As a guide leader, you are the "data controller". Online Guide Manager is simply a system that you are using - but it is data protection act compliant.
The data you enter is confidential and will not be passed on to any third parties under any circumstances.
This is your responsibility as the person who enters the data.
Do not put sensitive personal information in without asking for explicit consent. However, you do not need explicit consent for non-sensitive data.
The database server is physically in London. The encrypted off-site backup is kept in Milton Keynes, UK.
You can remove all personal data about any girl with a click of the button.
Again, this is your responsibility!
This is explained below for technically minded people.
Again, this is your responsibility. You should not store data that you do not need.
This section outlines some of the security and technical features employed by Online Guide Manager.
As with any system, the most insecure part of the system is the leaders' passwords. Please use secure passwords that are not based on a word, and that contain numbers and special characters.
All communication with the site is over SSL, so the information you see and send is encrypted and can't be intercepted.
The web-server/database are hosted in a datacentre in London. The database is constantly replicated onto a backup machine, and system-wide database backups are taken hourly, weekly and monthly. Weekly and monthly backups are sent to an off-site backup facility in Milton Keynes. Weekly backups are kept for six months and monthly backups are kept for seven years.
Passwords are hashed in the database with a random salt and a varying stretching iteration count (i.e. they not stored in plain text and it is impossible to reverse-engineer the password from the hash). Users can only reset their password if they have access to their email address.
Leaders are given appropriate levels of access to the individual parts of the system. For example, if assistant leaders do not need access to contact details, the person who set them up with an account can restrict access to parts of the records.
If parents object to having their child's data on the system, you could ignore the private/sensitive bits (i.e. contact details, date of birth, etc.), but you can still use the other parts of the system.