Each and every one of us has a responsibility to ensure the data we hold on our members and supporters is protected, and treated with the care you'd expect from those handling your data, and in line with the law. If you have access to Action Network you may have access to the personal data of hundreds, thousands, or even tens of thousands of individuals. If you're a member of staff or national volunteer that number could extend into the hundreds of thousands.
Most of the work you do in Action Network happens on the platform itself. You don't need to export the data, or view it anywhere other than in Action Network. However, we recognise that there are some occasions when you need to export Activist data for a legitimate reason. In this guide we'll talk about some of the considerations and best practice around this.
The Digital Team don't have oversight of data protection within GPEW, but just like you we have a responsibility to ensure we comply with our legal, and moral obligations. If you have questions about GDPR and your responsibility please contact dataprotection@greenparty.org.uk.
Anonymising Data
When working with data from Action Network ask yourself if you can achieve what you need to with anonymised data. For example, if you just want a breakdown of the Membership_Status of everyone on your mailing list you could generate a report to show only the Membership_Status field, rather than including individual identifying records. You should only export identifying information if it's the only way to achieve your goal, and the goal is a legitimate use of the data you have access to. Curiosity doesn't equal legitimacy.
Activist Data
Action Network records are continuously updated with new information. Any export of this data therefore can be considered immediately out of date. You should consider this when working with the data. This should also be a consideration when uploading data into Action Network. You shouldn't upload data to fields which may have been updated elsewhere. For example, you should never upload to any of the Custom Fields synced from GPEW centrally including, but not limited to, names and addresses.
Data Storage
Data should only be stored on the device it's being worked on, and should be deleted when it's no longer needed. If you can, don't export the data at all and work with it directly within Action Network. If you need support with this, check out the other articles on the Digital Support Site, or
raise a support ticket.
Activist Data should not be stored in cloud storage platforms like Google Drive, OneDrive, Dropbox...etc., and keep any exported data separate from your personal files to ensure protection of both. It's also extremely important that no data is stored on external drives such as USB pen drives, or external hard drives.
Device Security
Whether you're working directly in Action Network, or exporting data, it's important that your device is secure. Make sure you're not sharing your device, or Action Network login with anybody else. Set a strong password, and ensure you understand what you can do to protect your data if your device is lost or stolen. This will vary depending on the device you're using, so check with the manufacturer or supplier of your device. Make sure you keep your operating system and antivirus software up to date.
Screen Sharing
It's easily overlooked, but screen sharing on platforms such as Zoom, Teams, or Google Meet comes with a risk to Activist data. if you display Activist data when screen sharing it's possible for participants to screenshot, or record the screen and capture that data. Even if they don't record it, they may see information that they shouldn't have access to. Be careful when screen sharing, and avoid recording calls where there is potential for personal information to be displayed on screen.
Plan For Breaches
Nobody wants a data breach to happen, but no activity is without risk. Make sure you, and your fellow officers understand what a breach is, and what to do if you suspect one has taken place. You can find out about data breaches, and what to do in the event one happens on the ICO website (
https://ico.org.uk).