It’s a while since I thought about this subject, but a couple of issues have surfaced in the current state of play. First, with some millions of us now working from home, a culture shift which is clearly here to stay in some form or other, you need to give some thought to security of computer equipment used by staff and volunteers. Where staff and volunteers are using their home PCs, laptops etc, for charity work, you don’t want to risk inadequate firewalls giving hackers opportunities to access your data.
Ideally staff should use only machines owned by the charity so that if they leave it’s handed back to you. In reality this isn’t always the case. We’ve had a few cases where charities have failed to recover data stored on homeworkers devices. This can of course lead to a data breach which has to be reported. The other issue is a sinister development where someone has provided a contact number to Covid ‘track and trace’ and this number has been used to gain access to the person later, for inappropriate contact. This won’t apply to charities and churches, but you should remind your team that the data they collect can only be used for the purpose for which it was gathered. Using it for any other purpose is not lawful.