Data protection Act

IAC General Discussions
Peter Copestake
Posts: 287
Joined: Sun Feb 11, 2007 2:23 am
Location: Colne, Lancashire

Data protection Act

Postby Peter Copestake » Sun Feb 18, 2018 11:59 am

Does keeping a list of 15 members of a movie -making club, their addresses, phone numbers and email addresses come under the Act?
Peter Copestake

User avatar
John Roberts
Posts: 291
Joined: Wed Mar 27, 2013 8:42 am

Re: Data protection Act

Postby John Roberts » Sun Feb 18, 2018 3:40 pm

Hot topic at the moment!

I do believe so, virtually everything apart from domestic lists of names and addresses of family, friends etc falls under the act. There are some changes in the pipeline that come into force from 25 May 2018 and Council are currently looking into those as well as the existing revised act, with the intention of producing information for clubs and regions.

Many of the changes appear to affect large databases of information and those which are heavily and constantly processed, so the majority of clubs and regions should not be unduly worried. Any data held will of course need to comply with the 8 Data Protection Principles no matter how small the amount of data held and processed, but they are just 'common sense' measures and probably nothing that clubs and regions are not already doing.

The main issue appears to revolve around an individual's consent, which in club cases might be more of an implicit agreement and not necessarily given in writing. A short line or two on renewal forms, club directories or club programmes explaining how data is held and processed, a 'consent' tick box on the renewal form and a statement regarding the new General Data Protection Regulation handed out with the membership renewal forms and/or displayed on the club website might be all that is required. Better to be safe than sorry, although I doubt anyone from Her Majesty's Government will be knocking on anyone's door.

However, it's early days and I'll try and keep an eye on what's happening and update as soon as I know more.
"My vision often exceeds my capabilities" (me, 2015)
My views are purely my own and don't necessarily reflect those of any body I might represent :P

Peter Copestake
Posts: 287
Joined: Sun Feb 11, 2007 2:23 am
Location: Colne, Lancashire

Re: Data protection Act

Postby Peter Copestake » Sun Feb 18, 2018 6:09 pm

Very clear, John, thank you.
Peter.
Peter Copestake

Michael Slowe
Posts: 590
Joined: Mon Jan 29, 2007 4:24 pm

Re: Data protection Act

Postby Michael Slowe » Wed Feb 28, 2018 5:40 pm

What about the 'spying' that can take place on anyone with a 'smart' TV and the weird and wonderful Alexa'? With the smart TV, connected to the web you can be watched in your home and every action and word recorded. Also, Alexa, which my daughter demonstrated to me last week, is also on the web and can be used for observation?

All this doesn't worry me very much but makes a mockery of this Data Protection business. What's retention of names and addresses compared to being observed 24 hrs in your own home?

Peter Copestake
Posts: 287
Joined: Sun Feb 11, 2007 2:23 am
Location: Colne, Lancashire

Re: Data protection Act

Postby Peter Copestake » Wed Feb 28, 2018 6:13 pm

Entirely agre, Michael. I was brought up invillages of a few hundred people where everyone knew everyone and what they were up to.
So I am not worried by CCTV but I wondered if the Act was to make sure that everyone who held other people's data had to have barriers in place to stop the lists being accessed by 'baddies'.
Peter Copestake

User avatar
Dave Watterson
Posts: 1617
Joined: Sun Jan 28, 2007 11:11 pm
Location: Bath, England
Contact:

Re: Data protection Act

Postby Dave Watterson » Wed Feb 28, 2018 6:39 pm

You will not be surprised to know that exceptions to the normal Data Privacy laws are made for governments and security agencies.

I await the advice from IAC Council with interest, but just note that "implicit consent" will not longer be good enough. The person giving you their data (in our case usually name, postal address and email address) must have a clear explanation of what you want to do with the information and must positively signify their agreement.

On a website you can do that with a "Privacy Statement" page and a check-box ... though this box must start empty and must be ticked by the person concerned so that they show that they positively agree. On a form it is easier to add a couple of sentences (as suggested) and ask them to sign.

You must keep their data safe. You must not share it with anyone else or sell it to anyone else without their permission. You have to be very wary of storing it in the cloud ... since many of the cloud storage facilities are based in the USA where they do not match the required privacy standards.
You must keep the data accurate ... and you must explain clearly how the person can see and check your record of them, and how they can make you delete it if they wish.
You must not keep it longer than necessary.
As John says much of this is good practice anyway.

Overall
Aaargh! The idea is good. It is to control the companies which process their information about you to create a "profile" adding information they glean from elsewhere. (If they find you drive a Ferrari a charity will reckon it is worth making a special approach to you for a BIG donation.) It should reduce the buying and selling of our addresses etc.

In practice it will just be a nuisance for small clubs and groups like us.

An interesting question: if someone uses their right to be deleted from your records, do you have to delete any emails to and from them as well as edit your address list? Those emails will all have a record of their email address ...


Return to “Club and General Issues”

Who is online

Users browsing this forum: Bing [Bot] and 3 guests