Frequently Asked Questions

Search the FAQs on the site:

Other

Are there any special circumstances where access to Member data can be restricted e.g. vulnerable adults, or those who may be involved in cases of domestic violence or others who have good reason to keep their details private?

Compass allows for exceptions to be made e.g. adult members who are suspended, in which case their personal details will be visible only to a very small select group of people with special roles, e.g. the safeguarding team. Other exceptions may also be possible dependent on the circumstances. These restrictions can be set by speaking with The Scout Association UK Headquarters to discuss the situation.

What precautions should I take when using Compass in different places e.g. in a public place, the office, at home or at a campsite?

Compass is a web-based membership system. It is therefore possible to access the system at any location with an internet connection. The following guidance highlights some simple security points that must be followed when accessing Compass:

1 In public places

For example, an internet café or on public transport and at the campsite.

  • Avoid accessing Compass in a public place if possible.
  • ·If you have to access Compass, always consider the volume and sensitivity of personal information you will be accessing.
  • Do not access sensitive personal information in a public place.
  • Always try and position yourself where you cannot be overlooked by other people.
  • Always log out and lock the screen if you leave your device unattended for any period of time.
  • Use a privacy screen to reduce the likelihood of someone being able to view your screen.
2 In the office/your place of work
  • Consider the office layout. Ensure you cannot by overlooked by colleagues or guests from a public reception area, walkways or areas where staff congregate, such as a canteen or water cooler.
  • Always lock the screen if you leave your device unattended for any period of time.
3 At home
  • Always try and position yourself where you cannot be overlooked by family members or visitors.
  • Ideally you should access Compass when in a room or area of the house that is not in use by family or guests at the time.
  • Always log out and lock the screen if you leave your device unattended for any period of time.

Will The Scout Association perform data quality cleansing on Compass at UK Headquarters?

In addition to a Member’s responsibility to keep their own data for which they are responsible up-to-date, The Scout Association will annually run a set of general data cleansing routines dealing with issues such as duplication, addressing search returns which indicate that a member is ‘no longer at’ or has ‘gone away’ from the recorded address etc.

The Good Service/Gallantry/Long Service Award I have been awarded is not showing on my record?

Awards do not appear in Compass until at least three full months have passed from the date of issuing by UKHQ. This allows time for the award to be presented locally to the member before it appears on their Compass record. The last update of award information to Compass was in August 2017. Any award issued since this date will appear on the Member’s record in the future.

Can a Group keep historical Member data locally for archive or statistical purpose?

Whilst personal data should only be retained until no longer required and also kept up-to-date, the Data Protection Act and General Data Protection Regulations (GDPR) does enable the retention and use of personal information for statistical and research purposes if certain criteria and rules are followed.

Compass can produce certain statistical data. Local Scout Groups, Districts, Counties/Areas/Regions (Scotland) and Countries may retain records simply for statistical/archive purpose and the Data Protection Act and GDPR states that personal data held for these purposes may be kept indefinitely as long as it is not used in connection with decisions affecting particular individuals or in a way that is likely to cause damage or distress. This does not mean that the information may be kept forever as it should be securely and safely deleted/destroyed when it is no longer needed for those historical, statistical or research purposes. If you are retaining records for archive or statistical purpose you must ensure that the data is kept very securely.

Who has access to data held on Compass?

Adults with a full appointment will have access to appropriate data within the hierarchy, i.e. their Group, District or County/Area/Region Scotland, for that role.  For example, a Section Leader will be able to see data relating to their section, and a District Commissioner will have access to those within their District only.

Am I allowed to download the personal details of members for taking to a camp or for any other purpose and what should I do to comply with data protection requirements?

Provided you have the relevant authorisation, you can download details of members for taking to camp etc.

You must then follow any data protection and General Data Protection Regulations (GDPR) requirements, guidance and processes established by your Scout Group, District, County/Area/Region (Scotland) to handle the downloaded information in accordance with the Data Protection Act and GDPR. For example, the information should only be kept for the required purpose and time, after which it must be securely destroyed i.e. after the end of the camp or event.

As part of my role as Deputy/Assistant Commissioner I am delegated tasks by my Commissioner, but I do not have these permissions on Compass, why is this?

Compass permissions can only be set up so that everyone with the same role has a certain permission or no one does, it cannot be  changed on an individual basis. With permissions such as Commissioner approvals, these are not available to Assistant or Deputy Commissioners. Where possible, and inline with POR, delegation can still take place, but the Commissioner will have to complete the parts of the process that involve Compass.

How can I make sure that the most recent alerts appear at the top of my homepage in Compass?

To ensure that the most recent alerts appear at the top of your homepage in Compass, you may need to change your preference to ‘Date Descending’. To do this click on the ‘Sort By’ box, which is located on the top right hand side of your home page, underneath the search button. If you can’t see this box straight away, click in the space below the search and icon and it should appear.

Once you have clicked on the ‘Sort By’ box, the following dropdown menu will appear:

date descending

From this menu, please select ‘Date Descending’. This will change the order of your alerts so that the most recent appears at the top of the page.

How can Members manage the marketing and communications they receive?

Members can manage how their personal information is used for certain communications from The Scout Association. They can control what communications content they receive by logging into their account via the Compass website and selecting the Communications Preferences section on their Profile.

This ability to manage how their personal information is used only applies to marketing-led content. The Scout Association and a Member’s local Scout Group, District, County/Area/Region (Scotland) will send Member communications about Scouting relevant to their role or association with Scouting. The communication will contain essential information and will not contain marketing content.

Is data on Compass secure?

The Scout Association treats the safety and security of its member data as a main priority. For these reasons The Scout Association has spent considerable time and funds designing and testing Compass to ensure that data is held securely in accordance with the Data Protection Act, General Data Protection Regulations (GDPR) and industry standards. The two external companies contracted to host Compass both comply with international data security standards and, where applicable, are certified by the BSI (British Standards Institute) and have all achieved International Organization for Standardisation (ISO) certification status. The Scout Association has also employed highly regarded contractors to ensure compliance with data protection legislation, and also ensures that the system undergoes regular security testing.

The system has been designed to restrict access at different levels of the database to those that have authorisation to use it. The hierarchy of Scouting is reflected in the authorisation matrix and we have an inbuilt audit trail for all transactions so that users and their use can be identified. Every adult with a leadership role, and hence with access authorisation rights within Compass, would have gone through a stringent appointment process and will be subject to the Policy, Organisation and Rules (POR) of the organisation which lay down strict guidelines in respect of use of their use of system and their duty to ensure compliance with data protection.

Will Network members be visible on Compass?

All full members of the organisation aged 18-25 are members of the Scout Network. For the full list of roles this applies to please visit – https://members.scouts.org.uk/supportresoumembers.scouts.org.uk/ member’s records have been updated to record this membership, this is what drives and allows access to the Scout Network platform. Member records have been updated to add the role of Scout Network member and if the eligible member holds a role in a Group or District have been added to that District Scout Network. Those who are eligible and hold County or above roles have been added to the UK Scout Network.

Why are Network roles automatically showing as a primary role?

Whenever a new role is added to a member’s profile it becomes their ‘primary role’ automatically. This will include all member’s who were recently added as UK Network members. Primary roles can be changed by member’s viewing their own profile, or by the relevant Commissioner. Guidance on this can be found here.

I have sent a email through Compass to multiple Members and one or more person(s) haven’t received it. Why is this?

This is likely to be because the Member(s) in question has an error in the format of their email address on their Compass record. Common errors include a comma where there should be a full stop or missing out the @ symbol. Please correct this, or ask someone with access to amend the Member’s record, to update the email address accordingly.

If this does not the resolve the problem and the Member is still unable to receive emails through Compass, please contact the Scout Information Centre.

How often is the information in the awards tab updated?

The information in the awards tab is not updated as awards are achieved. This information will be updated at least twice a year on Compass, so you do not need to report this if your record does not immediately reflect a recent award.

Who is responsible for the accuracy of information held on Compass?

Adult members are responsible for maintaining their own data e.g. name, address, contact details either directly or via a nominated individual. Certain other data may only be updated/maintained by authorised persons e.g. roles, training records, permits etc. All membership data should be checked as regularly as possible to ensure it is correct and factually accurate and must, in any event, be checked on an annual basis.

Why can I see some 17 and a half year olds in reports?

This is an error in the system which we are currently investigating. As soon as we have a solution will provide an update. Please note, you will not be able to find these 17 and a half year olds by searching Compass.

Who is responsible for responding to Subject Access Requests?

A Data Subject Access Requests (DSAR) is when a person requests a copy of all their personal data from either The Scout Association UK Headquarters or a local Scout Group, District, County/Area/Region (Scotland) or Country, under the Data Protection Act and General Data Protection Regulations (GDPR). As the Data Protection Act and GDPR applies to both The Scout Association UK Headquarters as well as Scout Groups, Districts, Counties/Areas/Regions (Scotland) and Countries (as each is created and operates as an independent charity in its own right) both must comply with any DSAR it receives.

Of course, whilst the data held on Compass will be the same for both The Scout Association UK Headquarters and the local Scout Group, District, County/Area/Region (Scotland), each may also hold certain other information which may also need to be disclosed e.g. emails, letters, reports etc. Guidance about how to respond to an DSAR can be found online.

Who has access to view or download a Group’s data once loaded onto Compass?

Only members with suitable authorisation have access to member data which is relevant to their role in Scouting. For example, a Section Leader only sees the data for the adults in their Section and a District Commissioner will only see the data for adults within the District etc. At UK Headquarters, only authorised staff have access to membership data as required by their role for Headquarter administration purpose.

Is there any data protection training available for leaders before they have to use Compass?

There is a module as part of the Adult Training Scheme which covers data protection and Scouting.  This is part of the getting started training a member will complete within the first five months of taking on an appointment.  Compass as a system however, does not require specific training, however support user guides, videos and quick hint sheets are available.

Executive Committees have always have been and will remain responsible for ensuring that proper systems are in place locally for Data Protection Act and the General Data Protection Regulations (GDPR) compliance – which includes ensuring that their personnel are reliable in handling personal data and are aware of their responsibilities.  Further support is available online www.scouts.org.uk/dataprotection

Members should be directed to POR Chapter 2.

What is a Data Controller and how is this relevant to Scouting?

The Scout Association, local Scout Groups, Districts, Counties/Areas/Regions (Scotland) and Countries as separate charities/organisations, are each Data Controllers under the Data Protection Act and General Data Protection Regulations (GDPR). Each is responsible for the personal data it handles. Scout Group, District, County/Area/Region (Scotland) and Country Executive Committees, as the Charity Trustees, are responsible for ensuring that proper systems are in place locally for their relevant Group, District, County/Area/Region (Scotland) or Country and that any personal data is collected, managed, shared, kept and generally handled locally in compliance with the Data Protection Act and GDPR.

The same applies to The Scout Association’s Board of Trustees who, as Charity Trustees, are responsible for ensuring that proper systems are in place for The Scout Association. Local Scouting must comply with the Data Protection Act and GDPR when using The Scout Association’s Membership System ‘Compass’.  Please see Chapter 2 of Policy, Organisation & Rules.

Who is the Data Controller for data on Compass?

With regard to personal data stored on Compass, The Scout Association is a Data Controller in Common with Scout Groups, Districts, Counties/Areas/Regions (Scotland) and Countries. Data Controller’s in Common may each use and access a shared database but each remains responsible for the personal data within its own control and capacity. Accordingly, local Scout Groups, Districts, Counties/Areas/Regions (Scotland) or Countries remain responsible for ensuring that their handling of personal data locally is in compliance with the Data Protection Act and the General Data Protection Regulations (GDPR) and POR (which includes uploading and maintaining such data onto Compass) and The Scout Association remains responsible for ensuring that its handling of personal data nationally is also in compliance with the Data Protection Act, GDPR and POR (including its particular responsibilities for data held on Compass – see Chapter 2).

Whilst the general data protection responsibilities of both parties towards the data it handles are similar in nature, there are differences according to the level of control each has over the data e.g. whilst The Scout Association will not be responsible for how personal data is handled locally, likewise, local Scout Groups, Districts, Counties/Areas/Regions (Scotland) or Countries will not be responsible for the technical or security aspects of Compass which are not within their control.

What if there’s a data breach?

The Information Commissioner’s Office (ICO), which regulates data protection in the UK, provides guidance as to the procedures in the event of a security breach which will be followed by The Scout Association.

This guidance should also be followed by Scout Groups, Districts, Counties/Areas/Regions (Scotland) and Countries who, as part of their responsibilities for data protection awareness, should incorporate these into their general handling data of the personal data they are responsible for. More guidance on what do locally if there is a data breach can be found in the GDPR toolkit.

To ensure consistency, any actual or potential data breach concerning the use of Compass should be reported to The Scout Association UK Headquarters.

A Breach Notification Form (available for download by Executive Committees from the GDPR toolkit) should passed to The Scout Association via the following email address dpa.alert@scouts.org.uk.

NOTE – This email address is only for reporting a breach and there will be no remediation guidance as a direct result. The information will be used by The Scout Association to monitor any trends in breaches being reported and update the GDPR Toolkit with further guidance.

Can a Member’s data be shared with third parties in an emergency such as a doctor or hospital i.e. providing address, date of birth and any medical information?

The Data Protection Act and General Data Protection Regulations (GDPR) enables the sharing of sensitive personal information in the event of an emergency – i.e. where the sharing is necessary in order to protect the ‘vital interests’ of the person.

You must follow any data protection requirements, guidance or processes established by your Scout Group, District, County/Area/Region (Scotland) to ensure such sharing is done in accordance with the Data Protection Act and GDPR. For example, the sharing must be done securely, and only share the information required to assist with the emergency.

What is Data Protection and why is it relevant to Scouting?

Data protection aims to protect an individual’s rights to privacy by regulating how organisations obtain, store and use their personal data. So, data protection rules provide individuals with certain rights whilst also imposing certain duties and obligations on organisations. Young people and adults have the same data protection rights under the law. Data protection is governed by the Data Protection Act and the General Data Protection Regulations (GDPR) which is overseen and Regulated by the Information Commissioner’s Office (ICO).

Data protection law applies to The Scout Association as well as all Scout Groups, Districts, Counties/Areas/Regions (Scotland) and Countries which are each created and operate as independent charities and are likely to collect and store personal data about members and perhaps other individuals involved with local Scouting. Local Scouting must comply with the Data Protection Act and GDPR when using The Scout Association’s Membership System ‘Compass’. Please see Policy, Organisation & Rules (POR) Chapter 2.

The Scout Association provides guidance and best practice to assist members meet their data protection obligations.

The ICO also provides general guidance on how to comply.

Does a Scout Group need to register as a Data Controller with the Information Commissioner Office (ICO)?

As smaller ‘not-for-profit’; organisations, Scout Groups, Districts, Counties/Areas/Regions (Scotland) do not have to register provided they do not hold personal data about anyone other than members or potential beneficiaries. However, they are still subject to the rules of the Data Protection Act and the General Data Protection Regulations (GDPR). As a larger organisation, The Scout Association UK Headquarters is registered as a Data Controller with the ICO.

Please see POR Chapter 2 and the guidance available to Scout Groups, Districts, Counties/Areas/Regions (Scotland) online.