Data Regulation Policy
Buckinghamshire Referees Society applies information provided by the RFU states that:
- The Society will ensure that its referees’ are protected against the risks of unsafe or inappropriate use arising from a lack of proper information about them by means of the maintenance of an accurate record. The Society must ensure that the records which may be in paper or electronic form are:
- Kept securely and can be located promptly when required;
- Retained for an appropriate period of time; and
- Securely destroyed when it is appropriate to do so.
What should Referees’ expect?
Referees’ can be confident that:
- Their personal records are accurate, fit for purpose, held securely and remain confidential
- Communication with referees will be via text message, email or telephone. Such communication relates to appointments to games, meetings, international ticket allocation from the RFU and/or reminders to related society issues
- The society does not send out marketing information
- Data will be shared only when there is the need, it will be for training purposes
Access to records
Referees’ have a statutory right to see records held about them whiles they live, this is under the Data Protection Act 1998. If they die, the right passes on to those who may have a claim against their estate
How long should the society retain records?
This decision is not as simple as it seems. The Data Protection Act says that someone holding sensitive personal data should retain that information no longer than necessary. There is no definition of ‘necessary’; this will depend on individual circumstances.
Legal obligations about storage of records
- The society must keep records safely and securely. Keeping them securely also requires that they are kept confidential (Executive Members of the society who have been instructed on referees’ security policy are exempt). Access to the records by others must only be given if necessary, and with necessary and appropriate safeguards. The society is expected to make and be able to demonstrate, an assessment of risk in deciding on appropriate security measures.
Is there a legal requirement about disposing of paper or computer held records?
- The Information Commissioner gives detailed and useful guidance on security measures and how safely to destroy records, in particular computer records which, though deleted, often remain accessible.
Does the society have an obligation to disclose referees’ records whilst retained in their possession?
The right of access to records is under the Data Protection Act. A discretionary fee of up to £10 (£50 for manual records) can be charged and disclosure must take place as quickly as possible but in any event within 40 days of receipt of the signed referee authority (request). Whatever fee is requested should be capable of being justified.
What should a society do if someone other than the referee asks for access to his/her confidential records?
A common example is that of the police conducting an investigating into a known suspect. It may be that the police have a Court Order or a Statutory Right to compel disclosure. In that situation there would be no breach of the common law duty to maintain confidentiality. If a request is made for the confidential information in connection with legal proceedings it is very unlikely that disclosure should take place unless a Court Order is produced. In any event, if the society is satisfied it is necessary to disclose, the society must consider whether they should ask for the referees’ consent, whether he/she can make the disclosure anonymous and limit the disclosure to the extent necessary. The society should also think about whether any other individual name identified has consented to the disclosure and whether the records should be redacted before disclosure.
As a general rule, if a referee has not consented to disclosure of the confidential information, in the absence of a Court Order, disclosure is likely to be unreasonable.