Guidance on working remotely

Purpose / Using Barnardo's equipment / Using non-Barnardo's equipment / Communicating with service users, carers and other external stakeholders / Applications for digital communication: Microsoft Teams / Other applications (WhatsApp, etc) / Data protection and maintaining data security / Supporting guidance

Personal data relates to an identified or identifiable living individual, or different pieces of information which, collected together, can lead to the identification of a particular person.

Official information is that which, if shared inappropriately, could be used to cause reputational or commercial damage to Barnardo’s or a partner organisation.

You should read this guidance in conjunction with our wider Information Security Policy.

Now that we are working in a hybrid environment and can ‘work from anywhere’ remotely, it is important that we maintain essential links between staff, service users, carers and key third-party organisations.

This guidance is to enable everyone across Barnardo’s to

• understand how best to work remotely using Barnardo’s or non-Barnardo’s equipment
• how to communicate with service users and carers
• using Microsoft Teams for digital communication

It aims to keep yourself, service users, carers and other stakeholders safe, while maintaining contact.

The Children’s Services Data Protection Working Remotely Guide has been designed for children’s services, to support their data protection considerations whilst operating in environments other than the main office base. The guide is in two parts.

Section 1 – A Checklist for Children’s Services Managers – designed as a way for managers to have some self-assurance that critical DP considerations are in place. Please download an editable checklist at the bottom of this page.

Section 2 – A guide for CS staff around key DP considerations, expanding on the requirements outlined in the checklist.

Barnardo’s systems are accessed using Zscaler VPN on your Barnardo's laptop. Zscaler operates automatically in the background and does not need to be switched on once it has been set up. See our Passwords and signing in page for more information.  And use this guide to accessing systems from home.

If you download personal data to a Barnardo’s laptop or other device, you must save it to the secure system as soon as possible and delete it from the device.

To reduce pressure on our systems, you should use Microsoft Teams or Workplace for communication within teams, rather than email. You can also access Workplace using personal devices. Find out more about connecting with colleagues.

If you do not have access to Barnardo’s mobile devices, you may use your own devices in order to work from home, where this is agreed by your line manager.

Barnardo’s systems may only be accessed with a username and password. See our Passwords and signing in page for more information.

If you use a computer, tablet or mobile phone for work involving personal data, you must have sole use of the device or always be able to securely separate your access from other members of your household.

Devices used for work must be protected by a password or pin known only to you.

You should be able to complete all your work in one or more of the systems available online. See this guide to accessing systems from home.

If there is a business critical reason why personal data must be downloaded to a personal device, you must secure approval with the Data Protection Officer through your line manager. 

If you are using your own phone to contact service users or carers, ensure your number is not visible to the user. Prefix the number with 141 when using a landline and most mobile phones. But check your specific smartphone settings (usually Settings > Apps > Phone > More > Caller ID > Block). This does not work for a smartphone's in-built messaging app.

To automatically divert calls to a service telephone to a personal device, contact the Service Desk. The number may only be diverted to one number at any one time.

You must not record audio or video using any of these systems, or using other applications and software available for personal devices. Recording must always be switched off before you communicate with service users or carers.

You must make a record of all contact with service users in their case record as soon as possible after the contact, and within 5 working days maximum. Any messages must be deleted.

You may only use personal equipment with the express permission of your service manager.  

You must have clear guidance about what you may use and how.

As a manager, you should consider: 

- The nature of the service and the appropriateness of one to one or group communication;

- Actions required to safeguard your staff and service users when using digital communication. This includes:

• providing service users with clear guidance at the beginning of the new means of communication, including instructions about what to do if the child or young person feels unhappy or uncomfortable with the method of communication;
• the maintenance of regular supervision;
• recording of all contacts within 5 working days; and 
• regular sign off of recording by the line manager.

Microsoft Teams is part of your Office 365 package and is our supported platform for video and audio meetings with service users and other external stakeholders. Our system administrators hold a record of Teams meetings, who joins and leaves when, for up to 90 days. This provides additional assurance from a safeguarding perspective. 

Even if a guest does not have Office 365 themselves, they can still join your meeting via a web browser (the internet) by clicking onto the link you send in your invitation.

You can use Teams to hold online meetings and make voice calls to internal colleagues. Teams Meetings are free and a maximum of 1000 people can be invited.

Microsoft Teams should be used unless there is a clear business case to use another platform. Use the following checklist:

• recognise that other platforms are not supported by Barnardo’s;
• undertake an assessment of each child or young person under the age of 16 and choose a solution which offers the best combination - in your judgment - of safeguarding and information security;
• ensure that you (and the service user) are using the most up to date and secure version of the software;
• ensure that the settings deliver the optimum levels of security (such as password protection, personal data sharing set to Off).

You can find out more about using Teams on this Audio and Video Conferencing page, which include links to user guides.​​​​

The following applications are not supported by our Service Desk. Where available, we provide a link to a risk profile of the app from the Uk Safer Internet Centre, to support any risk assessment that you need to undertake.

For any applications not listed here, please consult with your Data Protection Manager.

Subject Access Requests (SARs)

The current situation may impact on the speed with which we can respond to SARs or receive responses from 3rd parties about sharing their data. Please use this Letter informing subjects of possible delays to SARs if you receive requests during this period.

General security

Where it is necessary for hard copy containing personal data to be kept at home, the usual guidance applies in relation to keeping it locked away when not in use and not leaving it unattended.

The usual guidance also applies to ensuring screens are not overlooked and are locked when not in use, and ensuring that work related phone calls involving personal data are conducted in private.

Be aware that Alexa, Nest, smartphones and other smart devices can listen over long distances in homes and gather audio and, in some cases, video of conversations. Consider taking steps to ensure this doesn’t happen during contact with service users and carers. 

Supporting guidance

General Covid-19 guidance from the Office of the Information Commissioner. The ICO is the UK’s independent body to uphold information rights.

Covid-19 information security guidance from the NHS.

Guidance on supporting the mental health and wellbeing of young people during the Covid-19 pandemic.