Hi, following on from the recent ACO wide email from WgCdrAdmin, there appear to be a few issues with protecting personal information.
A follow up email stated that:
“No personal records, files or information regarding Cadets, CFAV’s or CWC’s is to be kept on Squadron, home, or any other premises.
All necessary information is securely stored on SMS records. Personal files are kept at WHQ”
ACTO 04 states that 3822A forms are to be kept at SqnHQ, which seems contrary to the latest brief on Protecting Personal Info… Does anyone have a clue as to how this is being implemented and if so, which forms, files and documents etc are to be dealt with at Wing HQ rather than Sqn HQ. It brings with it a host of issues including the updating of 3822A’s with new information… What happens when Bader doesn’t work and we need cadet emergency contact info… How are wing going to store 30 Sqns worth of paperwork? etc etc etc.
Also, how do you all deal with this little gem… d. Any forms that contain medical information relating to the discharged
cadet you must keep until that cadet reaches the age of 25 years.
This appears to be a minefield of potential issues for understanding and implementing.
Who is “you”? Is that Sqn level or Wing level, medical info is personal information so by the latest email does that all have to go to Wing?
Any help on deciphering this would be much appreciated…
It was sent originally to OCWings and WExO’s and was then filtered down to us (maybe it hasn’t made it to you guys yet)… Basically referring to ACO Conference presentation about Protecting Personal Info and then requirement for WExO’s to hold this information.
As I found out recently from our ARC, there is an MOD-funded archive system for this type of information. Wing HQ should be able to access this; you just need to package up the information in a file folder/envelope with an appropriate reference on it (file reference or similar) and pass to Wing HQ to be archived. Obviously once you have finished with it an are no longer likely to need it.
Frankly can’t see the problem with holding paper records at the squadron. Like all online resources SMS is fine if you can access it when you want it, we still get times on parade nights when we refer to original documents as the internet / phone line is sodding around.
Sod putting references on things, I’d stick it in an envelope and leave to the salaried office workers in the Corps to do that. On parade nights we have more important things to do and at other times we work and have real lives. We do enough of the salaried staff’s work as it is, IMO, just by putting information on SMS as unpaid skivvies. If we worked as slow and got as prissy as they do about things, as the top end of the organisation seems to, squadrons would grind to a halt. Who knows they might get some overtime
Obviously in light of the cuts in the MoD someone somewhere has thought there is all this lovely documentation on ATC squadrons, which we need to file away and should keep some jobs going across all ranks for a few years. it’s never been a problem so you just have to wonder why it has seemingly become one.
Get your head out of a certain orifice for once in a while and stop whining all the time that it’s ‘the retired officers at Cranwell’s fault’. I’ll give you a clue:
Where my concerns lie is with the generation of all of this paper-based personal information in the first place, not with the process of dumping it on WHQ for storage.
If I recall, when this first hit the streets, a good 5 years ago, Sqns had to designate a lockable Personal Information Repository (I think that’s the right spelling and it doesn’t begin with S U) cabinet and that was where you could keep hard copies with the full range of personal data on ie name, address, DoB, phone numbers etc, such as 3822As. We were told that Nothing else was to be retained and that included personal data on electronic media. However, you could put anything you wanted on BADER as that had been security accredited. If you felt that anything was essential for keeping, Wg would arrange archiving for you.
And I agree Incy, most Sqns are very good at generating huge amounts of pointless data!!
The biggest problem wrt data protection in the modern ACO is SMS and not paper documents. You can claim it’s accredited and regard it as safe, but all staff have access at anytime and to that end if someone wanted to look up anything on staff or cadets and use it for their own purposes we might never find out. For as many years as I can remember 3822As and info on staff lives with the CO and only available with the OC’s nod when the squadron was open, by having an onliine system we have lost a massive chunk of actual security. We also need to have a dose of reality in terms of what information squadrons hold, when you take employers, schools and a myriad of other agencies hold. When our children were at school when they started in the 3rd year information held by schools was passed to the youth service, just in case the kids used the youth service. We only have the very basic info and then lots of dull, dull, dull crap about what people do in the ATC, which isn’t very interesting to many of us and even less so to anyone outside.
The irony with data protection is many many people (with some of those responsible for data protection) use social media and that has no security whatsoever, as you have no control over who does what with it or tells people what you’ve said or done, even in your closest circle. As my children have found out and now do not indulge. How many sqn cdrs put a personal mobile number out there on email signatures, business cards and even on promo literature?
Anything we might do or have to do does nothing in real terms wrt to security of information.
IIRC the repository was for CWCs to keep minutes and accounts and not for general information. My lot brought a lockable box.
Somebody looks at something on SMS, it’s audited somebody flicked onto a page on SMS it’s recorded. Anyone can check whether all the time. HQAC also check for the stuff on request. Stop your whinging
Being audited is important but the access has still been gained. Surely data protection is as much about actually protecting the data in the first place, not just knowing who has looked at it all. They don’t have that balance quite right yet (and a task in the projects where it looks/looked like we’d give cadet personal data over to the DfE wholesale is also a worry!)
SMS is an OK repository of main personal data but getting info back out of it continues to be a chore.
Beyond that, it is singularly unsuitable for much of the legitimate data processing that is required by squadrons or event organisers.
Auditing - shutting the stable door after the horse has bolted - although in this case, the “horse” is more the size of “My Little Pony.”
We are not talking major “commercial in confidence” here, e.g. with a potential sales value or the ability to profit on share-trading using insider knowledge. Yes, we do not want their personal information in the public domain, but as previously mentioned, many cadets already list extensive information on their social network media, or the data can be retrieved by very simple data-mining from open sources.
Hmm. CCFs have had no direction at all. I wonder if they think the Data Protection liability rests with the school… Not sure which way a court would come down, we need a lawyer!
The audit function in SMS is akin to a broken pencil as it has no control over MK2/3 word processor ie pencil and paper, it tells you if someone has looked at it and if they’ve done something on SMS and nothing else. Also we do updates in batches when it is convenient largely as it is such cumbersome, non-user friendly design.
SMS is accredited so what. As someone who works in an day job where we have accreditations, they are nothing more than a time consuming, labour intensive (we have 3 people working on them in addition to their main roles and others who have input), expensive and empty logo to put in a footer or header route to make people think you are better than someone else and in some instances as a sphincter covering back-up, such that if anythiing happens as long as you’ve recorded periodic checks and initial it everyone’s safe.
I find it ironic that auditors despise electronic documentation and only want reams of paper, as the ‘last modified’ field would reveal all.
SMS tells you who has looked at, and edited something (in your view). In the background, and not avaiable to local people is a much more detailed audit. Sqn Cdrs won’t need to get involved in anything above what is available to them. Anything beyond that constitures an offence potentially and specialist people will look at the back-end of the system.
Can it tell if someone writes details down using pen and paper from the screen? Anyone looking to extract information for personal gain might well do this.
