The Data Protection Act 1998 (referred to below as the Act) is a wide-ranging but as yet largely untested set of legislation dealing with the handling of personal data by organisations. The Committee has been investigating its implications for the Society, and has formulated the following Policy, which describes our current understanding of how the Act should be implemented. The Policy is presented in a question-and-answer format to make it easier to read. This document is an interim version, pending discussion at the next Committee meeting.
| Q1: | What is Personal Data? |
| A: | This term covers any information about an identifiable individual (the Data Subject). The person to whom the data relates may be identified directly (by name) or indirectly (for example, using an index number). |
| Q2: | What is the scope of the Act? |
| A: | The Act covers the collecting, holding, use and disposal of Personal Data by organisations, where the data is either processed by computer or forms part of an indexed filing system. The data can be in electronic or manual (paper) form. |
| Q3: | Who is in charge of my data? |
| A: | The Act uses the term Data Controller, which in our case means the Officers of the Society collectively, to the extent that they hold or use Personal Data for Society purposes. The term Officer is here intended to mean any member of the Society who performs a service for the Society, whether they hold an elected post or not. In this context, a member who has been delegated a task is also an Officer in respect of the service they provide. Each Officer is responsible for the data in his or her possession. |
| Q4: | What Personal Data does the Society hold? |
| A: | The Secretary maintains the membership list. The
Chairman uses a mailing list to send out Society newsletters and
publications. The Treasurer holds financial data, though much of this
won't be personal. Event organisers hold booking forms and attendance
lists. Subgroups may hold lists of their members. Special Interest
Groups (SIGs) may hold lists of their members, with their grades. This
isn't an exhaustive list, as the Society has many people performing
various functions. An important point is that letters and e-mails can also count as Personal Data if they identify individuals. E-mails in particular are often used (particularly by the Committee) to discuss various Society issues, so this must be borne in mind. |
| Q5: | For what purposes are my Personal Data used? |
| A: | Membership records are used to compile mailing lists and the contact list called the Domesday Book. Event booking forms are used in organising events. Subgroup and SIG membership records are used in the running of those groups. Letters and e-mails are used in the general management of the Society, for example to discuss a request to charter a new SIG or to address a complaint from a member. |
| Q6: | To whom does the Society pass my data? |
| A: | The general rule is the need to know principle: Personal Data are not passed to anyone outside the Society unless it's really necessary. For example, the owners of a venue for an event may require a list of attendees. There could also be cases where information needs to be given to the Police, or to medical staff in an emergency. Within the Society, data is passed between Officers when this is appropriate for Society purposes. |
| Q7: | These explanations seem rather vague. Why can't they be more precise? |
| A: | The Society has a very devolved structure, with various functions being performed by the Committee, by the Head of the Society, by Subgroups, by SIGs, and by event organisers. It's difficult to summarise all their activities in a few paragraphs. |
| Q8: | How secure is my Personal Data? |
| A: | The Officers of the Society don't have the facilities to provide high levels of security: the Far Isles isn't a bank or a government organisation. However, we will respect your privacy and take reasonable measures to safeguard your personal data. The only details we really must have are your legal name and address. If you consider your data need greater levels of protection than we can provide, please don't give them to us! |
| Q9: | What about Sensitive Personal Data? |
| A: | The Act defines certain types of data as sensitive, and requires more stringent safeguards for them. The Society does not intend to hold or use such data, except where you supply us with health data, such as warnings about food allergies. We will take all reasonable measures to keep Sensitive Personal Data confidential, but as already indicated we cannot fully guarantee security. If you give us this kind of information, we assume you consent to our holding and using your data under these terms. |
| Q10: | Has the Society sought professional legal advice about the Act? |
| A: | No. At present, the Committee does not believe the expense is justified. |
| Q11: | Has the Society registered itself as a Data Controller? |
| A: | No. The Committee believes this is not necessary under the current legislation. |
| Q12: | How can I find out more about the Act? |
| A: | The Data Protection Commissioner has an excellent web site. Alternatively, the Secretary will be pleased to try to answer your questions. |
| Q13: | How does the Act affect the circulation of Domesday? |
| A: | It shouldn't. Our contact list is rather like the Phone Book, in that it contains subscribers' contact details unless they choose to be ex-directory. Note that you mustn't use Domesday for any non-Society purpose, and especially not for marketing or other commercial use. You also shouldn't pass it to any non-member. |
| Q14: | What about Society newsletters, like Apples & Acorns? |
| A: | Newsletters are internal publications, which the Society circulates to its members. If you submit an item to a newsletter, we assume you agree to its being used in this way. You may give information from newsletters to non-members, at your discretion. |
| Q15: | And what about Far Horizons and the Society's web site? |
| A: | These are external Society publications, intended for access by anyone. It is our intention to ensure that they only contain material which is suitable for public dissemination. If you submit an item to an external publication, we assume you agree to its being made public in this way. (Note that copyright is a separate issue from data protection.) |
| Q16: | Who should I contact if I believe my Personal Data is incorrect or is being mishandled? |
| A: | Initially, you should contact the person who you believe is holding or using the data. It should be possible to straighten things out this way. If this doesn't work, or you don't know who to contact, please get in touch with a member of the Committee, who will endeavour to resolve the issue. |
| Q17: | What can I do if I'm still not satisfied? |
| A: | Please use the Society's complaints procedure. Contact the Councillor or, ultimately, the Head of the Society. They will do their best to handle your complaint. |
| Q18: | What are my legal rights under the Act? |
| A: |
Hopefully you shouldn't have to resort to them, but here is a summary of your rights under the Act:
In the case of (1) and (2) above, you must make an application in writing (not by telephone or e-mail) to a member of the Committee - preferably the Secretary. |
| Q19: | What is my Right of Subject Access, and how do I exercise it? |
| A: | If you'd like access to your personal data, please try
the informal approach first. Contact the person who you believe holds
the data, or any member of the Committee. We will do our best, within
reason, to satisfy your request. Please bear in mind that if your
request is very broad in scope, it could require a lot of work by the
Society's officers, who are all unpaid volunteers. Also, if your request
involves an appreciable expense to the Society, we may ask you to
contribute to the cost. As a last resort you can use the formal method. This requires you to apply in writing (not by telephone or e-mail) to a member of the Committee - preferably the Secretary. You must state what level of access you require, and to what type(s) of data you want access. You must also enclose a fee of £10.00 (made payable to The Far Isles Medieval Society). This will be used to cover the cost of complying with your application. Once all the costs have been totalled up, we will refund to you any money left over. The Committee believes this is the fairest approach. The levels of access are:
|
| Q20: | I believe I am an Officer of the Society, as you have defined the term. How should I handle the records which I hold or use? |
| A: | Under the Act, you must keep the records reasonably secure and only pass them to appropriate people. Ideally, you should ensure you have the Data Subject's consent to use his or her data in the way you intend. You can usually assume that you have permission to pass data to other Officers, but use your discretion. Where appropriate, you must keep your records up-to-date and correct any inaccuracies. You must have a valid reason to hold or use the data. If you cease to hold a post, you must pass any associated records to your successor, or to the Secretary. You must not retain data for any longer than is strictly necessary, so you should carefully dispose of any records that are no longer needed. Oh - and don't forget to keep backups of any files on computer! |
| Q21: | As an Officer, do I need to be contactable? |
| A: | Yes. If you are performing any function on behalf of the Society, you should be willing to provide a contact address so members can write to you. The exception is where you are performing a task delegated to you, in which case the point of contact is the Officer who is normally responsible for that task. |
| Q22: | Who are the Committee? |
| A: |
Chairman : Mike Watkinson The Chairman's address is given on our Introduction
page. |
|
Author: Trevor Barker (Secretary) Revision: 1 Draft B (interim issue) (HTML version) Date: 27-OCT-2000 (HTML version: 06-NOV-2000) Copyright 2000 The Far Isles Medieval Society |
Back to Main Page |