Share |
The truths they don't want you to read....

Tuesday, August 10, 2010

Data Protection Act and Storas Uibhist

Shouldn't Storas be registered with the Information Commissioner if it keeps details of members and supporters to whom it can email or post?

The answer is, of course, yes it should.

And the answer to the next questions is: No it isn't.

16 comments:

Anonymous said...

Perhaps you ought to take a look at this:

http://www.ico.gov.uk/upload/documents/library/data_protection/forms/notification_exemptions_-_self-assessment_guide.pdf

You would then find it doesn't need to register.

Anonymous said...

3:00 is that you Huw?

Didn't Angus MacNeil and Absent Allan both make similar claims about not having to be registered under the DPA?

Both are now registered, and I think you'll find Angus was right then, and is right now.

There is no exemption that covers Storas. Despite their protestations. Who failed to check DPA registration, Huw?

Anonymous said...

I have a vision coming through the ether... it's all a bit murky yet.
Hang on, it is getting a bit stronger now, ah yes I can just about make out some figures.

Don't know what is going on but I can see a man with a leek behind his ear. He appears to be speaking to another well fed chap in a military type of uniform, the regimental colours appear to be those of the Honorable Cal MacAteers.

The problem with visions is that the sound quality is on a par with the service of Connected Communities, but I can hear faintly a wee welsh voice asking a Major
Binnie for '... a one way ticket out the loch please'

I'll have to write to Brian, the west coast Pharisee, to see what it can possibly mean.

Anonymous said...

p.10 of 3:00's leaflet:

You do not have to notify if the only* processing you carry
out is for one or more of these purposes:

Staff administration
Advertising, marketing and public relations
Accounts and records

Please read the following information about each of the exempt purposes to determine whether or not you are exempt.



Seems to me as though they are exempt.

Anonymous said...

Whether you are exempt of not, it is completely unacceptable to have commercial negotiations published on the net in an attempt to coerce an individual to hand over a piece of the jigsaw that you dropped through incompetence.

This is merely symptomatic of the arrogant bullying tactics that Storas have used on the community.

Anonymous said...

3:11

I don't know who 3:11 is, but I am 3:00 and I certainly am not Huw, whoever he is!

Indeed, this is the first time I have commented on this blog, as I have been something of a lurker.

I should add to my remarks that those who claim Storas is breaking the law, are claiming the body is guilty of a criminal offence under section 21 of the Data Protection Act 1998.

This is an extremely serious charge. I am surprised those who claim this do not substantiate their claim, as a defamation action has suceeded on much less.

Anonymous said...

3.53

I'd love for Storas to try a defamation action; even more lawyers fees and all the crap exposed to public view.

Reality check: you are in a remote fragile community which has deep roots and a long memory for bad factors. Further alienation - if it were possible - between management and tenants would be only result.

Anonymous said...

4:47

Reality check: don't throw mud around, which has little or no grounding in fact or law. It's not clever.

Instead, if where concerns about DPA registration arise, complain to the authorities.

MadEddieH said...

Unless Storas is a not-for-profit organisation they will be required to notify.

The accounts and records clause refers specifically to customer/supplier type records - not membership type records.

Given that they are required to follow the data protection laws whether they notify or not and that the fee to notify is buttons the only reasons not to notify (unless they are not-for-profit) would be incompetence or non-compliance.

MadEddieH said...

Also by the looks of it there website is in breach of the ecommerce regulations as well.

Anonymous said...

MacEddieH:

Not quite. Let's look at the regulations (SI 2000/188), Article 4 of Schedule 1:

Accounts and records exemption
4. - (1) [There is no need to register where] the processing -

(a) ***is for the purposes of keeping accounts relating to any business or other activity carried on by the data controller***, [[or]] deciding whether to accept any person as a customer or supplier, or keeping records of purchases, sales or other transactions for the purpose of ensuring that the requisite payments and deliveries are made or services provided by or to the data controller in respect of those transactions, or for the purpose of making financial or management forecasts to assist him in the conduct of any such business or activity;

(b) is of personal data in respect of which the data subject is -

(i) a past, existing or prospective customer or supplier; [[or]]

(ii) any person the processing of whose personal data is necessary for the exempt purposes [the business];

...

so members' details are exempt.

http://www.opsi.gov.uk/si/si2000/20000188.htm

CAUTION: The OPSI copy of the SI has been amended. But the relevant Article hasn't.

Anonymous said...

Anon 8:41

What you refer to are the exemptions from registration.

The actual question is whether Storas require to be registered in the first place. If they do, then are there exemptions that allow them not to be registered? Such as the ones you refer to.

The requirement to register is detailed here.

As the email address are used for mail shots to the public (mainly but not exclusively members) registration appears compulsory and the exemption you quote does not apply.

Nor does the 'not for profit' exemption.

Tagsa Uibhist are registered under the DPA for mailshoting members, as are Sustainable Uist. Why are Storas above the law?

I think we need definative answers, and perhaps the easiest way is for Storas to write to the Information Commissioner to seek a decision, and to publish the full correspondence.

Any directors got the balls????

MadEddieH said...

Digging into their own website they are a company limited by guarantee and thus don't seem to be a not-for-profit.

It seems pretty clear that they ARE required to notify. The various clauses that the Anonymous cowards keep pulling out all refer to exemptions for core-business purposes - i.e. accounts/records relating to employees, suppliers or customers.

Also it should be noted that these exemptions only apply if the processing of data is exclusively for one of those purposes.

Given that the fee is £35 per year and regardless of whether they are exempt from notification or not they HAVE to comply with the requirements of the DPA I would say that the only reason not to notify is either incompetence or non-compliance.

If I was Calum MacMillan I would definitely be dropping an email to the ICO because regardless of whether they are exempt from notification or not Storas are required to comply with the DPA and by the looks of it they have breached it with the way they have dealt with him.

And the Storas website is definitely breaching e-commerce regs as well.

Anonymous said...

All of this for the sake of 35 quid.

Surely the decent thing to do is to invest about 10 minutes of the time spent on consultants or about an hour of HF's salary on registering, and be done with it.

Storas must have wasted at least 10 times the £35 on defending it's position - time that would be better spent on encouraging proper economic development on the island

Anonymous said...

I find it very hard to believe that Storas are refusing to accept Calums offer to give up his connection for " the good of the community."

Why doesnt Calum allow Storas to publish his "offer" which he supplied in February so that all the community can decide who is actlng correctly in this farce.

Maybe his demands are "not for the good of the community" but more for "the good of Calum Macmillan>"

Anonymous said...

3.53 is very quick to suggest an action for defamation. I wonder how close 3.53 is to the current defamation action?