Toastmasters Europe - Continental Europe       
   
Toastmasters Europe - Continental Europe
Toastmasters Europe 
Username:

Password:

 Remember me



I forgot my password

Don't have an account yet?
You can register for FREE


My Communication

     


Need to ask a question?

HelpNeed to ask a question? - or could you help and answer questions?


District 59 Belgium, France, Luxembourg, Netherlands, Monaco

District 95 Denmark, Germany, Norway, Sweden

District 107 Spain, Portugal, Morocco

District 108 Estonia, Finland, Kazakhstan, Latvia, Lithuania, Poland and Russia

District 109 Austria, Bulgaria, Cyprus, Greece, Italy, Lichtenstein, FYR Macedonia, San Marino, Switzerland and Vatican City

District 110 Croatia, Czech Republic, Hungary, Rep. of Moldova, Romania, Slovakia and Ukraine

District U Undistricted Clubs in Europe


  Search 
Author malw  Date 14 May 07, 00:08  Views 16524
Description Retaining and securing personal data for your club members.
Category Using This Site  Type Reference
Article scope
easy-Speak information

Data Protection Issues

Every Toastmaster club keeps information about its members.
After all, Toastmasters is all about communication, we need to keep in touch with each other and the club officers need some way of knowing who the current members are and their contact details.

What could be easier than to have the VP-Membership keep all of this in a spreadsheet and e-mail it around to the other club officers sometimes?

Unfortunately this simple approach brings some problems with it since the club now has multiple copies of its members personal data distributed around club officers and past officers.
Can the club be certain that each of these PCs is up-to-date with anti-virus, firewall, Windows updates and anti-spyware?
What if the PC is stolen, lost or sold - is the data secure?
Can the club be certain that old data is deleted when no longer needed - for example new club officers are elected?
Any e-mail communication should not disclose other recipients (eg should use blind copies) and the data only be used for club purposes but can the club be certain that this will always be the case?

Legal obligations are imposed for the UK by the Data Protection Act 1998 (which mirrors European law)

    1. process personal data fairly and lawfully.
    2. obtain personal data only for one or more specified and lawful purposes and to ensure that such data is not processed in a manner which is incompatible with the purpose or purposes for which it was obtained.
    3. ensure that personal data is adequate, relevant and not excessive for the purpose or purposes for which it is held.
    4. ensure that personal data is accurate and, where necessary, kept up to date.
    5. ensure that personal data is not kept for any longer than is necessary for the purpose for which it was obtained.
    6. process personal data in accordance with the rights of the individuals to whom the information relates.
    7. ensure that personal data is kept secure.
    8. ensure that personal data is not transferred to a country outside the European Economic Area unless the country to which the information is to be sent ensures an adequate level of protection for the rights (in relation to the information) of the individuals to whom the personal data relates.
Further information from the Information Commissioner's Office: http://www.ico.gov.uk/eventual.aspx?id=87

Clearly, having multiple copies of personal data on spreadheets is not:

    Controlled (How many copies? Are they all needed? Are they all current? Has something been changed)
    or
    Secure (Virus and Spyware protection, Password protection, Secure deletion

If they thought about it, most clubs would find it impractical to comply with the requirement to protect their members personal data if they use a spreadsheet and pass it around.

This practice is also high risk:

    A recent survey found that although more than 70 percent of those who participated believed they were safe from viruses and online threats almost 20 percent of them were currently infected by a virus and 63 percent acknowledged being infected in the past.
    Spyware was an even more common and under-appreciated problem than viruses.
    Spyware or adware programs were found on 80 percent of the computers analyzed, with an average of 93 spyware or adware components on the infected machines.

Multiply this level of risk by the number of past and present club officers' PCs and you have an almost guaranteed problem.

If you do not believe that keeping personal data on a PC is a risk, consider this example of data distributed by a virus from a police officer's personal computer: http://www.sophos.com/pressoffice/news/articles/2006/03/jppolice.html
or this example of Nuclear secrets leaked when a 30-year-old engineer used his personal computer for company business http://www.sophos.com/pressoffice/news/articles/2005/06/va_jpnuclear.html

Conclusion - you should NOT keep members personal data on a PC.


easy-Speak
How does this website comply with the requrements of data protection?

    All data are kept in an encryped database behind a managed firewall with 24 hour support and daily data backup.
    A user may choose to enter their address and telephone numbers and has the additional choice of allowing this to be visible to their club officers, fellow club members or the public.
    A user may even place a restriction that their name will only be visible to their club officers or fellow club members.
    All data kept on an individual is ALWAYS visible to them (and also to the member's mentor).
    There is only one copy of the data
    Access is controlled by password
    Users are encouraged to keep their own data up-to-date.
    The site NEVER displays an e-mail address and takes special precautions to prevent any access by web-crawlers that try to harvest e-mail addresses.
    Registered users may send an e-mail to another user - but the recipient's e-mail address is never disclosed by the site.
    All the meeting e-mail and District/Club bulk e-mail is sent as a blind copy without disclosing e-mail addresses.
    Site security is reviewed and updated promptly for new developments.
    Information on the Membership and Profile pages etc is listed as not to be indexed by 'good' robots such as Google.
    All access to the site is prohibited to 'bad' robots (37 of them as at spring 2007)

If you have any concerns about Data Protection issues or would like further explanation please contact me by sending a Private Message to user Malcolmw on this site.

    
Quick Knowledgebase Navigation 

You cannot post new articles in this category

Powered by Knowledge Base MOD, wGEric & Haplo 2002-2005   PHPBB.com MOD

Terms and Conditions (Revised 2018-04-23)       Privacy Policy (Revised 2018-04-23)
The names Toastmasters International and all other Toastmasters International trademarks and copyrights are the sole property of Toastmasters International
This website is developed, supported and financed by Toastmaster members for use in their own clubs with the cooperation of Toastmasters International. It is only available to Toastmasters clubs.