Dear BSO colleagues,
The rollout of Office 365 across British Scouting Overseas forms part of our Development Plan which was approved by the Area Executive 2019. The logic is simple – We must safeguard the confidential data that we possess and process from unauthorised disclosure.
Data Protection in BSO…
All across British Scouting Overseas we collect and process lots of personal data from young people, and adults. This includes really sensitive personal data such as adult references, role applications, religion, ethnicity and disabilities.
You should recall from your GDPR training that the personal data we collect and hold must be protected against unauthorised or unlawful processing and against accidental loss, disclosure, destruction or damage. Also, the ‘accountability principle’, expects that organisations – in this case Scout Groups, Districts and Area – will put comprehensive measures in place to minimise the risk of breaches and uphold the protection of personal data.
For all levels of BSO, the responsibility to ensure data integrity and security lies with Area, District and Group Executives. However, all adult members have a responsibility to safeguard personal data and follow the processes that are agreed by your Executive Committee.
The Area Executive recognises a significant risk where information relating to Scouting is held in personal email accounts which may reduce GDPR or information commissioner compliance. We know of members storing years of personal information on easily-lost, non-encrypted USB drives. We are also concerned that when adult members cease Scouting or move away, they no longer have a legitimate reason to retain personal data they no longer need.
Any BSO members using personal email accounts to conduct Scouting business should be aware that they may be compelled to hand over data from private email accounts or personal mobile phones, where it falls within the scope of a third-party data subject access request (SAR). The use of personal, non-cloud accounts will often force members to use external USB drives to store data.
Additionally, as BSO operates globally, we remain concerned that there are countries outside of the UK/EU, which do not have the same regards to data privacy rights as the UK/EU and may be able to legally compel individuals and companies to give them access to personal data.
To minimise the risk for Trustees, the Area Executive has agreed that all members of BSO (except Occasional Helpers) will be issued with an Office 365 account which will give them free access to Outlook email/calendar, cloud storage, Office suite, Teams and other Microsoft collaboration tools.
To minimise costs and reduce any duplication of effort in finding a solution to the above risks, Districts and Scout Group Executives are strongly encouraged to adopt the Area’s Office 365 offer as a full mitigation. As a priority, it is recommended that Districts consider data protection compliance surrounding the adult’s appointment’s process where we need to protect highly confidential role applications, character references and identification documents.
From the 1st March 2021, all Area-level team members (including District Commissioners), will be required to use their personal @britishscoutingoverseas.org.uk account for all BSO business including emails, sharing of files via OneDrive links and file storage. Training will be provided for all aspects of using the tools within Office 365.
Area Executive Chair