Paper-based files of all sorts—bank statements, tax records, pay stubs, receipts—can typically be destroyed after a period of time when they will no longer be needed. Depending upon an organization’s internal policies and the laws and regulations by which they must abide, not-for-profit organizations may choose to shred some or all client files after a period of time as well.
With paper files now being digitized, and new data usually collected electronically, the concept of “shredding” takes on new meaning. Instead of literally shredding paper through a machine, electronic files are permanently deleted and erased from storage, whether they be on a hard drive or in the cloud.
One of the best practices seen highlighted within regulations such as GDPR is that an organization should only collect the data that is absolutely necessary for service delivery, especially if that data could be used to identify someone. So, unless it is essential for your organization to collect data such as a person’s name, phone number, social security number, etc. in order to carry our your work, it’s best to never collect it at all.
When you’re speaking over the phone with a person in need, you have control over whether or not to record information shared during the conversation inside your contact management system. However, if you’re communicating by Live Chat or SMS/Text Message, the person in need may share personal information with you that’d you’d prefer not be permanently documented, and if transcripts are automatically generated and stored, that private and personally identifying information may be stored whether you like it or not.
In iCarol, you have the choice whether or not your Live Chat and SMS/Texting transcripts are brought into your contact management system, or if they disappear immediately after the conversation ends, protecting personally identifiable data and allowing your organization to align such data collection and storage with your own internal policies. Further, organizations who wish to keep this information long enough for supervision purposes, but do not wish to retain it long term, have many options within the system to decide when to destroy the information. The capability to electronically “shred” potentially identifying information from your iCarol Contact Records is applied to any documentation recorded in your forms, whether it be data from calls, walk-in visits, chats, SMS/text conversations, public website intake forms, or any other interactions you document.
What gets “shredded?”
We understand that most organizations will wish to keep the data that isn’t classified as personally identifiable information, for instance demographics, issues or needs, and other non-identifying data that is important for reporting purposes. If you choose to utilize the automatic shredding function within iCarol, only certain areas of your Contact Records are effected. Text-entry fields where you might enter names, addresses, phone numbers, contact notes, etc. are deleted. Drop-down, check box, and other pick list type data is retained. For a full explanation of how to set these preferences, as well as more detailed information about what is deleted or retained, customers can sign in to iCarol, navigate to the “Help” section, and search for “Shred” within our help articles. If you’re not yet a customer and interested in learning more, please contact us!
You may have heard of something called the GDPR, which comes into force May, 2018, and might be wondering what it stands for, and what it means. While my personal favorite for the acronym is Grateful Dead Public Radio, an Internet station located in Baltimore, Maryland, in this context, GDPR actually stands for General Data Protection Regulation.
What is the GDPR? A regulation which will be enforced in the European Union (EU) starting on May 25, 2018. It will broaden the definition of personally identifiable data and will strengthen enforcement for its handling. It also gives individuals (called “clients” in this blog, in GDPR documentation referred to as “data subjects”) the power to request copies of any personally identifiable data you track about them, and the power to ask that it be removed from your system.
Before I move to specific details about the GDPR, let me cite a best practice, true for any country on the planet. If your organization doesn’t need your clients’ personally identifiable data for your business processes, don’t ask it and don’t log it even if it is offered. Use shredding (described later in the blog) to remove personally identifiable data after a set period if this practice aligns with your business process. (See the Data Minimisation section below).
iCarol customers own their data 100%. We, at iCarol feel very strongly that any organization should have the right to access their own data. We, as your data stewards, bear some responsibility in ensuring we process only the data to which your clients give permission, and that we both need to put processes in place to keep it secure. At all times, you have the ability to export your data and can delete or modify the personally identifiable data about your clients.
Locations affected: Some have asked us if they are affected by the GDPR even if they are not in the EU. If you work with clients in the EU, then yes, you must adhere, even if your organization is located in North America, or any other location outside the EU.
Location for data storage: Does the GDPR require personal data from clients in the EU to stay in the EU? No it does not. There are no new restrictions on the transfer of personal data outside of the EU. However, there should be more central coordination in place to oversee data activities, and there are rules regarding the following areas:
Consent: You must explicitly, in a very clear manner, ask for consent to track any data about the client. You’ll need to explain what you’d use the data for. We strongly recommend you add a question to your contact forms, also referred to as call report forms, if you don’t today indicating the client has given consent. Since you can add guiding language to a contact form, you might consider wording the question as your legal team specifically suggests, and make sure your volunteers and staff ask it exactly as worded. If you use chat or text, use the pre-chat or pre-text survey to explicitly ask the question.
Data Minimisation: Organizations can collect only the personal data that is adequate and relevant to the intended purpose. As we stressed above, if you do not need personally identifiable data from your client for your process, do not ask it or log it. For instance, if you do not need a social number or other uniquely identifiable data, don’t ask it and log it thinking you might need it later.
Accuracy: The data about a client must be accurate, which means it must be kept up to date if it is retained. Your client has the right to ask for changes if they feel data is inaccurate. Rights to edit submitted contact forms, also known as contact records, can be granted to iCarol volunteers and staff, or your iCarol Administrator(s) can edit the record. Administrators also have the right to edit client profiles, as can volunteers and staff if you grant them the rights.
Retention of data: Personal data must be kept only for as long as it is needed to fulfill the original purpose of its collection. Since iCarol provides a “shredding” feature to remove personally identifiable data within your logged records, we strongly suggest considering deploying that feature. If you’re unfamiliar with the feature, please see the section below on it.
Security of the data: There are a variety of ways to secure the data. iCarol takes the security of your clients’ data very seriously. While the GDPR does not require encryption, personally identifiable data is encrypted within iCarol “in transit” (when it is traveling from a volunteer or staff member’s device to our servers in the data centre), and “at rest”, when it is saved in the database. A number of other security provisions are also in place to protect the data. Should you need more information on this area, please contact me at to schedule a conference call.
Data Access: As noted above, your clients have the right to ask for transcripts of any of their personally identifiable data which is logged in iCarol. You may print out logged records and print them to PDF. We strongly suggest sending them in an encrypted email, or storing them on a secure FTP site for your client to log into to retrieve them. Later this year, iCarol will release the ability to password protect the PDF. You’ll also want to share with them any profile data you may have stored about them, which is accessible by exporting client profiles, which is available to any Administrator of your iCarol system.
Right to Erasure: Your client has the power to request erasure of their data in your system. It’s important for you to devise a business process on how to handle an erasure request from a client. Using iCarol’s shredding feature can assist in ensuring that very little personally identifiable data exists in your system, and using the search feature for contact forms and profiles can enable you to find it very quickly. iCarol Administrators have the right to delete submitted forms and client profiles.
What is Shredding? Shredding is a feature within iCarol which removes personally identifiable data within contact records. Phone numbers, addresses, names, and any data in a text field is removed from the database when it is shredded. An example of what appears in place of the data is shown below:
iCarol Administrators can turn the feature on in the Admin Tools/Calls tab of iCarol, which schedules the automatic shredding. We already have a range of timeframes you can select in order to shred the data, based upon the age of the contact record. Shredding allows you to maintain the data in dropdown and checkbox questions in your submitted contact forms for reporting purposes, while protecting data privacy for your clients.
As mentioned above, we at iCarol take the security of your data very seriously, as we know many of you work with subject matter that is highly sensitive and which must remain private. We provide the tools you’ll need to protect that data for your clients, to give both you and them peace of mind.
Restriction and Certification can be used to restrict access to confidential information stored in iCarol based on where the user logs in. If Restriction is enabled, confidential information stored in call repots and caller profiles can only be accessed from computers or networks that have been certified.
*Very Important Note* Restriction and Certification can only be used on PCs. Unfortunately, this functionality cannot be used on Apple products.
To use Restriction and Certification, the first step is to access the Tools tab of Admin Tools and place a check mark in the box next to “Use Restriction”, in the Restriction and Certification section, then click “Save all settings” at the top of the screen.
By default, Admins and Supervisors are not affected by Restriction, meaning, no matter where they log in, they can access the confidential information in iCarol. If you would like to restrict Admins and Supervisors as well, you can place check marks next to the appropriate settings on this page.
Next, you will need to download the iCarol Certification tool, and certify the computers from which users can access confidential information. To do so, click “click here” at the bottom of the Restriction and Certification section, and follow the steps noted. Once the tool is downloaded and installed on the computer you wish to certify, open the certification tool and enter your login and password, plus a name for the computer you are certifying. Please note, if you certify one computer on a network, all computers on that network will be treated as certified and can be used to access confidential information.
There are two settings in Advanced Security settings related to restriction and certification. These settings are found in the left hand column of the Call Reports section.
The first setting is “Can certify computers”. By default, Admins and Supervisors can certify computers using the certification tool. If you would like individuals at other security levels to be able to do this, you can check this setting.
The second setting is “Exempt from Restriction (can always see call reports)”. This setting is used if you are using Restriction in your agency, but want a particular person to be able to access confidential information wherever they log in.
If you have any questions about how to use Restriction and Certification, please do not hesitate to contact the iCarol Support team.