Information Management

Article modified: October 2015, Author:

Knowledge management, along with open data/data sharing, is on a separate page.

Data Protection

The main thrust of Data Protection is protecting against abuse of data held on individuals. If you hold info purely with reference to their position in an organisation it doesn’t count as personal data, and there are specific exemptions around membership of voluntary organisations, keeping accounts and marketing own goods and services. Bu if you record anything more than name and address and the minimum data needed to carry out the basic business activity of, for exmaple sending a book order, or use this info to do a follow up mailing for instance, then it comes within the legislation. The rules have to be followed, whether your organisation has registered (now known as Notification) with the Information Commissioner’s Office or not.

From March 2000, the 1998 Data Protection Act extended the provisions of the original legislation, to include manual filing systems where personal information is readily accessible, and gives ‘data subjects’ the right to withdraw consent on various things, including direct marketing. There were transitional arrangement which ended October 2001, for personal data from before 24th October 1998.

Data collection has to be fair. This now means that the individual must know who is doing the collecting, and the purposes for which the data are intended to be used. Data shouldn’t be kept for longer than necessary, must be kept secure, and should be adequate, relevant and accurate (which includes up-to-date where appropriate). There are extra restrictions around export of data outside the EC (+ Iceland, Norway, Lichtenstein) and sensitive data, which would include political opinions for instance. Your organisation should have someone who has clear responsibility for ensuring Data Protection issues are acted upon.

Registration currently costs £35, annually renewable, and you can register for as many purposes, data types and sources as you need for that amount. The Information Commission is also responsible for the Freedom of Information law – see their web site for data implications and more details on Data Protection, or phone 01625 545700. Or check out the training available from Directory of Social Change in particular, who also publish Data Protection for voluntary organisations handbook (second edition).

Staff handbooks/office manuals/systems and procedures

It is good practice, and often very revealing, to produce an ‘internal systems manual’. Where there is a specialist finance worker (or volunteer), finance procedures are usually written up separately, but otherwise they could be incorporated in the overall one. We have some samples of various such documents, and also put together a Checklist of Policies and Procedures which would typically be included in an office manual. You shouldn’t just reproduce these – all organisations are different, and you will have arranged responsibilities or split activities differently. But not starting with a blank sheet is a great help.

On VolResource: sample financial procedures. Also some personnel management forms – see Checklist or People Management page for references.

Another item of great value is an organisational chart. This is often just of the staffing structure, but in a voluntary organisation a picture of the committee structure is often essential to understand how decisions are made and where responsibility lies. In a complex or large body, these may need to be separate charts, but cross-references should be made. See DSC Information Management book below for a helpful information flow charting approach.