How charities should store data

Keeping data safe is vital for charities to protect employees, users, and donors, as well as ensuring information around service delivery and fundraising is not lost.

 

Selecting the right strategy for storing and backing up data is essential to the smooth running of day-to-day operations.

 

This article looks at some potential options for charities to consider when storing data. We discuss the advantages of each data storage option, as well as their cost-efficiency, and we also take a look at some of the associated risks.

 

 

First bits of advice

 

The UK Data Service suggests that data needs to be securely destroyed once it is no longer needed. Charities should consider long-term solutions to monitor when data may need to be destroyed.

 

The UK Data Service also recommends using two types of storage to ensure it is recoverable when needed and to mitigate against technical issues preventing data from being accessed. It also advises that data is always encrypted.

 

In addition, information should be kept separate to ensure they cannot be linked together. Separating data further protects the subjects of the data. For example, signed consent forms containing identifying information should be stored separately to data files. If required, an anonymous identification system can be used by the charity to link the two sets of material together.

 

 

Local storage options

 

One benefit of storing data in-house is that it gives charities full control over their data. Responsibility for the security of the data rests solely with the charity, without the involvement of a third party.

 

Local storage options also have the benefit of allowing work to continue offline, as the data can be stored on personal devices. That is a particular benefit with the switch to remote working, as some charity employees may have struggled to access cloud-based data due to a poor internet connection.

 

One of the risks of storing data locally is physical damage, particularly with regards to paper and hardware. Temperature changes, humidity, air quality, and poor handling can all have an impact on data storage solutions. Magnetic media, such as those used in hard drives, can be subject to physical degradation.

 

Rooms used for the storage of data should reflect the need to keep information protected and recoverable. Hard drives are more likely to crash in hot offices, for example, and fire and flood can cause untold damage to physical data.

 

When storing data locally, charities need to ensure they have put adequate protective measures in place. In terms of paper data, sunlight and acid can prove harmful. Charities should use robust storage boxes, acid-free paper, and non-rust paperclips.

 

Cyber security risks also effect data stored in-house, particularly the threat of malware. Malware attacks depend on the creation of malicious software that is installed on a user’s device without their knowledge, usually with the aim of accessing personal information or damaging the device.

 

Malware attacks include spyware, ransomware, and Trojan horses. These attacks are growing in sophistication and have spread since the rapid growth of remote working. Charity professionals need to be particularly cautious when working from home and storing data on remote systems.

 

Charities can mitigate cyber security risks by taking simple steps, such as keeping software updated, creating strong passwords, using a password manager, installing robust anti-virus software, and putting in place protocols to protect them against a data breach and prepare them for a data breach.