To segregate, or not to segregate?
Under the law, Data Controllers are responsible for every aspect of the personal data under their management. That includes who they share it with, so it’s essential that business crime reduction schemes understand ‘segregation’ of personal data. What is ‘Segregated Content’ and how can Disc help?
As we explain in our Factsheet on Data Protection law and GDRP (click here to request a copy) business crime reduction schemes (BCRSs) must only share the personal data of offenders with Members who have a legitimate interest in that data – for example, to participate in banning or exclusion schemes or, more generally, where it is necessary for the protection of their premises, property, customers or staff.
Take a BCRS that supports both a Shopwatch and Pubwatch. Clearly retailers have a legitimate interest to know who local shoplifters are – but do they have the same right to access the personal data of individuals who have been reported only for anti-social behaviour associated with the local night-time economy? And vice versa: should Members of the Pubwatch be able to access personal data about shoplifters who never been involved in incidents in pubs and clubs?
If you’re running a single scheme, and just sharing data about retail crime to retail outlets or sharing details to pubs and nightclubs about individuals who are causing problems during the night then a legitimate interest is easily established. But where the BCRS runs more than one scheme, each with different types of Members, are you justified in sharing all offenders’ data with all Members?
Ultimately, it’s down to the Data Controller to decide – and to document it as explained in our Factsheet. But as more and more BCRSs expand their coverage across both retail and ‘hospitality’ sectors, they are becoming aware of the need to segregate their data so that specific types of data are shared only with specific types of Members.
You may feel comfortable in allowing all your Members to see the personal data of all offenders on your Disc system. After all, a pub may have issues with shoplifters selling stolen goods on its premises, and of course 24-hour off-licences are retailers, but they also participate in the ‘night-time’ economy.
But if you’re running different kinds of schemes, with different purposes, you may want some form of data segregation. It means you can ensure that Pubwatch Members only see night-time data, retail Members only see retail data, and so on. And more: by ensuring that Members only see content which is relevant to their own businesses, you’re likely to achieve higher levels of engagement by Members.
In Disc, implementing content segregation is simple. In our separate blog here we discuss two options: using a Disc ‘bolt-on’ system or, alternatively, using Disc ‘SC’ (for Segregated Content).