The Data Protection Act places obligations on any organisation that stores information about people. This useful guide to the Act explains the basic principles covering fair and lawful use, limiting data to that required for purpose, accuracy, retention, and restriction of access.

The UK IBM Club collects and stores data about its members in a way that is commensurate with the requirements to know who its members are, communicate with them, and organise events on their behalf. At a UK level membership data is extracted from IBM's HR and Pensions systems. IBM Pensions Trust shares IBM Club membership details with IBM UK. At a local level data is collected detailing booking requests and payment for events. Minutes of meetings with attendee information may also be recorded.

Data held

Membership lists

Each local club can register with the UK Club Administrator to receive monthly membership lists. The UK Club Administrator verifies the status of the applicant based on their eligibility as a member and their status as an officer of the local club. Two lists are provided: a general list of every member or eligible member, and a more detailed list of just the retiree members for the club in question.

The general list contains the following for all members:

The detailed list of retiree members for a given club contains the following for just the members of the local club:

The IBM personnel number is the primary means of uniquely identifing a member. The local club affiliation confers voting rights and influences disbursement of the company grant. Employee members are always contactable via their IBM e-mail, and can be searched for using the internal directory using name or personnel number. E-mail addresses for retirees are not reliably available and so address and telephone numbers are used as a backup by the club with which they are affiliated.

At a local level each monthly list is superceded by the next, and so only the current list is retained. At a UK level membership data is retained so as to facilitate analysis of membership changes over time.

Booking requests and payment

The tracking of booking requests and payment is handled by each local club. The data held may vary from club to club, but in the main will include information such as:

Meeting minutes

Meeting minutes will record the names of attendees, and of decisions made.

Responsibilities

Fair and lawful use

The UK IBM Club Oversight Manager is responsible for defining the membership information required to facilitate the running of local clubs, and for verifying that this is the information that they receive.

Each local club is responsible for recording the information necessary to run events in an auditable manner. The Oversight Manager is responsible for verifying that this is the case.

All parties handling membership information are responsible for ensuring that it is only used for the benefit of members as part of running IBM Club, and that membership information is never passed to any party not involved with the running of IBM Club.

Accuracy

Membership information is extracted from IBM UK HR and Pensions systems, and as such responsibility for accuracy of membership data rests with these departments.

Event booking, payment information, and meeting minutes are the responsibility of each local club.

Access

The UK IBM Club Administrator is responsible for ensuring that the membership lists are only sent to those with a legitimate need.

Each local club committee is responsible for ensuring that membership lists are only shared between those with a legitimate need, which in the main will be those organising events on behalf of the local club.

Retention

Each local club committee is responsible for ensuring that obsolete membership lists are deleted in electronic form, and that hard copies are destroyed.