Topic: Data protection

[grawrc]

We have an electronic database with our members' names, addresses etc which we use for contacting them.

I am assuming that this data is covered by the Data Protection Act. What I do not know is what the Act requires us to do in relation to it. I would assume that we have to store and use it properly, although I am not sure what "properly" actually means. We also probably have to advise people whose data we are storing how we will store it and what we will use it for.
 
Do you have any better info than I do about the DPA requirements?
I would think that when we update our Missives we shall probably add in something like
"By signing this form you agree to your personal information being stored on a home computer for use by members of the Committee for the purposes of administration".
 
Or whatever form of words is appropriate.

Help please!!
 

[Trevor_D]

We do the same. Doesn't everyone these days?

I hadn't thought about the legal implications, but had assumed that providing we only used the information for our own purposes and didn't pass it on, we were OK. But, thinking about it, I'm probably wrong.

We're trying to send out newsletters via e-mail and have asked specific permission to use members' e-mail addresses for this. But how do we stand if, say, the police wanted information? I've already had them phone me about one of our members who went missing briefly. (They thought he might be at the plot and wanted me to unlock.)

Our livestock owners are on a national database and last year DEFRA wrote asking their permission to pass on their details to government agencies in case of civil emergency. So perhaps we ought to use a disclaimer.

Any lawyers out there?

[grawrc]

Trevor, please have a look at the info at www.ico.gov.uk and let me know what you think. I think we would come under non-profit making/ charitable institutions.

[kt.]

1)  It needs to be restricted access only to staff who will be using the information.
2)  Password protected if on a PC
3)  In a locked cupboard or draws if you have any hard copies.
4)  All backup copies need to be securely locked away when not in use.
5)  Personal details are not to be kept longer than necessary.

This is to name but a few. Also look here:

http://www.ico.gov.uk/what_we_cover/data_protection.aspx

[grawrc]

Thanks KT: that's very helpful.

[Trevor_D]

So if it's only contact details and doesn't include other personal or financial information, and if it's only ourselves who use it, and we don't pass it on to anyone else (unless specifically requested by the police to solve or prevent a crime), then we're OK? Is that how you read it?

A lot of these things are aimed at bigger fry than us; when I sent our landlord (ie. the chairman of the local church charity) a copy of the return we had just made to the FSA, he was staggered at the sort of detail we were asked to provide. I sense the same seems to apply here.

[Trevor_D]

A quick trawl through the ICOs fact-sheets reveals that not-for-profit organisations are exempt from the Data Protection Act, provided the information is only used for "establishing or maintaining membership".

I think that covers all of us.

[grawrc]

Yes we seem to be OK. Good to know that though!