This depends on two things:
1) What you want to achieve.
If you want a list of definitely keen people, then go for an opt in. If you
think the greater purpose would be served by having a list of people who are
either keen or don't mind, then consider an opt out.
2) What you perceive the risks to be.
If the risk of publishing the details is high, then an opt in is by far
safest way to go. However, if the site is restricted to members - and you
basically trust your members not to misuse the data - and you are happy that
your security is adequate - then an opt-out is almost certainly adequate.
The best way to administer an opt-out is to piggy-back on something that
people are sending you anyway (such as a membership renewal).
* You must provide a full explanation of what is involved (in order to
comply with Principle 1 and - because it is on the web site - Principle 8 if
any of your members are abroad). It may be worth saying that you take no
responsibility for what other members do with the contact details, but that
they are provided on the understanding that they are only to be used for
purposes related to that of the society, and not for marketing - or
something like that.
* Do not offer both a yes and a no box, because then you don't know what to
do with people who tick neither.
* If they send the form back without ticking the no box then you probably
have their consent - because sending the form back without ticking the box
'signifies' their consent, and therefore complies with the Directive
definition of consent.
If you can't piggy-back on something else, make the opting out process as
easy as possible (e.g. a freepost address or freephone number) - and give
people several opportunities. They might miss your first announcement, or
be away at the time. However, be aware that failure to respond in such a
case does not count as consent, because the members have done nothing to
'signify' their preference. You therefore have to comply with one of the
other Schedule 2 Conditions: Condition 6 is the only likely one, and you
would have to be confident that you are not infringing the 'rights, freedoms
and legitimate interests' of your members by publishing their details
without consent.
Don't forget that people who have consented can withdraw their consent, so
you must have a way of responding promptly if people change their minds and
ask for their details to be removed.
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
----- Original Message -----
From: "Linda Haylock" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Thursday, October 25, 2007 3:22 PM
Subject: Signature for opting in required?
We are planning to make our members' database available on our website in
the spring.
It will be a members only, password-protected area that will include
contact details of members.
We are presently sending out forms to all our members with the
statement "I agree to have my details listed in a members-only, password-
protected area of the website", a 'Yes' tickbox, a 'No' tickbox and a
space for signature and date.
Quite a large number of people have not sent the form back, or have sent
the form back without ticking either Yes or No, and the whole exercise is
becoming costly and time-consuming.
Then I came across another association's form which quite simply said "The
Society is Registered under the Data Protection Act 1998. If you have any
objection to your details being included in the Members’ List that is
available only to other Members, please tick here."
Is this latter 'opt out clause' sufficient, does anybody know? Or is a
signature opting in mandatory?
Linda
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|