Protecting Personal Information
The policy of the Methodist Church of Great Britain is described in the Managing Trustees’ Privacy Notice document describing in general terms how people’s privacy is respected and how their personal information is protected.
Specific to this web site there are two classes of people involved: those who read the material on the site (the Consumers) and those who can update it (the Providers).
From time to time, material provided in text form for web pages includes information about how to get in touch with a person: typically quoting a telephone number or email address and occasionally a surface mail address. For private individuals, the web site’s information providers can take the view that the phone and address information can be omitted and still remain useful. In certain cases it is retained but converted from text to a graphical image, so that could be read by a real person but its meaning would not be intelligible to a piece of malicious software.
Where such information is provided on this site to allow people to contact the person officially representing an external organisation, the information may be retained in textual form. Where the official contact relates to this Circuit and its churches, e.g. its ministers and church or circuit administrators, the information is protected by converting it to a graphical image as described above.
When photographs of people are received for publication, and individuals’ faces are shown clearly, one of the following actions is taken, according to the circumstance:
- Adults’ permission is sought for images of themselves
- Parents’ or guardians’ permission is sought on behalf of children
- Organisations may be able to provide on-going permission for their members
- Where permission is not available for all in a group, faces can be pixelated
- If none of the above approaches is acceptable, the image is withheld
This web site uses technology which allows designated individuals to have update access to designated areas of the site, e.g. to the pages of an individual church.
The designated individuals are trained in how to make changes, are given a system ‘identity’ for logging in and are able to specify their preferred password (to replace the one provided by system administrators). Every log-in ‘identity’ is unique. Should a breach occur it will be clear what the source was. Training of designated individuals includes a session on the need to be aware of others’ personal data security: information providers have responsibility for their fellow providers too.
Although information providers are able to change their own password at any time, the mechanism is designed to prevent access by on-line robots, which may try to take over a person’s right to amend the site.
Defence of the Web Site Support System
The support system provides mechanisms for creating and updating web pages, giving specified individuals the right to manage specified areas of the site. The support system database holds the personal email addresses of registered Information Providers.
The support system is itself strongly defended. We guard against attack from malicious software which might try to take control of the system, perhaps using the identities of people who have the right to make updates. Attempted attacks are monitored. From time to time, perhaps in response to an attempted attack, the defences are strengthened.