The Data Protection Act places obligations on any organisation that stores information about people. This useful guide to the Act explains the basic principles covering fair and lawful use, limiting data to that required for purpose, accuracy, retention, and restriction of access.
The UK IBM Club collects and stores data about its members in a way that is commensurate with the requirements to know who its members are, communicate with them, and organise events on their behalf. At a UK level membership data is extracted from IBM's HR and Pensions systems. IBM Pensions Trust shares IBM Club membership details with IBM UK. At a local level data is collected detailing booking requests and payment for events. Minutes of meetings with attendee information may also be recorded.
Each local club can register with the UK Club Administrator to receive monthly membership lists. The UK Club Administrator verifies the status of the applicant based on their eligibility as a member and their status as an officer of the local club. Two lists are provided: a general list of every member or eligible member, and a more detailed list of just the retiree members for the club in question.
The general list contains the following for all members:
- IBM personnel number
- Local club affiliation
- First name
- e-mail address (IBM e-mail for employees, personal e-mail (where provided) for retirees
- Type of member (employee, retiree, associate, dependant)
- Postcode district (for eligible retiree or associate members only)
The detailed list of retiree members for a given club contains the following for just the members of the local club:
- IBM personnel number (which should remain unique whilst on Pensions systems)
- Local club affiliation
- First name
- Post code
- E-mail address (where provided)
- Telephone number (where provided)
At a local level each monthly list is superceded by the next, and so only the current list is retained. At a UK level membership data is retained so as to facilitate analysis of membership changes over time.
Booking requests and payment
The tracking of booking requests and payment is handled by each local club. The data held may vary from club to club, but in the main will include information such as:
- Event names, dates, venues, prices, subsidy levels.
- For each event the name, personnel number, e-mail address, number of places, price paid, date requested, date paid, cheque number (or other payment reference), ticket details, date of ticket posting, and local club affiliation for each member booking tickets.
Meeting minutes will record the names of attendees, and of decisions made.
Fair and lawful use
The UK IBM Club Oversight Manager is responsible for defining the membership information required to facilitate the running of local clubs, and for verifying that this is the information that they receive.
Each local club is responsible for recording the information necessary to run events in an auditable manner. The Oversight Manager is responsible for verifying that this is the case.
All parties handling membership information are responsible for ensuring that it is only used for the benefit of members as part of running IBM Club, and that membership information is never passed to any party not involved with the running of IBM Club.
Membership information is extracted from IBM UK HR and Pensions systems, and as such responsibility for accuracy of membership data rests with these departments.
Event booking, payment information, and meeting minutes are the responsibility of each local club.
The UK IBM Club Administrator is responsible for ensuring that the membership lists are only sent to those with a legitimate need.
Each local club committee is responsible for ensuring that membership lists are only shared between those with a legitimate need, which in the main will be those organising events on behalf of the local club.
Each local club committee is responsible for ensuring that obsolete membership lists are deleted in electronic form, and that hard copies are destroyed.