Many Associations and Guilds are starting to (or already do) keep records on computer systems. These records will inevitably hold information about people, and as such fall within the ambit of the Data Protection Act 1984.
The Data Protection Act governs the use of computer systems to store personal data. Unless an exemption applies, it is necessary to register any computer system that holds personal data. A number of other requirements also apply, relating to the accuracy and relevance of data and to the uses to which it may be put. These are mostly at the common-sense level: you must ensure that the information is accurate (which you'd want to do anyway); you must keep it secure from prying eyes; you can only use it for the purposes you declared when registering.
Personal data means data (i.e. information stored in a computer system or the like) relating to a living individual who can be identified from that information (or from that information together with other information in the possession of the data user). Among other things, this means that a database of scurrilous tales about 18th century College Youths is not regarded as "personal" (because all the subjects are dead). Names of participants in a peal will be "personal data" (assuming the individuals are still alive) because although a name as such could belong to many different people, the fact that this John Smith rang in that peal does positively identify him. Further: a list of peals rung for your Guild, even without any names, could be "personal" because it relates to individuals (the participants) whom you can identify from other information in your possession (copies of The Ringing World). Names that occur in non-personal contexts (such as things called after individuals) are not regarded as "personal". This should apply to method names as "B---y P-----y's Dog".
Anything held purely for "word-processing" is outside the scope of the Act. This would cover the use of word-processors or desktop publishing systems to produce annual reports, provided that the files were used purely for that purpose. It would be permissible to retain the files to be the basis for next year's report, but if they were linked to (for example) subscriptions data then they would fall within the scope of the Act. This exclusion differs from an "exemption": exempt data is still covered by the requirements on accuracy, security, non- disclosure and so on, but "word-processing" information is not required to be accurate, secure, or private. You might fall foul of the libel laws, but that's another matter!
If you decide that registration is the proper course, then you must apply to the Data Protection Registrar. The fee is currently £75 on first registration, and this lasts three years. Renewal costs £50 (though I'm not predicting how much it will cost in three years' time!) and the Registrar will contact you some time before expiry of your registration to invite you to renew. He will not have problems over changes of Secretary (or other contact) because you are legally obliged to keep him apprised of such changes.
Registration brings with it some further obligations. If you control a registered system, then anyone may write to you for a copy of any information you may hold about them. (They would have found out about your system, and where to write to, from your entry on the Register). You are required to reply within a given time limit (forty days; I'm not sure if this has anything to do with the length of Lent), and if you do hold information about them and they notify you that it is inaccurate, you are obliged to correct your records. You are entitled to charge up to £10 for supplying the information, or for replying that you don't have any data about them. (It has been suggested that one could make a nice profit from registering a non- existent system and waiting for such requests at £10 a time ... it might be rather a long wait though), If you have a non-registered exempt system, they you are still obliged to reply to any such request, but your reply may be "we do not hold any personal data which we are required to reveal to you" (or some such).
You could, of course, ignore the law and run a non-exempt system unregistered in the hope that the Data Protection Registrar would never hear about you, or that you would be regarded as too insignificant to be worth his trouble. I would not advocate such a course of action.
Further information may be obtained from:
The Data Protection Registrar, Wycliffe House, Water Lane, WILMSLOW, Cheshire SK9 5AF. Tel: 01625 535777.The Registrar can supply various literature, including a set of "Guidelines" booklets, free. You would be well advised to obtain a set (or a new set if yours is not the March 1992 edition) if you have or are planning a computerised records system. The Data Protection Registrar also maintains a WWW page which contains a summary of the requirements of the Act.
FRED BONE
Central Council Computer Coordination Committee.
HTML version by Roger Bailey, September 1995. Arrived by search engine? Click here for a comprehensive list of other change-ringing links.