RE: [uk-netmarketing] Data Protection Act

[Alex Chapman]

All


The legal position on all this is tricky - the most difficult bit is the 

fact that the rules are very much open to interpretation. It is also 

confused by the terms - data Controller, data processor etc.


So I will start with the absolute basic prerequisite.


If you collect or use data relating to people (names, e-mails, phone 

numbers etc) get yourself registered with the data protection registrar - 

it costs about 75quid and is very simple.


Virtually every business should do so, as virtually all collect and use 

data referring to living people (whether as a client database, phone book 

on excel or part of a piece of marketing software).


Next you need to decide whether you have the right to have the data and use 

it


Data falls into 2 main categories - personal data and sensitive personal 

data.


Personal data will include name, address, email, age etc.

to use personal data you need

the subject's consent; OR

processing to be necessary:

for performance of a contract with the individual; OR

under a legal obligation; OR

to protect the vital interests of the individual; OR

to carry out public functions; OR

to pursue your legitimate interests or those of a third party (unless it 

could prejudice the interests of the subject).




Sensitive Personal data will include race, religion, sexual preference, 

politics etc.

to use Sensitive Personal data strict conditions apply, including:

explicit consent of the subject; OR

being required by law to process the data for employment purposes; OR

the need to do so to protect the vital interests of the subject or another; 

OR

dealing with the administration of justice or legal proceedings.



This doesn't answer the main question - what if a friend gives the email 

address to you.


Well in that case you should go back to the start.


Is it personal data (most email addresses probably are - though the old 

CompuServe type i.e. 123456789@compuserve probably are not).


Next is it sensitive? - It is very hard to see how they can be and though

tonyblairlabourparty [dot] org

 might be an example of emails that need some 

care.


So with emails we are really talking about personal data. Therefore is your 

use consented to, or is it necessary? Again this is open to interpretation.


My professional view is that you should all adopt a policy of best 

practice. In this you can acknowledge the law is ambiguous but that you are 

doing all you can to work within it. In particular you can provide 

individuals with the ability to notify you if they are unhappy with your 

use of their data - thus reducing the risks to you and your business.


I will deal with Direct Marketing per se in another submission.


All the best


Alex



Alex Chapman

BRIFFA

Business Design Centre

Islington

London

N1 0QH


t: 020 7288 6003

f: 020 7288 6004

d: 020 7288 6076


e:

alexbriffa [dot] com

-----Original Message-----

From:	Sam Michel [SMTP:

samchinwag [dot] com

]

Sent:	22 January 2001 12:09

To:	uk-netmarketing from chinwag

Subject:	[uk-netmarketing] Data Protection Act


Mornin' all...


Following on from this discussion...I was watching the Mark Thomas Product 

a

couple of weeks back when he concentrated on CCTV, the Data Protection Act

and individual's rights to ask for footage from cameras. See:


http://www.mtcp.co.uk/


Perhaps you can help me out on this one. I asked the people I watched the

show with, and friends/collegaues/passers-by if anyone has ever been

prosecuted or even warned about the Data Protection Act?


[Sam says: msg chopped]