OGM
Leaders Login Parents Login
Catholic Guides of Ireland

Data Protection Act

As a scout leader and a member of The Scout Association, you are the "data controller". Online Scout Manager is simply a system that you are using - but it is data protection act compliant.

1

Processed fairly and lawfully

The data you enter is confidential and will not be passed on to any third parties under any circumstances.

2

Obtained for a specified and lawful purpose

This is your responsibility as the person who enters the data.

3

Processed within the rights of data subject

Do not put sensitive personal information in without asking for explicit consent. However, you do not need explicit consent for non-sensitive data.

4

Data kept within the European Economic Area

The database server is physically in London. The encrypted off-site backup is kept in Milton Keynes.

5

Kept only for as long as required

You can remove all personal data about any member with a click of the button.

6

Accurate and up-to-date

Again, this is your responsibility!

7

Security

This is explained below for technically minded people.

8

Adequate, relevant and not excessive

Again, this is your responsibility. You should not store data that you do not need.


Technical Details

This section outlines some of the security and technical features employed by Online Guide Manager.

As with any system, the most insecure part of the system is the leaders' passwords. Please use secure passwords that are not based on a word, and that contain numbers and special characters.

All communication with the site is over SSL, so the information you see and send is encrypted and can't be intercepted.

The web-server/database are hosted in a datacentre in London. The database is constantly replicated onto a backup machine, and system-wide database backups are taken hourly, weekly and monthly. Weekly and monthly backups are sent to an off-site backup facility in Milton Keynes. Weekly backups are kept for six months and monthly backups are kept for seven years.

Passwords are hashed in the database with a random salt and a varying stretching iteration count (i.e. they not stored in plain text and it is impossible to reverse-engineer the password from the hash). Users can only reset their password if they have access to their email address.

Leaders are given appropriate levels of access to the individual parts of the system. For example, if assistant leaders do not need access to member details, the person who set them up with an account can restrict access to parts of the system.

If parents object to having their child's data on the system, you could ignore the private/sensitive bits (i.e. contact details, date of birth, etc.), but you can still use the other parts of the system.


Terms of Use, Cookies and Privacy Policy | Security and Data Protection Act | About Us

Online Guide Manager (UK) | Online Scout Manager (UK)

© 2011, 2017 Online Youth Manager Ltd.