It’s logical that the manager of volunteers would want to keep records that describe the characteristics of each volunteer they are responsible for.

All CSOs should recognise that their managers are going to hold this sort of data. Many will hold it in their heads and recall it imperfectly to make flawed decisions. We’d rather that managers make explicit the fact that they will store and use this data. And then use it to make good decisions.

Let’s now look at the issues around keeping data on volunteers and making decisions using that data. The exact nature of the data held and how it's used is covered in other articles.

This article has been written with the UK as location for activities. The information we give here will generally apply in most countries though local restrictions should be researched.

Data and the Equality Act

The aim behind the Equality Act is to protect people from discrimination. Discrimination means treating one person less favourably than another because they have some ‘protected characteristic’. These protected characteristics are stated as, age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, sexual orientation.

Management decision making must be based on rational process and the use of evidence. This tenet helps managers navigate the Act. Some discrimination is allowed where the manger has good reason. An example might be assigning work to a female volunteer that involves counselling a female beneficiary. Another example might be excluding a disabled volunteer from a task with difficult access.

In all cases, managers should discuss their decision-making with the volunteers concerned.

Data and GDPR

Under UK GDPR and the UK’s Data Protection Act, CSOs must have a good reason for keeping and processing personal data on volunteers. The types of data and the reasons for keeping it must be notified to the volunteers. But that said, there’s nothing to say that keeping information on volunteer characteristics would not be lawful.

Some data (such as ethnic origin) is likely to be classified in law as ‘special category data’. Volunteers may wish to keep special category data on some characteristics (such as sexual orientation) to themselves. This must be respected.

UK GDPR does stipulate how the data is to be managed. The data should be kept securely, and its access and use controlled. It should be kept only for as long as it’s needed. When it’s no longer needed it should be destroyed. The manager should strive to ensure that the data is accurate and respond positively to volunteers when they request to see what’s in the manager’s records and when they suggest corrections.

Data to keep and discard

To justify gathering, keeping, and using data on volunteers, the manager of volunteers must ensure that the data is of high integrity and fidelity. It must not be wrong, or even inaccurate. We recommend that data is always supported by evidence. If, for example, the manager of volunteers has had a volunteer complete a personality assessment, the records should include the analysis report and the professional standing of the psychologist completing the assessment.

Inevitably though, much of the data will have been collected by observation. For example, perhaps a youth worker volunteer had a problem working with particularly challenging young people. Perhaps the manager asked the volunteer to stop attending youth work sessions. That history needs to be recorded so that the problem is not repeated. If the volunteer then attends relevant training sessions, a note may need to be added to suggest that the volunteer be given another opportunity. Management of data is as dynamic as the management task itself.

If, in the above example, something was learned by hearsay or gossip, and is unverified, it would be wrong to add it to the data as something factual. So, the manager must continually challenge what they hear, and review what’s added and kept.

Keeping data

There are two types of data: structured and unstructured.

Structured data is information that is categorised, with the same categories held on each volunteer. It’s data that is held in a filing system. A simple example might be the date and level of a volunteer’s PVG/DBS disclosure. A PVG (Protection of Vulnerable Groups) disclosure is needed for work with vulnerable groups in Scotland. In England and Wales, it’s called a DBS (Disclosure and Barring Service) check.

Structured data will most likely be held on a computer system. It will be created, read, updated, and deleted using a computer. Most CSOs engaging large numbers of managers and volunteers will have a centralised computer-based record-keeping system. The manager of volunteers should make use of this where available. Otherwise, they will need to set up their own system.

Those keeping structured data should register with the Information Commissioner’s Office (the ICO). That’s easily done. And provided that the data is (only) being used for management of the volunteers, compliance with UK GDPR and the UK’s Data Protection Act is simple.

Unstructured data, not part of a filing system, is not covered by the UK GDPR and the UK’s Data Protection Act, but the Equality Act still applies to decisions made using it. Unstructured data is still private and should be kept securely within the CSO’s overall data management processes. Unstructured data covers ad hoc information that the manager collects in their everyday. It’s the sort of information kept in a daybook, for example; the notes of a meeting, working manpower plans, or observations gathered during a review.

There is clearly a cross-over between structured and unstructured data. As soon as the manager of volunteers transcribes unstructured notes into a category in a filing system, the data becomes structured. It’s then part of the ICO’s remit and the CSO needs to follow the ICO guidelines.

Keeping records on volunteers

This has been intended as an overview. All managers of volunteers must refer to the Information Commissioner’s Office (ICO) website and comply with the provisions therein as needed. We talk here about the UK. The provisions and processes are similar in most countries.

Finally, a note on data breaches. Any volunteer characteristics (data) that get released into the public domain must be taken seriously and all breaches acted on quickly. It’s possible a law has been broken. More importantly, there’s likely been a breach of the psychological contract between CSO and volunteer resulting in loss of reputation. The damage from that can be huge.