For the second part of this two part Blog series on the Privacy Act we want to help you work through some of the ways infoodle can assist in your compliance.
The best way to collect data - both from an administrative and Privacy Act perspective is to collect it directly from the person themselves. In infoodle - forms are the way to go. With forms, you can collect any type of data you wish to through an easy to use form builder. These forms can be accessed easily either via a link, or embedded into your website or Facebook page. Two key items are available for you to use:
MULTI LINE TEXT
This field is used to display some text to the user on your form. This is where you would describe what you are using the data for, how you store it, etc. It's really important to get the wording right at the point of collection so the person involved is fully informed about their data. E.g.
We will use this information to send you our quarterly newsletter
Whilst a start - is pretty limiting for you in respect to how you may use this data. Maybe:
We use this data to ensure we care appropriately for you. We will use it to communicate with you and ensure the right people within our organisation have the information they need to assist you. We do not disclose this to any parties external to our organisation. We store this data securely. Access is controlled by our Data Protection Officer.
A bit wordy - but clearer - and less limiting.
It's important to think through the best way to ensure you keep the data up to date, and making sure you disclose the data you hold to those people appropriately so they can review it. It will be different for each organisation, for instance a church congregation can be shown the data you have on an infoodle screen because they are likely to attend a meeting - where as a fundraising organisation will have to rely more on people responding to letters or emails with limited data on those communications perhaps.
Asking people to complete an infoodle form if things change is an option in both scenarios.
This involves two parties, infoodle has a responsibility to keep it's systems secure and users who have logins have a responsibility to ensure they protect their login details - and ideally use two factor authentication - built into infoodle. How to Set Up 2-Factor Authenticaiton
As administrators - you should review regularly, who has logins and what those logins permit to ensure they are still appropriate.
It’s important that the data you hold is accurate, therefore ensuring only those people who are ‘detail-people’ and so care and understand the value of the data they manage are the ones who are adding and - or editing the data. This is easily managed through the roles in infoodle - each login is assigned a role which controls who they can access, and what they can do with those people.
You are obliged to give people access to the data you hold on them if they request it. It's up to you how you provide that. It could be achieved through reports in infoodle - or you can give them a login if you - and they - prefer. This login can be limited so they can only see what is appropriate.
infoodle is a tool which enables you to hold a ‘single version of the truth’ for each member of your community. It is important to look after that truth, not only for the benefits of accuracy and the legal responsibility you have under the Privacy Act - but also from the perspective of honouring the requirements of the people who have shared their data with you