We all have a responsiblity to look after all our members, incuding thier data and privacy.
The below covers some key areas where using data will be part of your role and gives practical steps to keep you, our members and Advance safe.
Personal email addresses:
Do not use your own personal email address to communicate with members, nor give them your own email address. If a member does send an email to your personal address, delete it and ask them to email to your Santander email address or if appropriate the Advance office directly (firstname.lastname@example.org)
Equally do not email any member’s personal data from a Santander email address to your personal email address as this will be a breach of Santander’s Data Protection policy. If there is a need to communicate with a member by email, please use your Santander email only.
Work email addresses:
Where “documents” and members personal information or circumstances are involved, you must use Santander’s email and computer systems to receive and send WITHIN the Santander domain. Printing a member’s personal data is of high risk and it is your responsibility to keep it secure, once printed to the same standards Santander expect of you.
We do not recommend printing anything confidential.
If you are handed personal documents, please ensure that they are kept in a locked drawer, cupboard, or personal locker which no one else has access to. Destroy all such documentation as soon as the matter has been dealt with using a safe method. Please ensure copies of any documents are sent to the Advance office for filing by secure mail or scanned email from Santander.
You will also need to ensure the data is encrypted to a high standard with password or other secure method provided by Santander,
Using Social Media tools:
Advance believe there are significant risks in using social media to contact members. As such please do not use these tools to contact members and if they contact you using a social media platform, please suggest they revert to an authorised platform. Advance recognise you will need to ensure you adhere to Santander’s Social Media Policy in carrying out your duties as a representative.
WhatsApp & Text Messages:
We realise many uses WhatsApp and other sharing tools as a tool to communicate as an alternativeto text messages, and please ensure you do not outwardly share personal data via this channel. This could be in the text or document sharing such as photographs and scans of documents. If you do receive data by these methods please delete them safetly as soon as you can
Members joining Advance:
Try to encourage members to provide their data by joining Online as this prevents data-keying errors. If a member gives you a completed application form, please ensure that it is posted to the Advance office (using the Freepost address) without delay, please do not store them or send them through the bank’s internal post system. Alternatively, notify potential members that they can join Advance by calling the Advance office on 01442 891122.
When approached by anyone stating they are a member:
If you are approached by a member requesting support (in person or by email), it is you responsibility to check that they are a member before entering into a discussion with them. Ideally, you may be better referring them directly to the union office but in all instances, If they tell you that they are a member, confirm this by ringing the Advance office with their staff number, name, and postcode before entering a discussion with them. The office will confirm if the individual is a member if you are a representative.
As an aside, please act in your mandate and ensure the member’s query is directed correctly. In most instances being a listening ear can help a member, but it may be better to signpost any more complex matters on to the Advance office than give out incorrect information or advice.
Under no circumstances complete casework unless you are suitably trained and ask the member to register the matter via the Advance office directly on 01442 891122 in the first instance. These guidelines do not cover additional steps a caseworker may need to consider staying safe.
If you do speak to a member about their personal circumstances, please ensure the union has an update via email to keep our records up to date.
Generic feedback by email:
If a member sends you an email with generic feedback to share with Advance, forward the message after deleting their name/email address.
Asking questions on policy and procedure by email:
As this would not involve you sharing any names, you can continue to help members by either sending emails between Santander email addresses or from a Santander email address to an Advance email address.
Raising concerns where you need to share the member’s name on email:Ideally, ask them to send themselves to the Advance helpline or ask for consent (on email) with the
member if you have their permission to raise the query directly with the Advance office. If theyconfirm that this is acceptable, forward it to email@example.com or to the full-time Advance Representative dealing with the matter. Confirming that you have received consent fromthe member is the most important factor.
Dealing with Data in Fact-finds & Wellbeing meetings:
Before supporting a member at a fact-find or wellbeing, ask them to call the Advance office toregister their case. If you have not been through training for these meetings, please explain a trained representative will be allocated by the union office and ask the member to call the office directly. You should not receive any written material relating to the fact-find or wellbeing. If you make any personal notes during the meeting, explain to the member they are not a formal record of the meeting. Securely destroy these notes afterward If you are provided with a copy of the meeting notes or outcome letter to review as an accurate record of the meeting, keep them secure (either electronically) or locked away. Please always destroy any secondary copies and send a copy to the advance office via firstname.lastname@example.org ensuring they are password protected.
Password Protocol when forwarding documents with personal data to Advance:
We use a standard password protocol of the first 3 letters in lowercase of the member’s surname and the current year. So, if the date is 1/1/2020 and the Member Kevin Smith, the password to lock a document would be smi2020.
Dealing with other cases:
Other than Representatives that operate directly for Advance on a full or part-time basis, no one has the mandate to represent members in any hearings. Please refer all cases directly to the Advance office where they will be allocated accordingly, in these instances Advance will review any additional facilities needed to keep our member’s data secure.
Remember to keep data in the Santander Domain, and ensure you follow the bank’s policies at all times except when there is a need for Advance to have information in which case please securely send this content to Advance.
Fair Processing Notice:
Just to be clear Advance is our member privacy notice (or fair processing notice) is on our website, please take time to review this.
Data Protection Breaches:
Under GDRP regulations, there is a strong onus on organisations to report any breaches to the ICO (Information Commissions Office). This is the responsibility of both Linda’s senior team, the Advance office, and all Advance Representatives. Breaches must be reported within 72 hours of taking place. If you become aware of any breach, you have a duty to report it to our Data Protection Officer, Linda Rolph, as soon as possible. Some examples are loss of paperwork, If a breach occurs involving Advance, please Linda Rolph directly her mobile on 07850 742 340. Please do so if you are ever called to a fact find by the bank relating to data protection and your Advance duties.
Confidential Paperwork shared by the bank:
From time to time, you may be sent commercially sensitive information from Advance or Santanderto help you carry out your role of representative. The content of the email would not includepersonal data but may contain information that you are provided to review to fulfil your role as a representative. This could include slide decks for meetings you are attending at your business subcommittee. Wherever possible please keep this information inside the Santander domain.
You should also not send confidential documents sent by Santander to help you carry your role as a representative to your personal email unless explicit consent has been given. In these instances,please ensure you speak to the Industrial Relations Team so we can mitigate any risk.
If the infrormation is shared to your personal address please store safetly and delete as soon as you have attended the apporaite meeting.