Safeguarding vulnerable service users and staff online | Our top tips for an effective Digital Safety Policy

In this article, we look at some of the ways organisations can protect themselves and others, including through having a Digital Safety Policy.

With the tragic case of Molly Russell in the news recently, and the Online Safety Bill having now reached report stage in the House of Commons, digital and online safety is an issue we have all been hearing a lot about lately. Organisations of every stripe are increasingly asking themselves how they can help to ensure that those they employ, serve and engage with – especially children and young people – are protected when interacting and communicating online.

The government and the Charity Commission have specific guidance for charities who operate online, recognising that operating online carries with it specific safeguarding risks connected to protecting people from abuse and protecting sensitive information. Nowadays, most charities operate online to a greater or lesser extent. If your charity operates an online service or an online chat/messaging function, hosts meetings online (i.e. over video-conferencing technology) and/or has a social media account, then it needs to be aware of and comply with this guidance.

Whilst non-charitable organisations may not be subject to the same regulatory requirements and expectations, they are undoubtedly likely to be under increasing scrutiny with regards to how they conduct themselves, offer services, and interact with potentially vulnerable service users/clients over the internet.

The safety of children, young people and adults at risk needs to be carefully considered when setting your online strategy. A Digital or Online Safety Policy is one measure that your charity or organisation can easily put in place to set out its commitment to keeping these individuals – as well as staff and volunteers – safe online. The policy should set clear expectations and ground rules for operating online, and also inform staff and service users/clients about how any issues can be reported and escalated where they occur.

Here we offer our top tips for an effective Digital Safety Policy:

• Identify risk – identify all the ways your organisation operates online (internally and externally) and then undertake a risk assessment to identify the main areas of risk. This will be different for every organisation depending on its activities and the profile of its customer/client/user base. It is important that your policy reflects the particular activities and context of your organisation for it to be effective;
• Practical measures – identify practical measures that you can put in place to protect individuals. That might be through the use of passwords and other security measures, requiring prior and informed consent to record online sessions, and/or asking participants to always keep their cameras switched on (or off, depending on the nature of the risks being addressed);
• Provide clear guidance – use the policy to communicate your organisation’s expectations around online conduct. Leave no room for doubt as to the behaviour expected, and what action the organisation will take if the guidance is not followed; and
• Situate within your organisation’s existing policies – the Digital Safety Policy should be a key component of a wider suite of policies and should be capable of being read in conjunction with these other policies. As a minimum, most organisations that require a Digital Safety Policy should also have a Safeguarding Policy, Anti-Bullying and Harrassment Policy and a Data Protection Policy in place. Some organisations will also require a Whistleblowing Policy, Social Media Policy and Grievance Policy.

We have extensive experience in this area and would be happy to assist your organisation with its Digital/Online Safety Policy and/or any other supporting policies. If you think we could help, please contact us.