The ICO's Top Five Data Protection Tips

The Information Commissioners Office (ICO) have listed their 5 most preferred elements to protecting your and your clients data, which will undoubtedly aid your Third Sector Organisation to complying with the current Data Protection Act 1998, if you follow these overview tips.

  • #1 - Tell People What You are Doing with their Data:

    People should know what you are doing with their information and who it will be shared with. This is a legal requirement (as well as established best practice) so it is important you are open and honest with people about how their data will be used.

  • #2 - Make Sure Your Staff are Adequately Trained:

    New employees must receive data protection training to explain how they should store and handle personal information. Refresher training should be provided at regular intervals for existing staff.

  • #3 - Use Strong Passwords:

    There is no point protecting the personal information you hold with a password if that password is easy to guess. All passwords should contain upper and lower case letters, a number and ideally a symbol. This will help to keep your information secure from would-be thieves.

  • #4 - Encrypt All Portable Devices:

    Make sure all portable devices – such as memory sticks and laptops – used to store personal information are encrypted.

  • #5 - Only Keep People’s Information for as Long as Necessary:

    Make sure your organisation has established retention periods in place and set up a process for deleting personal information once it is no longer required.

Charity Sector Toolkit

The Information Commissioners Office (ICO) list a specific 'Think Privacy' toolkit that has been created, "for organisations in the charity sector – reminding staff to ‘press the mental pause button’ when handling personal data.

Please note: the materials are not ICO materials; they are providing the materials on the website for charities to download as a useful tool to promote privacy matters in their own organisation."

There should be no reason, why most, if not alll UK Third Sector Organisation's shouldn't download and print copies of them, placing them in the places advised within the PDF document.

The content is an incredibly cost effective addition, towards personnel training and generally increasing awareness on-site, surrounding Data Privacy.

What Next?

Please now go to the following IS Know How What Is The General Data Protection Regulation? page and read through the ICO's information that we've collated for this and your benefit.

Charitable & Voluntary Data Security Incident Trends

You may also be interested to read the statistics that IS Know How have extrapolated from the ICO's Quarterly based Data Security Incident Trends and specifically for 'Charitable & Voluntary' that they provide for "Data security incidents (breaches of the seventh data protection principle and personal data breaches reported under the Privacy and Electronic Communications Regulations)"


ISKH is in no way affiliated with, or working on behalf of the Information Commissioners Office. ISKH is quite simply putting forward the importance of compliance to our target audience(s). Also to support the ICO's drive to show that Data Protection Act compliance, has a positive impact on a business or organisations Cyber / Data Security Positioning. Any externally linked ICO content in the ISKH website, including PDF documents or video media, is offered for information purposes only, as is.