The We Can Work It Out project will ensure that all staff and project members will uphold the principle of confidentiality in line with data protection legislation. This is covered by all project partner Data Protection Policies, and includes guaranteeing that all clients’ information will be:

1. Fairly and lawfully processed in a transparent manner
2. Obtained and processed for specified purposes
3. Adequate, relevant and not excessive for purposes required
4. Accurate and, where necessary, kept up to date
5. Kept for no longer than necessary
6. Processed in line with the rights of the individual
7. Kept secure
8. Not transferred to countries outside the European Economic Area unless there is adequate protection for the information.

Project-Specific Ways of Working:

Data collection:

• Project staff will use the KoBo Collect application on their phones to register the personal information of any individuals or families that are interested in the project. Information collected includes: full name, email address, phone number, area of Cardiff they live in, family size, preferred contact means, and consent to store information for project use only and share with project team.
• Individuals will be accurately informed of what their personal data will be used for, and this should inform their consent.
• New entries can be submitted if personal data changes, in order to ensure that data is accurate.
• Paper copies of personal data will be kept to an absolute minimum. Where at all possible paper copies will be replaced by electronic copies, with the paper copy disposed of as soon as possible. If paper copies are necessary as part of project implementation then they will be stored in locked storage space.

Data storage and access:

• Personal information and other project-related electronic data shall not be stored or accessed on any equipment other than that approved for project use. This includes mobile phones and computers. All equipment should be password protected.
• Information collected via KoBo is stored on a protected server, which only the Project Manager and Administrator have access to.
• An excel database may be created with relevant contact information of individuals and families involved in the project. This document is to be password protected, and the password known only by project staff who require access to the information for the successful implementation of the project.

Project group communications:

• If contacting a group of individuals via email then ‘blind copy’ (bcc) should be used unless consent has been explicitly obtained from all individuals approving sharing of their email address with the group.
• The same principle applies for Whatsapp groups or other group messaging.

Rights and responsibilities:

• Individuals have the right to ask what data is being held about them at any point in the project process.
• Individuals have the right to ask for their data to be deleted. The project team will respect any request for deletion of personal data and action any request swiftly.
• The Project Manager has overall responsibility for data protection procedures related to the project, and will be a focal point for all queries regarding data protection and processing of personal data.
• The Project Manager will seek external expertise for any query beyond the scope of their knowledge and will seek to ensure compliance with all relevant data protection laws.
• All staff members have an obligation to report data protection breaches or contact the Project Manager if they have concerns of such a breach. This will allow the appropriate personnel to investigate further and take the appropriate steps to fix the issue in a timely manner.
• Personal data will not be shared with any third-party organisation or individual. In the case of any referral, this will be discussed with the individual or family and their data shared with the referral organisation only if requested by the individual or family themselves.