-
Has your State/National Society/Institution incorporated the commitments contained in this resolution into the relevant strategic or operational plans?
YesThe commitments are incorporated into:
Strategy
PolicyAt the International, National level
Explanation:
As part of the BRC’s participation in the Movement RFL Code of Conduct on Data Protection Application Group and membership of both the Archiving Policy and Deletion thematic working groups, we have contributed to the creation and dissemination of standard archiving policy and deletion guidelines for Family Links Network (FLN) members.
In 2020, Migration and Displacement was identified and incorporated as one of the three areas of focus for the BRC Strategy 2030. Through Strategy 2030, the BRC has committed to ensuring that “every person experiencing displacement in the UK has the opportunity to rebuild their lives, maintaining and restoring links with their loved ones” – including through implementation of new information technologies and development of staff and volunteers’ data skills and capacity – by 2030.
The Foreign, Commonwealth and Development Office (FCDO) is assisting the British Red Cross in seeking confirmation from the Information Commissioner’s Office (ICO) that the British Red Cross may use the public interest basis when processing personal data related to the carrying out of our humanitarian activities.
-
Has your State/National Society/Institution been working with other partners to implement the commitments contained in this resolution?
YesPartner with:
Government and/or public authorities
ICRC/IFRC
Other National Red Cross or Red Crescent Societies
Humanitarian and development partners (e.g. UN, NGOs etc.)Examples of cooperation:
The BRC has agreed to use the Family Links Answers (FLA) tool’s ‘Interoperability’ function, to facilitate secure exchange of cases with other National Societies and ICRC delegations.
Following the cyber incident in 2022, the BRC has also agreed to use the ICRC Central Tracing Agency secure system, ASPERA.
The BRC participated in the Movement’s Application Group for the RFL Code of Conduct on Data Protection and became a member of two thematic working groups: Archiving Policy and Deletion.
We have worked closely with the UK Information Commissioner’s Office on responding to the cyber incident in 2022, identifying 1,553 priority cases of potential data breach and processing all cases for notification.
-
Have you encountered any challenges in implementing the commitments contained in this resolution?
YesWith challenges on:
OtherDetails about challenges:
Our challenges have arisen mainly from incompatibility with external partners’ standards and practices:
There have been challenges working with UK Missing Person’s Unit (UKMPU), part of the government’s National Crime Agency, to develop a pilot that aims to provide answers to families whose loved ones may have died in boat sinkings.
For a period, NHS Scotland ceased their letter-forwarding system used by the British Red Cross tracing service. NHS Scotland expressed concern that the use of personal data in this way did not meet GDPR conditions. The British Red Cross brought to the attention of NHS Scotland Article 49 of the GDPR, which notes the derogations with respect to humanitarian work, as well as 33rd International Conference Resolution 4. NHS Scotland subsequently changed their position and they have resumed the letter-forwarding service (for the British Red Cross only as far as we are aware, and not for other organisations).
As other National Societies have also experienced, data transfer to third parties may present a challenge due to incompatible standards, practices and systems. The International Organization for Migration (IOM), particularly, cannot accept information via Egress and this has presented an obstacle to data sharing. Instead, a Data Protection Impact Assessment (DPIA) was carried out and a joint SharePoint Site has been created.
-
Have the commitments contained in this resolution had an impact on the work and direction of your State/National Society/Institution?
YesType of Impact:
Cooperation between Government/public authorities and National Society has been strengthened
Programming and operations have become more effective and efficient
Innovative tools/methodologies have been developed and are utilized
Training and capacity of staff and volunteers has increased (for National Societies)Details about the impact:
The BRC devised a data mapping exercise spreadsheet to map all data storage and to identify and mitigate risks.
To minimise data protection risks, the BRC conducted Data Protection Impact Assessments (DPIAs) for tools including Trace the Face, Family Links Answers (FLA), and the video conferencing tool used by the prison service.
Data protection is now included in our FLA training content, ensuring that new FLA users are aware of the risks and responsibilities related to data processing.
All our RFL caseworkers are now using Egress software for sharing personal information with external organisations via email. The Egress software is embedded in our email system, ensuring secure transfer of emails and documents to non-secure email addresses.
The BRC has produced an online training course titled ‘Data Matters’, which is now mandatory for all staff and volunteers. A yearly refresher of this training is also mandatory.
Key guidance on data protection and data collection practices is included in our new casework manual, which acts as a ‘one-stop shop’ resource for all members of the International Family Tracing team.
-
Have the commitments contained in this resolution had an impact on the communities that your State/National Society/Institution serves?
YesDescription of the impact:
BRC personal information leaflets for RFL services have now been translated into 16 languages, providing enquirers with information on our data processing activities, their data rights, and who and how to contact if they have any concerns or questions.
Dashboards for the FLA casework management tool now monitor any issues related to data quality and consent, improving accountability and oversight.
We have removed around 16,000 contact records on FLA, as part of ensuring respect for individuals’ data rights.
Following the 2022 cyber incident, 1,553 priority individuals were appropriately notified of the potential breach of their personal data.
The International Committee of the Red Cross, the International Federation of Red Cross and Red Crescent Societies, and the Standing Commission of the Red Cross and Red Crescent, in its function as Trustee of the International Conference of the Red Cross and Red Crescent (the Conference), cannot be held responsible or liable in any manner for any user-generated content or posts on this Database. In the event that the Website team considers any post or content to be incompatible with the Fundamental Principles of the International Red Cross and Red Crescent Movement and/or with the objectives of the Conference, it reserves the right to remove such content.
