Inappropriate Data usage.
Additional Information
According to St John Ambulance Data Protection Policy, there are strict rules about usage of Data that is gathered in the course of any work or investigation. Under St John GDPR rules , section 4, https://www.stjohn.ie/stjwp/wp-content/uploads/2020/08/SJAI-GDPR-Policy.pdf
It states
4. Responsibilities under the GDPR Policy
SJAI have certain key responsibilities in relation to the information which we keep on computer or in a
structured manual file about individuals. These are summarised in terms of eight "Rules" which are listed below;
• Obtain and process the information fairly
• Keep it only for one or more specified and lawful purposes
• Process it only in ways compatible with the purposes for which it was given to you initially
• Keep it safe and secure
• Keep it accurate and up-to-date
• Ensure that it is adequate, relevant and not excessive
• Retain it no longer than is necessary for the specified purpose or purposes
• Give a copy of his/her personal data to any individual, on request.
Accordingly, it is inappropriate for someone to use information garnered in an official capacity, to then use Facebook to try and contact someone - no matter the subject.
Data Breach
There has been a breach of data regulations in St John Ambulance Ireland. Information garnered in the investigation, was used in a personal capacity to contact the parent via Facebook Messenger. This is extremely unwelcome and the Child Protection Person has absolutely no right to do this. It was officially reported to the data protection officer. on May 22nd. She has since been appointed by St John as Complaints handling and Child Safeguarding officer. We have just received information that the person involved has been made an member of the Order of St John