Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Data Protection query
If my email address had been collected as part of an entry to an event, and I am then subsequently sent an email that has nothing to do with said event, is that a breach of the Data Protection Act which states:

Quote:Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Also if it has been several years since I have entered an event run by that person and I am subsequently sent an email from the organiser, is that a breach of the Data Protection Act which states:

Quote:Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
I think the first question you would have to ask is if your email address is in the public domain. It took me 20 seconds to find a site with what appears to be your email address, and, as you cannot prove where the email address was obtained, then I would be under the impression the act will not apply.
kind of ironic given the comments on data protection on here months ago. it would be another dose of schadenfruede if those previously demanding info under the data protection were now hung by it Big Grin
The e-mail addresses of members is available from the grading programme, just click on the players name and the information is there.

The grading programme can be downloaded by anybody from the website.
Patrick McGovern Wrote:kind of ironic given the comments on data protection on here months ago. it would be another dose of schadenfruede if those previously demanding info under the data protection were now hung by it Big Grin

For those not familiar with the word schadenfreude - it is a foreign word lifted directly into English. Like many other words in that category (such as chutzpah) it is hard to accurately define in the English language Wikipedia comes up with "pleasure derived from the misfortunes of others"
Perhaps this notice board would be a more pleasant and more functional place if there was less attempted schadenfreude flying around from those who should know better. Especially so when those people attacked are not named.

The first incident Pat refers to is a series of private e mails I exchanged with the chair of the standards committee (copied to CS executive but not to other members of the Standards committee) which referred to the rewritten report of the standards committee to the 2012 agm. In that correspondence I pointed out to Dick Heathwood that the 25 page report mentioned in Standards Committee report appeared to be covered by the Data Protection Act and. My request to see that file was refused. I did not threaten to go legal. I did not publicise the contents of the correspondence event on this notice board.

The second incident referred to by Pat and linked to the first in his most recent posting is the use of private e mail addresses in the election campaign for president. These addresses have been acquired from the grading data programme (not by me) and used to contact CS members base (not by me) presumably with the knowledge of the relevant campaign managers (neither is me).

Not being a member of CS I do not have a vote in the election for the CS president. Like most people I have private conversations with my friends on confidential matters. Unlike some people who post here I know more than I post. None of these self evident facts is illegal, immoral or worthy of attack.

The real question to be answered here is this is why are private e mail addresses available to anybody who downloads the grading programme? I have not downloaded the programme to check but there is a danger that children’s email addresses have also been published. Going back to the top of this thread this appears, at first reading, to be against the provisions of the Data Protection Act. This is a question for Chess Scotland officials and members to tackle (not me).
'Chutzpah' - touché, Phil!

More seriously, I suppose technically you should not be able to post on here as a non-member. An observation that is not aimed at you but at the utility of this 'Members' Only" categorisation. I hope we will get rid of it soon and get back to where we were. Both points you make merit attention.

I am barely computer literate so that I cannot verify for myself just how accessible private email addresses are. Is the grading programme not restricted? Surely it should be?
As far as the data protection act is concerned it is actually possible to forward some data to third parties. However when user submits data it generally has to be clearly defined at time. There should also be a choice and generally best approach is "opt in" approach rather than "opt out" approach as far as 3rd party contact is concerned. Information collected is often also constrained with uses and has to be used "Fairly". To summarise main things relevant for ChessScotland other than accuracy.

First Principle of Data Protection Act
Personal data shall be processed fairly and lawfully i.e.
- Be open and honest about your identity;
- Tell people how you intend to use any personal data you collect about them (unless this is obvious);
- Usually handle their personal data only in ways they would reasonably expect; and
- Above all, not use their information in ways that unjustifiably have a negative effect on them.

Second Principle of Data Protection Act

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Seventh Principle of Data Protection Act
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

I will also note that relying on fact that someone's e-mail can be found publically is a very fragile defence. For example if I set up my own domain for e-mails and then gave only ChessScotland an e-mail address of <!-- e --><a href=""></a><!-- e --> that was then rerouted to my main address of <!-- e --><a href=""></a><!-- e --> that would mean that next time widow of Nigerian president contacts me for help with transferring funds and a visa at <!-- e --><a href=""></a><!-- e --> I would then have a fairly robust case for proving that my information was leaked while ChessScotland was discussing things with Nigerian Chess Federation or someone associated with them.

As far as availability of private e-mails goes theoretically it shouldn't be revealed unless you gave consent elsewhere or that another place has breached data protection act. Of course if your e-mail is posted on a public facebook page or ends up on a shady mailing list of some sort then it would be rather unsurprising if you start getting loads of unsolicited mail.

Personally I've noticed that usually issue that is murkiest in terms of data protection is people sending e-mails advertising congresses. As far as my rough interpretation of scope of communications I should be receiving from ChessScotland as a member it mainly consist of reminders about renewing membership (if not a life member), player of the year voting, AGM information, changes to how ChessScotland will be run, perhaps a monthly newsletter (that I would have option to unsubscribe from) and any pertinent issues that require a response from me (e.g. I'm selected to represent country or gauging interest to represent country, ethics committees, replies to queries etc).

As far as how CS deals with DPA regulations at current and in future I'll pretty much list it here. On application form (<!-- m --><a class="postlink" href=""></a><!-- m -->) it states "All details are treated as confidential but may be used to further the promotion of chess in Scotland". This seems a bit vague and doesn't contain an opt in/out for marketing. In addition is promotion of chess in scotland sending e-mails to me about congresses or giving my e-mail address/details to journalists so they can question me about chess in general and publish interviews in national press raising profile of chess ;P As far as how people have used it up to know I'd like to think that most people have used it with best of intentions and an oversights were due to fact that scope wasn't necessarily clearly defined.
I don't really want to get involved in the unsolicited-email debate, though I tend to agree that email addresses are generally so easy to find these days that it seems unlikely that any data protection breach has taken place.

Just to pick up George on the 'non-members' thing: 'members only' refers to members of the noticeboard community, with registered accounts, rather than members of Chess Scotland. It's an issue that a couple of people have raised in the past, but there are no restrictions on who can post on this forum, as long as they've set up an account.
it's not just the data protection act but also the freedom of information act and privacy and electronic regulations 2003 (see article below) which may come into play

Please see article below

<!-- m --><a class="postlink" href=""> ... ion-breach</a><!-- m -->

My understanding is that if you receive an unsolicited email then there should be an option to unsubscribe from future emails. Also if you give your email to Chess Scotland then Chess Scotland and their officials are responsible for that information and should offer a disclaimer or opt out facility. I also think if you disclose your email on a discussion or use it to get email entries for a tournament etc then you haven't a leg to stand on as your email becomes part of the public domain. However if your email is harvested from the grading program without your permission, then there may be issues . It's all down to how you submitted your email address (I think!) If you submit your email for say to contact you regarding your chess club, then again its a grey area since you volunteered your email address

Obviously a misunderstanding on my part. Sorry about that.


Thank you. Very helpful. I endorse your concluding remarks about 'best of intentions' and 'oversights'.


I agree that when I apply to enter a tournament - or otherwise get in touch with a Congress/Tournament organiser (say, a query only), I expect him or her to 'harvest' my email address so that he/she can 'ping' me in future. Basically, simply by contacting him/her, I am giving implicit permission/authorisation.


It's just that I don't understand why my email address should be in a grading programme at all. If children's email addresses are in there, too, that would seem a concern. But, would children's email addresses be listed rather than,say, a parent's or guardian's? Depends on age, I suppose. What purpose or need is there for email addresses in the grading programme?

Forum Jump:

Users browsing this thread: 1 Guest(s)