Policy for Data Storage and Protection of Information
Purpose: This document is to outline how personal information of players registered with Huntingtower Heat Basketball Club Incorporated is stored as well as how the information is protected for access.
Approved by: The committee of Huntingtower Heat Basketball Club Incorporated
Approval date: 11-Feb-2019
Renewal date: 10-Feb-2020
Huntingtower Heat Basketball Club Incorporated (Registration No. A00451138B)
Huntingtower Heat Basketball Club (referred to a HT Heat) was formed in 1999. The purposes of the club are to:
- Provide children living in eastern suburbs of Melbourne with an opportunity to play basketball by organising, administering and maintaining junior basketball teams
- Encourage younger children to take up the sport of basketball
- Provide a high quality, safe and supportive sporting environment that seeks to comply with all relevant codes and guidelines
Information collected
Personal information provided when registering with HT Heat:
- Players (includes any relevant medical/injury information)
- Parent/guardian details
- Coach details, including Working with Children Check
Personal Information Usage
HT Heat uses the personal information for the following purposes:
- Club communication with players and guardians
- Competition entry requirements, date of birth, age etc. for the Melbourne East Basketball Association (MEBA)
- Team lists for team managers and coaches
Personal Information Confidentiality
All information received at registration is confidential. It is available to HT Heat Committee members to enable the of running a basketball club.
HT Heat will not disclose personal information to other persons without consent.
HT Heat does not pass personal information on to marketing/advertising companies.
Data Storage – Google Drive
Google Drive is used to store personal information obtained through a registration process, and includes team lists, coach lists and team manager lists.
In addition, Google Forms, and thus Google Sheets, are used to assist in:
- the collaboration of the club selection subcommittee during the team selection process
- recording parent feedback so that various club committee members can respond as required
- providing a means of voting for decisions between scheduled committee meetings
- automating welcome message emails to new players
- automating when players have indicated they need to be contacted by the club uniform co-ordinator
- additional automated processing developed as required to reduce the effort required by the volunteer committee
Three seasons (current, previous, and the season prior to the previous season) worth of player registration information will be kept on the Google Drive. The associated Google Forms and Google Sheets for each season will also be kept on the Google Drive.
For the purpose of archiving, all data for prior to the seasons listed above, can also be stored in an Archive folder on the Google Drive.
Google Drive – Access and Access Management
Access to the Google Drive setup for HT Heat is linked to Google accounts (Gmail address). The HT Heat Registrar will manage and maintain a record of who has access to the Google Drive. Only current HT Heat committee members will be given access. Folders will be setup for the purpose of various subcommittees, and access to the folder will be given to members of the subcommittee.
After the HT Heat AGM, any committee changes will result in the relevant Google account having the password reset, so that it can be issued to the new person who fills the role. The HT Heat Registrar will also review share folder access periodically to prevent unauthorised access.
The Google accounts with access are password protected, with the passwords complying with the rules defined in the section below labelled Password Requirements.
Data Storage – HT Heat owned USB Flash Drives
In addition to data being stored on the Google Drive, club owned USB Flash Drive may be used to store data related to HT Heat players, coaches and team managers. This enables:
- processing using software on the laptop
- backup of the information collected
- maintaining historical records
The HT Heat registrar will keep a record of committee members issued a club owned USB Flash Drive. All HT Heat committee members are not to store any club data on privately owned devices.
HT Heat owner USB Flash Drives – Access and Access Management
HT Heat owned USB Flash Drives follows the same rules as the Google Drive.
All HT Heat owned USB Flash Drives are to have access software loaded and configured such that data is only gained when a password is entered.
Passwords HT Heat owned USB Flash Drives are to have passwords that comply with the rules defined in the section below labelled Password Requirements.
Password Requirements
Passwords used to protect access to the Google Drive, or USB Flash Drive that has HT Heat data stored on it, must comply with the following rules:
- require a minimum length of 8 characters
- must use both upper and lower case letters
- must include one or more numeric digits
- must include one or more special characters, such as @, $, !, :, &
- must not use any words related to HT Heat or user’s personal information
Passwords must not be shared, transmitted through any forms of social media. They need to be protected with due diligence.