data protection statement

The Data Protection Act 1998 has now been in force for over eight years. The
primary purpose of the legislation is to protect individuals against possible misuse of
information about them held by others. Many of us are personally employed in roles
which involve the regular handling of personal data, however the Guild should make
sure that specific guidance on such handling should be routinely provided to those
who need it as part of the briefing for dealing with their responsibilities.

In the context of the Guild, it is essential to ensure that all members are aware that
personal information should not be disclosed in response to enquiries unless those
concerned are certain that the enquirer is internal to the organisation and has a
legitimate reason for seeking the personal data. Such data should never be disclosed to
casual callers or enquirers unless it is absolutely clear that the individual has given
explicit consent. There is a natural desire to be helpful in response to requests for
details of e.g. the address of a member/former member, member of a branch/former
member of a branch etc, but such information must not be disclosed without the
consent of the person concerned. This applies even where the person making the
request is a parent/relative – consent is still required.

Requests for an individual’s own personal data should be dealt with as subject access
requests under the DPA and as such should be dealt with by the relevant officer of the
Guild, namely the General Secretary or the Membership Secretary.