This website uses cookies for anonymised analytics and for account authentication. See our privacy and cookies policies for more information.

Supporting Scotland's vibrant voluntary sector

Scottish Council for Voluntary Organisations

The Scottish Council for Voluntary Organisations is the membership organisation for Scotland's charities, voluntary organisations and social enterprises. Charity registered in Scotland SC003558. Registered office Mansfield Traquair Centre, 15 Mansfield Place, Edinburgh EH3 6BB.

Safety and security

You have to make sure that information shared as part of your digital service is as safe and secure as it can be. A good basic principle is to store as little data as possible, for as short a time as possible.

Top three tips

  • Understand what third party tools will do with your data and your users data
  • Get informed written consent from your users
  • Support your staff and volunteers to understand online safety and privacy

Understand your tool

You should take time to understand the terms and conditions, and privacy settings, for any tool before you start to use it. This lets you do a risk assessment and agree, as an organisation, how you will manage any risks you identify.

It will not be possible to remove all risks, but you can make an informed choice that balances the benefits to the user, with any potential harms.

One advantage of using popular tools is that known security issues and help to use the tool safely are likely to be well publicised. For example at the start of the coronavirus crisis there was a big focus on Zoom which led to helpful overviews of the security features and risks

Things to look out for include

  • Age limits - for example WhatsApp is over 16+
  • Where the data is stored and processed – GDPR* generally requires this to be within the EEA (European Economic Area)
  • If data is encrypted to make it harder to hack
  • Options for users to be anonymous
  • How staff will access
  • How staff will record their interactions
  • Any analytics available to help improve your service
  • How to report offensive or abusive content

*GDPR is the General Data Protection Regulation, which is a regulation in EU law on data protection and privacy. You can learn more about it at

Once you complete this process you should write down how you plan to use the tool, and what risks your organisation is prepared to accept. This can then be used to communicate with users and get their informed consent.

For more information about how to assess risk see the Catalysts step-by-step digital safeguarding guide DigiSafe in the resources below.

Informed consent

You should gather consent before providing digital support, in the same way as you would for face-to-face support. Users will also have to accept the terms and conditions of the tool or tools that you are using.

You should take the time to be sure that your users understand the way that their information will be used, and what your organisation will record and store.

This standard wording for gathering consent can be adapted for your service

Safeguarding vulnerable groups

When working with children and young people and other vulnerable groups, there are extra issues to think about.

You should consider whether accessing your service could expose your users to harmful content, cyber bullying or grooming.

The youthwork and learning disability sectors have produced a wealth of guidance that can help you work through any risks, and develop policies and procedures to mitigate these.

Key approaches include:

  • Requiring users to agree to online safety ‘groundrules’
  • Including online harms in your safeguarding policies
  • Having clear procedures to deal with concerns and complaints

See the resources section for examples of how other organisations have created safe approaches to reduce the risks of online harms.

Supporting your staff and volunteers

The biggest asset you have is the people that are delivering your service. But they are also a source of risk.

It is vital that you make sure the people delivering your service feel confident with the technology and have appropriate supervision and support.

You should follow good remote working practices so that they are working in a safe and secure environment. This might mean you need to help them develop their own digital skills and confidence. You should regularly update your own learning and remind your staff and volunteers about online safety and not just treat it as a one-off training session.



Blog post - New world, same rules

How to keep people safe and manage privacy when moving services online
by John Fitzgerald, SCVO


DigiListen podcast - Managing risk and misinformation

hosted by Ross McCulloch (Third Sector Lab) and Maddie Stark (SCVO)
with guests Jess McBeath (Jess Digital), Irene Warner-McIntosh (Mhor collective), Alison Stone (SCVO)



A step-by-step digital safeguarding guide for charities designing online services


NSPCC Sample policy

Example online safety policy statement and an example online safety agreement, which can be tailored according to the context of your organisation


Safeguarding checklist

Safeguarding checklist for online youthwork from Youthlink Scotland

Last modified on 26 July 2022
Was this page helpful?


    Thanks for your feedback!

    Our work to help organisations grow their digital capacity is supported by: