Date 14 May 07, 00:08
Description Retaining and securing personal data for your club members.
Article scope easy-Speak information
Data Protection Issues
Every Toastmaster club keeps information about its members.
What could be easier than to have the VP-Membership keep all of this in a spreadsheet and e-mail it around to the other club officers sometimes?
Unfortunately this simple approach brings some problems with it since the club now has multiple copies of its members personal data distributed around club officers and past officers.
Legal obligations are imposed for the UK by the Data Protection Act 1998 (which mirrors European law)
2. obtain personal data only for one or more specified and lawful purposes and to ensure that such data is not processed in a manner which is incompatible with the purpose or purposes for which it was obtained.
3. ensure that personal data is adequate, relevant and not excessive for the purpose or purposes for which it is held.
4. ensure that personal data is accurate and, where necessary, kept up to date.
5. ensure that personal data is not kept for any longer than is necessary for the purpose for which it was obtained.
6. process personal data in accordance with the rights of the individuals to whom the information relates.
7. ensure that personal data is kept secure.
8. ensure that personal data is not transferred to a country outside the European Economic Area unless the country to which the information is to be sent ensures an adequate level of protection for the rights (in relation to the information) of the individuals to whom the personal data relates.
Clearly, having multiple copies of personal data on spreadheets is not:
Secure (Virus and Spyware protection, Password protection, Secure deletion
If they thought about it, most clubs would find it impractical to comply with the requirement to protect their members personal data if they use a spreadsheet and pass it around.
This practice is also high risk:
Spyware was an even more common and under-appreciated problem than viruses.
Spyware or adware programs were found on 80 percent of the computers analyzed, with an average of 93 spyware or adware components on the infected machines.
Multiply this level of risk by the number of past and present club officers' PCs and you have an almost guaranteed problem.
If you do not believe that keeping personal data on a PC is a risk, consider this example of data distributed by a virus from a police officer's personal computer: http://www.sophos.com/pressoffice/news/articles/2006/03/jppolice.html
Conclusion - you should NOT keep members personal data on a PC.
A user may choose to enter their address and telephone numbers and has the additional choice of allowing this to be visible to their club officers, fellow club members or the public.
A user may even place a restriction that their name will only be visible to their club officers or fellow club members.
All data kept on an individual is ALWAYS visible to them (and also to the member's mentor).
There is only one copy of the data
Access is controlled by password
Users are encouraged to keep their own data up-to-date.
The site NEVER displays an e-mail address and takes special precautions to prevent any access by web-crawlers that try to harvest e-mail addresses.
Registered users may send an e-mail to another user - but the recipient's e-mail address is never disclosed by the site.
All the meeting e-mail and District/Club bulk e-mail is sent as a blind copy without disclosing e-mail addresses.
Site security is reviewed and updated promptly for new developments.
Information on the Membership and Profile pages etc is listed as not to be indexed by 'good' robots such as Google.
All access to the site is prohibited to 'bad' robots (37 of them as at spring 2007)
If you have any concerns about Data Protection issues or would like further explanation please contact me by sending a Private Message to user Malcolmw on this site.