievements. The British Council is registered in England as a charity.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|