Steady on chaps!
The DPA calls for common sense rather than a New World Order.
As I said before, most organisations, rightly or wrongly, balance risk against how comprehensive their DP policy is and how far they follow the principles of the Act. Unless something right now is majorly broken, why try and fix it?
Hpwever, Andy H's comments on discussions around the direction of AUK are in the back of my mind too. If these come to fruition and means changes to how AUK uses the information it holds on its members, I suggest this will be the driver for a review of AUKs policy on privacy, communication and data protection.
Events (up to and including LEL, though this changes with LEL2013) are put on by Organisers not AUK and organisers 'own the relationship' (salespeak) with the rider, at least as far as the Organiser's event. Rider contact info goes directly to the Org. The only info passed to AUK is memno and names for validation purposes. Orgs do have access to AUK memlist via the startlist lookup feature which includes postal addresses but *NOT* email addresses.
Yes, tempting to think that the two are disconnected but that is not actually the case as you are involved in data processing for AUK.
If I entered the event directly with AUK (I know I can't) and all they did was send you (as the organiser) a predictied number of riders to cater for and covered your costs, i.e. no information about the riders at all, then from a DPA perspective, you are disconnected. If I wasn't a member and AUK had no information about me at all, then you are also disconnected.
But as an AUK member and based on my understanding of the process, if I enter one of your events:
- I send you a data set including details about me that AUK may or may not have
- I am uniquely identified as a member through my AUK number
- You relay my completion to AUK using my name and possibly the common reference i.e. AUK#
- Based on the information you send back, AUK put information about me up on their website
- If you keep my entry form or any information that relates to me by my AUK# alone, both you and AUK have personally identifiable information about me, linked via a common reference number
And both you and AUK hold my email address.
H