You have to make sure that information shared as part of your digital service is as safe and secure as it can be. A good basic principle is to store as little data as possible, for as short a time as possible.
Top three tips
- Understand what third party tools will do with your data and your users data
- Get informed written consent from your users
- Support your staff and volunteers to understand online safety and privacy
Understand your tool
You should take time to understand the terms and conditions, and privacy settings, for any tool before you start to use it. This lets you do a risk assessment and agree, as an organisation, how you will manage any risks you identify.
It will not be possible to remove all risks, but you can make an informed choice that balances the benefits to the user, with any potential harms.
One advantage of using popular tools is that known security issues and help to use the tool safely are likely to be well publicised. For example at the start of the coronavirus crisis there was a big focus on Zoom which led to helpful overviews of the security features and risks
Things to look out for include
- Age limits – for example WhatsApp is over 16+
- Where the data is stored and processed – GDPR* generally requires this to be within the EEA (European Economic Area)
- If data is encrypted to make it harder to hack
- Options for users to be anonymous
- How staff will access
- How staff will record their interactions
- Any analytics available to help improve your service
- How to report offensive or abusive content
*GDPR is the General Data Protection Regulation, which is a regulation in EU law on data protection and privacy. You can learn more about it at https://www.futurelearn.com/courses/gdpr
Once you complete this process you should write down how you plan to use the tool, and what risks your organisation is prepared to accept. This can then be used to communicate with users and get their informed consent.
For more information about how to assess risk see the Catalysts step-by-step digital safeguarding guide DigiSafe in the resources below.
You should gather consent before providing digital support, in the same way as you would for face-to-face support. Users will also have to accept the terms and conditions of the tool or tools that you are using.
You should take the time to be sure that your users understand the way that their information will be used, and what your organisation will record and store.
This standard wording for gathering consent can be adapted for your service
Safeguarding vulnerable groups
When working with children and young people and other vulnerable groups, there are extra issues to think about.
You should consider whether accessing your service could expose your users to harmful content, cyber bullying or grooming.
The youthwork and learning disability sectors have produced a wealth of guidance that can help you work through any risks, and develop policies and procedures to mitigate these.
Key approaches include:
- Requiring users to agree to online safety ‘groundrules’
- Including online harms in your safeguarding policies
- Having clear procedures to deal with concerns and complaints
See the resources section for examples of how other organisations have created safe approaches to reduce the risks of online harms.
Supporting your staff and volunteers
The biggest asset you have is the people that are delivering your service. But they are also a source of risk.
It is vital that you make sure the people delivering your service feel confident with the technology and have appropriate supervision and support.
You should follow good remote working practices so that they are working in a safe and secure environment. This might mean you need to help them develop their own digital skills and confidence. You should regularly update your own learning and remind your staff and volunteers about online safety and not just treat it as a one-off training session.
A step-by-step digital safeguarding guide for charities designing online services
Example online safety policy statement and an example online safety agreement, which can be tailored according to the context of your organisation
Safeguarding checklist for online youthwork from Youthlink Scotland
How to keep people safe and manage privacy when moving services online
by John Fitzgerald, SCVO
DigiListen podcast – Managing risk and misinformation
hosted by Ross McCulloch (Third Sector Lab) and Maddie Stark (SCVO)
with guests Jess McBeath (Jess Digital), Irene Warner-McIntosh (Mhor collective), Alison Stone (SCVO)
“Don’t overthink it … you wouldn’t record a 1-to-1 session in your office, you’d just document it. So you probably don’t need to record it online”Jane Griffin, LGBT Youth Scotland