Chiltern 20 Challenge Data Security
The new regulations require that any information that we gather about participants in this event must be:
- only what is necessary and justifiable
- authorised by the subject, or an adult acting on behalf of the subject
- securely held and only disclosed to persons requiring the information to ensure the safety of all participants of the event, and
- safely and securely destroyed when no longer needed.
Our Security Statement:
- We only collect the minimum amount of data needed to ensure a safe environment for all participants of the event. We collect the date of birth and membership number to confirm the identity of the subject and to ensure their eligibility to take part. Health information and dietary requirements are collected to ensure that we can provide a safe experience for all participants.
- We issue a document which is completed by all walkers declaring their details and then signed by them, and in the case of subjects under eighteen years of age signed by a parent or guardian, to confirm that they give their consent to us collecting and recording this information. The data collected on that document is the only personal information that we hold.
- The details are entered on to a computer database which is held on a secure server in London. The data is encrypted and only available to those with password access to the database. The data is entered by an adult Scout Leader using a password of their choice. The only other access to this data is through an account which is passworded and held by two members of the organising committee. They have sole access to this information, and only release the data to officials of the event needing it to ensure the safety of the participants and the safe operation of the event. At the beginning of the event we ask for the mobile phone number of some walkers so that we may be able to contact them during the event should this become necessary. This number is deleted on completion of the walk.
- After the event, and when the results have been published, all data is securely erased. We do not hold this data for any purpose, and do not share it with anyone else.
As the data file is encrypted, should anyone obtain possession of the file they would not be able to access the data without the account name and password. If an adult leader was to disclose their password then any unauthorised access would only result in the disclosure of the information entered by that adult. Should this occur then the adult leader should contact the walk registrar and the account can be locked to prevent unauthorised access to that data. Should any person whose details have been entered choose to have those details removed prior to the event, they should initially contact the adult leader who entered them and ask for them to be removed. Should this not be possible then the person who wishes to be removed should contact either the walk secretary or the walk registrar by email. Removal of information in this manner would obviously exclude the subject from taking part in the event.
In the unlikely event of a data breach occurring, all adult leaders would be informed immediately by email.
Adult leaders retain contact details of all walker participants and would need to make contact with them to explain the situation.
The Chiltern 20 Challenge committee does not hold any contact details for participants (other than adult leaders) and no financial details.
Chiltern 20 Challenge 10th May 2018