SAIF Golden Charter

Handling sensitive information

As funeral directors, you can find yourselves in possession of sensitive personal information as part of your day to day work.

Golden Charter already notes within the Funeral Director Terms and Conditions that all funeral plan information must be handled in line with your obligations under the Data Protection Act, and is currently working on funeral plan guidelines which include clear and detailed guidance on how to deal with this kind of data.

Director of Compliance & Risk Alison Wilson (pictured right) explained at the latest SAIF Education Day: “Individuals and organisations may need to register as data processors if they process any personal information. The Information Commissioner’s Office website (ico.org.uk) allows companies to perform a self-assessment to see whether that affects them.”

Personal information is “any detail about a living individual that can be used on its own, or with other data, to identify them”, and processing this information can refer to obtaining, recording, storing, updating or sharing it.

It is a funeral director’s own responsibility to establish whether there is a need to register as a Data Processor, and self-assessing online can inform that decision.

For any personal information you may store, it is important that:

• You only hold information that is sufficient for the purpose it is being held for in relation to that individual
• You do not hold more information than you need for that purpose
• You establish a suitable amount of time for storing the data. Golden Charter recommends storing a copy of a redacted application form (with card details removed or blocked out) for two months. This is sufficient to confirm receipt of the plan, provide a plan schedule and allow time for any amendments.

If you have any questions about the processing of plan holder information, please contact your local Golden Charter representative who will be happy to seek advice from the Compliance and Risk team on your behalf.