The Scottish Council for Voluntary Organisations is the membership organisation for Scotland's charities, voluntary organisations and social enterprises. Charity registered in Scotland SC003558. Registered office Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh EH3 6BB.
You have to make sure that information shared as part of your digital service is as safe and secure as it can be. A good basic principle is to store as little data as possible, for as short a time as possible.
You should take time to understand the terms and conditions, and privacy settings, for any tool before you start to use it. This lets you do a risk assessment and agree, as an organisation, how you will manage any risks you identify.
It will not be possible to remove all risks, but you can make an informed choice that balances the benefits to the user, with any potential harms.
One advantage of using popular tools is that known security issues and help to use the tool safely are likely to be well publicised. For example at the start of the coronavirus crisis there was a big focus on Zoom which led to helpful overviews of the security features and risks
Things to look out for include
*GDPR is the General Data Protection Regulation, which is a regulation in EU law on data protection and privacy. You can learn more about it at https://www.futurelearn.com/courses/gdpr
Once you complete this process you should write down how you plan to use the tool, and what risks your organisation is prepared to accept. This can then be used to communicate with users and get their informed consent.
For more information about how to assess risk see the Catalysts step-by-step digital safeguarding guide DigiSafe in the resources below.
You should gather consent before providing digital support, in the same way as you would for face-to-face support. Users will also have to accept the terms and conditions of the tool or tools that you are using.
You should take the time to be sure that your users understand the way that their information will be used, and what your organisation will record and store.
This standard wording for gathering consent can be adapted for your service
When working with children and young people and other vulnerable groups, there are extra issues to think about.
You should consider whether accessing your service could expose your users to harmful content, cyber bullying or grooming.
The youthwork and learning disability sectors have produced a wealth of guidance that can help you work through any risks, and develop policies and procedures to mitigate these.
Key approaches include:
See the resources section for examples of how other organisations have created safe approaches to reduce the risks of online harms.
The biggest asset you have is the people that are delivering your service. But they are also a source of risk.
It is vital that you make sure the people delivering your service feel confident with the technology and have appropriate supervision and support.
You should follow good remote working practices so that they are working in a safe and secure environment. This might mean you need to help them develop their own digital skills and confidence. You should regularly update your own learning and remind your staff and volunteers about online safety and not just treat it as a one-off training session.
How to keep people safe and manage privacy when moving services online
by John Fitzgerald, SCVO
hosted by Ross McCulloch (Third Sector Lab) and Maddie Stark (SCVO)
with guests Jess McBeath (Jess Digital), Irene Warner-McIntosh (Mhor collective), Alison Stone (SCVO)
Example online safety policy statement and an example online safety agreement, which can be tailored according to the context of your organisation
Safeguarding checklist for online youthwork from Youthlink Scotland
A step-by-step digital safeguarding guide for charities designing online services
