From the Data Protection Registrar in response to a letter from Andrew Craddock. I don't have a copy of the original letter, nor do I have machine-readable copies of the documents referred to in the letter, though these might be available through the Registrar's Home Page.

Dear Mr Craddock

Thank you for your letter of 1 September written as a follow-up to our telephone conversation of 25 August.

First of all, I note that you are trying to establish, beyond reasonable doubt, that the personal data that you intend to include on a database of Tower contacts is exempt from registration under the Data Protection Act 1984.

I note that you could find no reference World Wide Web facilities of the Internet in your copy of the Guidelines (dated March 1992). I enclose a copy of the revised Guidelines (dated November 1994) though again I do not think that there is any specific reference to the implications of WWW. However, I do enclose a copy of an annex to the Registrar's 11th Annual Report regarding the Internet.

I am grateful to you for providing a detailed background to your proposed database. I note that you intend to provide a World Wide Web page listing all the Tower contacts and that name, address and telephone number will be included in the WWW page unless they ask you not to publish their details. Given that their addresses are likely to be home addresses I think it is right to give them the choice in this matter.

First of all, I should make quite clear that I am unable to provide formal confirmation that you do not need to register. All I can do is to set out the relevant considerations that you should take into account and then it is up to you to make up your own mind. The Registrar has no powers to issue for example, a formal certificate of exemption.

However, I will now summarise the main considerations. The references that I will give will relate to specific sections of the Guidelines.

First of all, you will clearly be holding, and making available on the WWW, personal data (see section 2.3 on page 15) in that the individual names will identify specific living individuals. However, though you will certainly be holding personal data it may well be that you are not processing those data "by reference to the data subject" insofar as you do not have any specific interest in the individuals as individuals but rather in their representative capacity as the named contact for a particular Tower.

I note, and this is something that I had not appreciated from our telephone call, that this is your personal initiative. I note that you ask whether it would make any difference if you were maintaining the database on behalf of your local guild. Whilst there is an exemption that applies to personal data held for domestic or recreational purposes (see 6.A.2 on page 90) you will note that it is made clear that this exemption will not apply to an individual who keeps records on behalf of a club, or voluntary organisation. It seems to me, that in effect, even though this may well be a personal initiative and one in connection with your hobby, that you would arguably be maintaining the database on behalf of the guild. For that reason, it seems to me that it might be sensible to seek some sort of formal approval of the guild to carry out this activity because I do think that this would make the application of the Data Protection Act 1984 to the personal data in question rather clearer.

Assuming that you would in fact be maintaining the database on behalf of the local guild then it may well be that the exemption which applies to an unincorporated members' clubs (and I think that we were agreed that the guild is likely to be unincorporated) would apply (see 6.A.6 page 94-95). You will note, in particular, the need to make absolutely clear to individual members the nature of the disclosures envisaged (that is publication on the WWW presumably allowing anybody with access to the WWW to view the personal data in question regardless of whether they have any interest in bell-ringing).

Yours sincerely

Philip Jones

Assistant Registrar