Queries were received from group leaders, asking about how we in Winchester U3A are affected by the Data Protection legislation. Most of us are probably already aware in general terms about the Data Protection Act, 1998 (DPA) but we may not be too clear about how it affects us. The DPA was designed to protect individuals from abuse of their personal data held on computers. The DPA requires that companies and organisations holding personal data must notify the Information Commissioner that they hold personal data on computer and they must conform to the data protection principles. Certain organisations including “not for profit” organisations are exempt from this notification requirement although those organisations are still required by law to adhere to the principles of proper rmaintenance and use of personal data...

Winchester U3A, which as a registered charity as well as a “not for profit” body, is exempt from notification. The data which we hold about members relates only to names, addresses telephone numbers, and email addresses. We hold this data on a central computer database which is maintained by our Membership Secretary and copies of that data are transferred electronically to the Subscription Secretary and to the Treasurer who need to have it to carry out their duties. We only hold data on current members so that when a member leaves Winchester U3A his/her data is removed from our database. We do not transfer any personal data to outside organisations.

The principles contained in the DPA are that personal data shall be processed fairly and lawfully and having been obtained for a specific purpose shall not be further processed in any way which is incompatible with that purpose. The data must be kept up to date and must not be kept for longer than is necessary for that purpose. The number of people holding copies of the data must be kept to an absolute minimum. As far as possible, hard copies of the data should not be made.

These principles apply to all data held within our organisation including any held by group leaders. That data must only be made available to those who require to use it to carry out their duties. We should only retain data for current members and when a member leaves our organisation; their personal data must be deleted from the records.

David Mason