All,
As requested in the last board meeting, I've been doing some digging into whether we need to register with the Data Protection Act (DPA), and whether the person in charge of membership (i.e. me) should undergo a Criminal Records Bureau (CRB) check. Below is what I've found. IANAL etc. applies. I'd rather not work through all of this during an IRC meeting unless there are questions, so will just point to this email during the meeting. Comments and questions are welcome, especially if anyone has any personal experience of any of this.
Taking the DPA first, there is an exemption "from the requirement to notify [the Information Commissioner's Office] under the Data Protection Act 1998 (the Act) for ‘not-for-profit’ organisations." The information is at http://www.ico.gov.uk/upload/documents/library/ data_protection/practical_application/ gpn_not_for_profit_v1.0_web_version.pdf . Basically: "The exemption is narrow and further conditions do apply.
The exemption applies to processing which is only for the purposes of: • establishing or maintaining membership; • supporting a not-for-profit body or association; or • providing or administering activities for either the members or those who have regular contact with it."
This should be fine for us, at least initially, although we probably want to register somewhere down the line just in case (there's lots of grey areas around this). The cost to register/notify the ICO is £35/year (no VAT applies), so that should be a negligible cost once we're fully set up.
With CRB checks, I don't think that we are legally obliged to have one done of the membership secretary, but I'm not clear on whether it would be legal to require/get one anyway.
According to http://www.crb.gov.uk/Default.aspx?page=1871 a CRB check is needed if "you will be working with children or vulnerable adults; ... working in an establishment that is wholly or mainly for children; ... working in healthcare; or you have applied to be a foster carer, adoptive parent or childminder." None of the these apply in this case. Also, http://www.crb.gov.uk/Default.aspx? page=1855 lists positions and jobs for which CRB checks can be done, and none seem appropriate.
I am not clear on whether the Rehabilitation of Offenders Act (ROA) 1974 restricts CRB checks to the just these positions and jobs, or whether they are available in a wider sense. I have contacted the CRB bureau to get clarification on this, and will share their response when I receive it.
I should say that if it is either legally required (doubtful), or not illegal and we decide that it's desirable (possible/probable), then I'm quite willing to undergo one (and I would be very surprised if it didn't come back clean). They are free of charge for volunteers, but you have to be a registered company with them - which costs a lot - hence there are various Umbrella Bodies that can countersign the request for a CRB check, which generally cost of order £10.
Mike Peel
I can't see why the membership secretary is any different from the rest of the board. Decisions about membership are made by the whole board, so everyone has access to the information. If the mem sec needs a check, then the whole board does. From my research, I don't think it is absolutely necessary for the board to be checked (unless they are going into schools to teach people about using Wikipedia, or whatever, which can be dealt with at a later date), the question is whether it is a) desirable and b) legal to run the checks. I don't really have an answer to that.
wikimediauk-l@lists.wikimedia.org