• Coronavirus Info Hub
  • Funding Scotland
  • Goodmoves
  • TFN
  • SCVO Membership
  • Sign up
  • Sign in
Account sign in
Forgot your password? Reset password
Don't have an account? Sign up
Account sign up
Account password reset

Complete the form below to receive a link to change your password

Scottish Council for Voluntary Organisations
Join our community
About Support & learning Services Funding Jobs & employability Policy & research
Scottish Council for Voluntary Organisations
Scottish Council for Voluntary Organisations
  • Home
  • About
  • Support & learning
  • Services
  • Funding
  • Jobs & employability
  • Policy & research
Our sites
  • Coronavirus Info Hub
  • Funding Scotland
  • Goodmoves
  • TFN
  • SCVO Membership
  • Home
  • Support & learning
  • Digital
  • How to guides
  • Digital services
  • Safety and security

Safety and security

You have to make sure that information shared as part of your digital service is as safe and secure as it can be. A good basic principle is to store as little data as possible, for as short a time as possible.

Top three tips

  • Understand what third party tools will do with your data and your users data
  • Get informed written consent from your users
  • Support your staff and volunteers to understand online safety and privacy

Understand your tool

You should take time to understand the terms and conditions, and privacy settings, for any tool before you start to use it. This lets you do a risk assessment and agree, as an organisation, how you will manage any risks you identify.

It will not be possible to remove all risks, but you can make an informed choice that balances the benefits to the user, with any potential harms.

One advantage of using popular tools is that known security issues and help to use the tool safely are likely to be well publicised. For example at the start of the coronavirus crisis there was a big focus on Zoom which led to helpful overviews of the security features and risks

Things to look out for include

  • Age limits – for example WhatsApp is over 16+
  • Where the data is stored and processed – GDPR* generally requires this to be within the EEA (European Economic Area)
  • If data is encrypted to make it harder to hack
  • Options for users to be anonymous
  • How staff will access
  • How staff will record their interactions
  • Any analytics available to help improve your service
  • How to report offensive or abusive content

*GDPR is the General Data Protection Regulation, which is a regulation in EU law on data protection and privacy. You can learn more about it at https://www.futurelearn.com/courses/gdpr

Once you complete this process you should write down how you plan to use the tool, and what risks your organisation is prepared to accept. This can then be used to communicate with users and get their informed consent.

For more information about how to assess risk see the Catalysts step-by-step digital safeguarding guide DigiSafe in the resources below.

Informed consent

You should gather consent before providing digital support, in the same way as you would for face-to-face support. Users will also have to accept the terms and conditions of the tool or tools that you are using.

You should take the time to be sure that your users understand the way that their information will be used, and what your organisation will record and store.

This standard wording for gathering consent can be adapted for your service

Safeguarding vulnerable groups

When working with children and young people and other vulnerable groups, there are extra issues to think about.

You should consider whether accessing your service could expose your users to harmful content, cyber bullying or grooming.

The youthwork and learning disability sectors have produced a wealth of guidance that can help you work through any risks, and develop policies and procedures to mitigate these.

Key approaches include:

  • Requiring users to agree to online safety ‘groundrules’
  • Including online harms in your safeguarding policies
  • Having clear procedures to deal with concerns and complaints

See the resources section for examples of how other organisations have created safe approaches to reduce the risks of online harms.

Supporting your staff and volunteers

The biggest asset you have is the people that are delivering your service. But they are also a source of risk.

It is vital that you make sure the people delivering your service feel confident with the technology and have appropriate supervision and support.

You should follow good remote working practices so that they are working in a safe and secure environment. This might mean you need to help them develop their own digital skills and confidence. You should regularly update your own learning and remind your staff and volunteers about online safety and not just treat it as a one-off training session.

Resources

 

DigiSafe

A step-by-step digital safeguarding guide for charities designing online services

 

NSPCC Sample policy

Example online safety policy statement and an example online safety agreement, which can be tailored according to the context of your organisation

 

Safeguarding checklist

Safeguarding checklist for online youthwork from Youthlink Scotland

 

Blog post – New world, same rules

How to keep people safe and manage privacy when moving services online
by John Fitzgerald, SCVO

 

DigiListen podcast – Managing risk and misinformation

hosted by Ross McCulloch (Third Sector Lab) and Maddie Stark (SCVO)
with guests Jess McBeath (Jess Digital), Irene Warner-McIntosh (Mhor collective), Alison Stone (SCVO)

“Don’t overthink it … you wouldn’t record a 1-to-1 session in your office, you’d just document it. So you probably don’t need to record it online”

Jane Griffin, LGBT Youth Scotland
Page last modified on 28th October 2020
  • Support & learning
  • Digital
  • How to guides
  • Digital services
  • Your users
  • Tools & functionality
  • Safety & security
  • Evaluating success
Sign up for our Digital bulletin

Once a month we send out a short email bulletin rounding up the latest news on digital participation, evolution and innovation in Scotland and beyond. Sign up here:

Sign up for our e:bulletin
Follow us on Twitter
Email us

Our digital work is delivered in partnership with:

The Scottish Government
Digital Scotland
Join our community

Contact

How to get in touch while our staff are working from home

Social

  • Twitter
  • LinkedIn
  • Facebook
  • Soundcloud
  • YouTube

Help

  • Accessibility
  • Transparency & open data
  • Privacy
  • Cookies
  • Terms & conditions
  • Feedback & complaints

About

The Scottish Council for Voluntary Organisations is the membership organisation for Scotland's charities, voluntary organisations and social enterprises. Find out more

© 2021. The Scottish Council for Voluntary Organisations (SCVO) is a Scottish Charitable Incorporated Organisation.
Charity registered in Scotland SC003558. Registered office Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh EH3 6BB.

Scottish Council for Voluntary Organisations