OTHER CHAPTERS
I. SETTING UP AN ORGANISATION
Ch.1: Trusts & unincorporated associations
Ch.2: Companies & other incorporated structures
Ch.3: Charitable status, charity law & regulation
Ch.4: The objects clause
Ch.5: The governing document
Ch.6: Setting up an organisation
Ch.7: Registering as a charity
Ch.8: The organisation's name
Ch.9: Branches, subsidiaries, partnerships & mergers
II. GOVERNANCE & MEMBERSHIP
Ch.10: Members of the organisation
Ch.11: Members of the governing body
Ch.12: Officers, committees & sub-committees
Ch.13: Duties & powers of the governing body
Ch.14: Restrictions on expenses, remuneration & benefits
III. RUNNING AN ORGANISATION
Ch.15: The registered office and other premises
Ch.16: Paperwork requirements
Ch.17: Meetings & decision making
Ch.18: Legal agreements
Ch.19: Organisational & personal liability
Ch.20: Insurance
Ch.21: Financial difficulties & winding up
IV. EMPLOYEES, WORKERS, VOLUNTEERS & OTHER STAFF
Ch.22: Employees and other workers
Ch.23: Rights, duties & the contract of employment
Ch.24: Model contract of employment
Ch.25: Equal opportunities in employment
Ch.26: Taking on new employees
Ch.27: Pay & pensions
Ch.28: Working time & leave
Ch.29: Disciplinary matters, grievances & whistleblowing
Ch.30: Termination of employment
Ch.31: Redundancy
Ch.32: Employer-employee relations
Ch.33: Employment claims & settlement
Ch.34: Self-employed workers & other contractors
Ch.35: Volunteers
V. SERVICES & ACTIVITIES
Ch.36: Health & safety
Ch.37: Equal opportunities in provision of goods & services
Ch.39: Intellectual property
Ch.40: Publications & publicity
Ch.41: Campaigning & political activities
Ch.42: Public gatherings & entertainment
Ch.43: Food & drink
VI. FUNDING & FUNDRAISING
Ch.44: Funding & fundraising: General rules
Ch.45: Fundraising activities
Ch.46: Tax-effective giving
Ch.47: Trading companies
Ch.48: Contracts & service agreements
VII. FINANCE
Ch.49: Financial procedures & records
Ch.50: Annual accounts, reports & returns
Ch.51: Auditors
Ch.52: Corporation tax, income tax & capital gains tax
Ch.53: Value added tax
Ch.54: Investment & reserves
Ch.55: Borrowing
VIII. PROPERTY
Ch.56: Land ownership & tenure
Ch.57: Acquiring & disposing of property
Ch.58: Business leases
Ch.59: Property management & the environment
IX. BACKGROUND TO THE LAW
Ch.60: How the law works
Ch.61: Dispute resolution & litigation
|
|
UPDATED INFORMATION FOR CHAPTER 38:
VOLUNTARY SECTOR LEGAL HANDBOOK
This page contains information that has appeared on Sandy Adirondack's legal update website for voluntary organisations at www.sandy-a.co.uk/legal.htm. For current updates, including potential changes that are in the pipeline, see the legal update website.
These websites for each chapter update
the 2nd edition of The Voluntary Sector Legal Handbook by Sandy Adirondack and James Sinclair Taylor (Directory of Social Change, 2001). The websites are not intended as a comprehensive update and should not be treated as such.
To order a copy of The Voluntary Sector Legal Handbook, print out the order form at www.sandy-a.co.uk/bookserv.htm or send an email order by clicking
. It costs £50 for voluntary organisations or £80 for others, plus 10% p&p. We expect the third edition to be published in 2007.
The information here covers the law applicable to England and Wales. It may not apply in Northern Ireland and/or Scotland. These news items are not a full or definitive statement of the law and are not intended as a substitute for professional legal advice. No responsibility for loss occasioned as a result of any person acting or refraining from acting can be taken by the author.
Chapter 38
CONFIDENTIALITY, PRIVACY, DATA PROTECTION AND FREEDOM OF INFORMATION
GUIDANCE ON INFORMATION SECURITY
Added 26/10/05. This information adds to s.38.1 in The Voluntary Sector Legal Handbook 2nd edition.
The Department for Trade and Industry published in February 2005 Information Security: Protecting your business assets. This highlights the importance of protecting information, whether on paper or held electronically, from being maliciously or unintentionally changed, being accessed by unauthorised people, or being misused. The free guide can be ordered from 0870 150 2500 or downloaded at www.dti.gov.uk/bestpractice/technology/security.htm.
The October 2005 issue of Charity Finance magazine points out the risks of using the "track changes" facility when producing documents that go through several versions (in Microsoft Word, this is on the reviewing toolbar). Unless the changes are explicitly accepted or rejected, they remain visible to anyone who receives the information electronically and turns on track changes. This can reveal commercially sensitive information, comments that are defamatory or politically unwise, and material that is damaging in other ways.
PREVENTING AND REPORTING MONEY LAUNDERING
Updated 2/1/04. This information updates ss.38.1.1 and 49.2 in The Voluntary Sector Legal Handbook 2nd edition.
Organisations such as CVSs and community accountancy projects which help organisations set up and which advise individuals and organisations on financial and management matters could be caught by the Money Laundering Regulations 2003. Management consultancies and businesses which advise on personnel and employment matters almost certainly will be, and accountants, tax advisors and banks definitely are.
In a surprise change to the final regulations, they were extended to cover anyone involved in "the provision by way of business of services in relation to the formation, operation or management of a company or trust". I have not yet been able to find out whether "company" in this context includes unincorporated associations (in some legislation it does, and in some it doesn't) and whether "trust" includes charitable trusts (there is no particular reason why it shouldn't). I have also not been able to find out whether "by way of business" will include services provided free of charge by charities.
The regulations, which mostly came into effect on 1 March 2004, require affected bodies to:
-
verify the identity of new clients and keep records of identification evidence;
-
retain records of transactions with clients;
-
appoint one or more money laundering officers;
-
train staff to be aware of money laundering;
-
develop procedures to reduce the risk of money laundering;
-
report to the national Criminal Intelligence Service suspicions of money laundering by their clients or others.
At the very least, all voluntary organisations are facing closer scrutiny from their banks (especially when opening new accounts or changing signatories), accountants, auditors and other professional advisors. If the regulations apply to services provided by voluntary organisations, those organisations have to appoint money laundering officers and put appropriate procedures in place.
For general information (not specific to the voluntary sector), see www.accountingweb.co.uk/business_management/amlz.html. The regulations are at www.opsi.gov.uk/si/si2003/20033075.htm. The Treasury's guidance is at www.hm-treasury.gov.uk/Documents/Financial_Services/money/fin_money_index.cfm?.
GUIDANCE ON INTERNET AND EMAIL POLICIES
Added 6/8/06. This information updates s.38.1.5 in The Voluntary Sector Legal Handbook 2nd edition.
CIPD updated in July 2006 its guidance on internet and email acceptable use policies, at www.cipd.co.uk/subjects/hrpract/general/webepolicy.htm.
MONITORING EMAIL AND TELEPHONE USE
Updated 30/10/01. This information updates s.38.1.5 in The Voluntary Sector Legal Handbook 2nd edition.
Since 24 October 2000 employers have had the right, under the Regulation of Investigatory Powers Act 2000 and Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, to record or monitor employees' communications in certain circumstances without the consent of either the employee or the other party to the communication. Circumstances in which communications can be recorded include:
-
to record evidence of business transactions;
-
to ensure compliance with regulatory or self-regulatory guidelines;
-
to maintain the effective operation of the employer's systems, for example to prevent viruses;
-
to monitor standards of training and service;
-
to prevent or detect criminal activity;
-
to prevent the unauthorised use of the employer's computer and/or telephone systems, i.e. to ensure the employee does not contravene the employer's email or telephone policies.
The employer must take reasonable steps to inform employees that their email and/or telephone use may be monitored or recorded. To ensure clarity and consistency, it is important to develop a policy on such use.
The regulations are at
www.opsi.gov.uk/si/si2000/20002699.htm.
In addition to the e-Envoy's guidelines, the TUC and the Industrial Society have issued joint guidelines saying employers should consult staff on email policy. The policy, they say, should encourage responsible behaviour and good management practice, and should safeguard the privacy of workers. It should:
-
warn workers that emails may be scanned electronically for obscene, indecent, racist or illegal content;
-
permit occasional personal use of email, provided this is occasional and does not interfere with work;
-
give assurances that emails between union representatives and union members will not be monitored or read by managers;
-
notify workers that their emails may be checked by others at work, if they are absent and have not left forwarding arrangements.
DOWNLOADING PORN AT WORK IS SEX DISCRIMINATION
Added 26/10/05. This information updates s.38.1.5 in The Voluntary Sector Legal Handbook 2nd edition.
The importance of having clear policies on internet and email use--as well as on harassment--is illustrated by a case in 2004 where male employees downloaded porn in the presence of a female employee. Although the woman did not complain at the time, and the employer did not authorise or know about the men's behaviour, the employment appeal tribunal found that such behaviour undermined the woman's dignity and was so obviously unacceptable that the fact that she had not complained at the time was not a significant factor. Because the employer could not show that he had policies and procedures in place to prevent the behaviour, the woman won her case of sex discrimination on the basis of sexual harassment. The tribunal made clear that if she had taken part in the downloading, or enjoyed it, it would not have been sexual harassment as it would not have met the definition of being unwanted behaviour of a sexual nature.
Mrs Rea Moonsar v Fiveways Express Transport Ltd is at www.bailii.org/uk/cases/UKEAT/2004/0476_04_2709.html.
ADDING BLOGGING TO YOUR INTERNET USE POLICY
Added 27/8/06. This information updates s.38.1.5 in The Voluntary Sector Legal Handbook 2nd edition.
A worker who was summarily dismissed for writing a blog that included information about her work is suing the employer in the French employment tribunal. The employer, Dixon Wilson, is a British accountancy firm with an office in Paris, and the employee is British but has spent all her working life in Paris. The blog does not give her surname or identify her employer, but includes photographs which allow her—and therefore potentially her employer—to be identified. Dixon Wilson claims this brought them into disrepute, and furthermore that she produced the blog in work time.
An employment solicitor has advised that employers should add to their internet use policy a prohibition on using the employer's IT systems to keep a blog, even if the employee is doing it in their own time, and may want to define keeping a blog as a potential act of gross misconduct. The employer may also want to make clear that comments which affect the employee's ability to do their job, damage the employer's reputation or are defamatory constitute misconduct or potentially gross misconduct—whether they are on a blog or made in any other way—and may lead to disciplinary action or dismissal.
For background to the story, click here (the address is too long to show on screen) or go to www.personneltoday.com and search for Dixon Wilson.
ADDING SOCIAL NETWORKING SITES TO YOUR INTERNET USE POLICY
Added 5/12/06. This information updates s.38.1.5 in The Voluntary Sector Legal Handbook 2nd edition.
As well as adding blogging to their internet use policies (see above), employers have also been advised to consider the security risks posed by employees accessing social networking sites such as MySpace and YouTube. Malicious code can be launched on websites such as these, and can infect an entire network if an employee accesses the website on a computer which is not protected against such attacks.
Employers are advised to install, run and regularly update anti-spyware and virus programmes, and ensure staff are aware of the risks of accessing non-work related websites. Some employers may prohibit access to sites such as these.
If you need convincing of the risks, see the article at www.newsfactor.com/story.xhtml?story_id=010000009Z88.
HARASSMENT BY EMAIL
Added 21/9/03. This information updates s.38.1.5.1 in The Voluntary Sector Legal Handbook 2nd edition.
In a case involving Holden Meehan Independent Financial Advisers, a woman who was given access to a colleague's email while he was on extended leave discovered he and eight colleagues had circulated more than 40 emails about her which she considered obscene. Feeling that her complaint to management was not taken seriously and she had no choice but to resign, she did this and claimed constructive dismissal and sexual harassment. In August 2003 she received £10,000 in an out-of-court settlement.
This case illustrates the importance of having and enforcing a clear policy on use of email and the internet, and ensuring all staff understand the importance of treating emails in the same way as other documents.
Further information is at www.eoc.org.uk/default.aspx?page=15152 and theregister.co.uk/content/67/32489.html.
INTERNET AND EMAIL POLICIES
Updated 26/10/05; links updated 22/12/05. This information updates s.38.1.5.1 in The Voluntary Sector Legal Handbook 2nd edition.
The ACAS guide to internet and email policies, issued in March 2004, explains why employers should have such a policy, what it should include, and the legal and management issues. The guide is at http://www.acas.org.uk/media/pdf/1/k/AL06_1.pdf. For another guide, from Business Link for London, click here (the address is too long to show on screen).
FREEDOM OF INFORMATION
Updated 26/10/05. This information updates s.38.2 in The Voluntary Sector Legal Handbook 2nd edition.
The Freedom of Information Act 2000 (FOIA) came into effect on 1 January 2005. It enables organisations and their clients/service users to obtain information from more than 100,000 public authorities (as named in the Act or in subsequent orders), but it also means that:
-
public authorities may have to disclose information provided to them by voluntary organisations, including information in contract tenders or information provided in consultations;
-
public authorities might have to disclose information about their relationship with voluntary organisations;
-
voluntary organisations might have to disclose information they hold on behalf of public authorities.
Organisations should ensure they keep records of information provided to public authorities; ensure that contracts or other agreements with public authorities require the body to notify the organisation of any request under the Freedom of Information Act relating to information provided by the organisation, and clarify when you would need to be notified before information is disclosed; make clear if you consider any information you provide is genuinely confidential or commercially sensitive (but this does not necessarily mean that the public body will have to treat it as confidential); ensure any information held on behalf of a public authority is easily accessible; and ensure clarity about whether the organisation or the public body bears the costs of requests that the organisation has to fulfil.
Most requests for information have to be met within 20 working days. There are 23 exemptions, of which some are absolute (such as security or where a breach of confidentiality would be actionable in the courts) and some are qualified (such as ministerial communications, information about the royal family, and commercially sensitive information). Qualified exemptions are subject to a "public interest" test which says that the information must be disclosed unless the public interest in withholding it outweighs the public interest in disclosing it. Contract clauses cannot be used to define something as confidential if it would not normally be considered to be confidential. The Data Protection Act makes personal data about individuals exempt from disclosure under FOIA.
Organisations which tender for or receive public sector contracts should, if they have not already done so, take legal advice about the potential implications of the FOIA.
Information provided to a regulatory body for the purposes of regulation is likely to be exempt from disclosure. Other information provided to regulators is likely to be disclosable--which could include information provided to the Charity Commission and similar bodies.
Information about the FOIA, bodies covered by the Act, exemptions and how to make requests for information is available from the Department for Constitutional Affairs website at www.foi.gov.uk, and the Campaign for Freedom of Information at www.cfoi.org.uk/pdf/foi_guide.pdf.
Two points about how the FOIA interacts with other legislation:
-
Under FOIA, public authorities are only those bodies named in the Act or in orders made under the Act. The definition of public authority for the purposes of the Human Rights Act is potentially much wider.
-
The Durant decision narrowed the definition of "personal data" under the Data Protection Act. So the Durant decision had the effect of reducing the amount of information individuals can get about themselves under the DPA, but widens the amount of information about individuals that can potentially be disclosed to anyone through an FOIA request.
DATA PROTECTION GOOD PRACTICE NOTES
Updated 5/12/06. This information updates s.38.3 in The Voluntary Sector Legal Handbook 2nd edition.
The Information Commissioner updated in July 2006 its guidance on international transfers of personal data. This guidance emphasises that simply getting consent for the transfer of data to countries outside the European Economic Area (EU + Iceland, Leichtenstein and Norway) is not enough to ensure compliance with the data protection principles. The organisation should have binding corporate rules covering the transfer and use of data outside the EEA.
The guidance, along with briefings on a very range of data protection topics including CCTV, buying and selling customer databases, email marketing, charities and marketing, recording professional opinions about individuals, taking photos in schools, subject access, references, and disclosing information about tenants, is available via www.ico.gov.uk/tools_and_resources.aspx (click on Document Library). "Getting it right" briefings are available specifically for small businesses/organisations, and a model contract for the transfer of information to other organisations is available.
GUIDANCE ON DATA PROTECTION
Updated 15/9/02. This information updates s.38.3 in The Voluntary Sector Legal Handbook 2nd edition.
In October 2001 the Information Commissioner issued legal guidance on complying with the Data Protection Act. The document is substantial--104 pages--but clear and easy to read. It can be downloaded at
www.informationcommissioner.gov.uk.
DATA PROTECTION GUIDES FOR VOLUNTARY ORGANISATIONS
Added 26/10/05. This information updates s.38.3 in The Voluntary Sector Legal Handbook 2nd edition.
LASA published in November 2004 an updated version of its Computanews Guide to Data Protection. Intended specifically for voluntary organisations, it demystifies the Data Protection Act and provides a framework for developing a data protection policy and suitable procedures. The guide costs £5 via www.lasa.org.uk/computanews/guides.shtml.
Organisations needing more information should consult Data Protection for Voluntary Organisations by Paul Ticher, published by Directory of Social Change. It costs £14.95 and can be ordered via www.sandy-a.co.uk/bookserv.htm.
DATA PROTECTION GOOD PRACTICE NOTES
Added 1/8/06. This information updates s.38.3 in The Voluntary Sector Legal Handbook 2nd edition.
The Information Commissioner's Office has issued a range of short good practice notes, summarising data protection law on:
- Outsourcing (for example contracting out payroll functions or customer/member mailings), issued 3 April 2006;
-
Buying and selling customer databases (22 March 2006);
-
Recording professional opinions about individuals (13 February 2006);
-
Pension trustees and their use of administrators (19 December 2005);
-
Taking photos in schools (1 December 2005);
-
Subject access and references, including employment references (16 November 2005);
-
Disclosing information about tenants (16 November 2005);
-
Electronic mail marketing (2 November 2005);
-
Charities and marketing practice (27 September 2005);
-
Individuals' right of access to examination results (29 July 2005);
-
CCTV guidance and the Data Protection Act (February 2004).
All good practice notes can be accessed via www.ico.gov.uk/eventual.aspx?id=19264.
THE END OF THE EXEMPTION FOR PRE-1998 PAPER FILES
Added 29/7/07. This information updates s.38.3.1 in The Voluntary Sector Legal Handbook 2nd edition.
Paper records from before 24 October 1998 come under the Data Protection Act from 23 October 2007, if they are in a "structured" manual file. This means a file kept in a manual system where it can be retrieved by reference to the person's name or other identifying data, such as a reference number.
Some commentators have predicted a crisis, with large numbers of people making subject access requests. Others doubt this will happen, because information added to the files since October 1998 has been subject the the Data Protection Act anyway, and most public sector bodies have had to make pre-1998 information available before now.
Organisations which have structured manual files containing old information about living individuals should consider whether they will be affected by the ending of the 1998-2007 exemption for such information.
The Information Commissioner's basic guidance on dealing with subject access requests (for all personal information, not just on paper) can be accessed via tinyurl.com/3xk2sj.
WHEN INFORMATION IS NOT PERSONAL DATA
Updated 26/10/05. This information updates s.38.3.2 in The Voluntary Sector Legal Handbook 2nd edition.
A Court of Appeal decision on 8 December 2003, in Durant v Financial Services Authority, limits the right of individuals to see information about them. The court said that the mere fact that information (on paper or computer) refers to the individual does not make it personal data as defined in the Data Protection Act. And if it is not personal data, it does not have to be disclosed even when the individual makes a data subject access request. In order to be personal data, the court said, the information must be "biographical in a significant extent"; in other words it must be about the individual, not just refer to him or her.
In relation to information held on paper, the court said that the mere fact that a file is labelled with an individual's name does not necessarily mean that it is part of a "relevant filing system" and is therefore covered by the Act.
This decision does not affect organisations which are willing to provide all the information they hold to employees, service users or others making a subject access request. But where an organisation wishes not to provide information, this case might provide a basis for saying it is not personal data and therefore does not have to be disclosed--especially where the information is held on paper. An organisation in this situation should seek advice from a specialist to ensure personal data is not unlawfully withheld.
The Durant v FSA decision is at www.bailii.org/ew/cases/EWCA/Civ/2003/1746.html. Click here for the Information Commissioner's views on the implications of the case (the web address is too long to display on screen).
in June 2005 Durant petitioned the House of Lords about the Court of Appeal decision, but in October 2005 withdrew the petition because of the costs involved in proceeding with the case.
DATA PROTECTION AND EMPLOYMENT PRACTICES
Updated 26/10/05. This information updates s.38.3.4 in The Voluntary Sector Legal Handbook 2nd edition.
A consolidated and updated version of the Employment Practices Data Protection Code was published by the Information Commissioner in June 2005. The code was originally in four parts: recruitment and training, record management. monitoring and surveillance, and workers' health [see below for details]. For the huge consolidated code (12.13MB pdf file), click here (the address is too long to show on screen). For the shorter Quick Guide to the Employment Practices Code, still pretty hefty at 1.76MB, click here. To ask for a copy on paper, contact mail@ico.gsi.gov.uk.
DATA PROTECTION CODE ON EMPLOYMENT PRACTICES
Updated 9/3/04. This information updates s.38.3.4 in The Voluntary Sector Legal Handbook 2nd edition.
There are four codes on data protection in employment. The first, on recruitment and selection, was issued in March 2002 and sets out benchmarks for good practice, with notes and examples. Some of the main points are that applicants and potential applicants must be made aware, throughout the recruitment process, of how the employer will use the information provided, any checks that will or may be made on the information, and any plans to use the information for non-recruitment purposes. When information is transferred to a personnel file for the successful applicant, information irrelevant to the ongoing employment relationship must be deleted.
The second part of the employment code was issued on 3 September 2002 and covers management of personnel records. It sets out procedures for storing personal data about employees and job applicants, how individuals can apply to see their records, and penalties for non-compliance. One problem that has been identified with the code is that it does not always distinguish between the law and good practice.
Part 3 of the code, covering surveillance at work, was issued on 11 June 2003. It covers activities such as use of CCTV, automated email monitoring, and keeping recordings of telephone calls. The code spreads over 104 pages the following main points:
-
employers can monitor workers when the advantage to the business outweighs the intrusion into the worker's affairs;
-
employers should normally carry out an impact assessment before monitoring, weighing up the advantage versus the intrusion;
-
workers should be told if they are being monitored;
-
information discovered through monitoring should normally be used only for the purpose for which the monitoring was carried out;
-
the information discovered should be kept secure, which may mean only letting one or two people have access to it;
-
employers should be careful when monitoring personal communications such as emails which are clearly personal;
-
employers should not undertake covert monitoring except in the very rare circumstances where it is used for the prevention or detection of crime, it has been authorised at the highest level of the business, and where there is a risk that notifying workers of the monitoring would frustrate the purpose of the monitoring.
Consultation ended on 27 February 2004 on the fourth (and final) part of the data protection code on employment practices, covering information about workers' health. It covers general issues, occupational health schemes, medical examination and testing of workers, drug and alcohol testing, and genetic testing in the workplace. It does not cover routine sickness and accident records--these are covered under part 2 of the code.
Part 1 of the code, on recruitment and training, part 2 on record management, part 3 on monitoring and the draft of part 4 are at www.informationcommissioner.gov.uk/eventual.aspx?id=446.
SHARING PERSONAL DATA WITH OTHER ORGANISATIONS
Added 29/7/07. This information updates s.38.3.5 in The Voluntary Sector Legal Handbook 2nd edition.
The Information Commissioner's Office issued on 24 May 2007 guidance on sharing personal information between authorities or agencies. Although intended primarily for local authorities, the guidance is applicable to voluntary organisations as well. Among the basic principles are that organisations should identify the benefits and risks, take reasonable steps to safeguard personal information, consider whether consent is needed, be transparent about what is being shared and why, and ensure information is up to date and accurate.
The guidance can be accessed via tinyurl.com/yp3e6h.
DATA PROTECTION AND REFERENCES
Added 1/8/06. This information updates s.38.3.6 in The Voluntary Sector Legal Handbook 2nd edition.
In his good practice note on references (see above), the Information Commissioner confirmed that:
- if a person asks for a copy of a confidential reference you have written about them relating to training, employment or providing a service, the reference is "exempt information" and you do not have to provide it to them;
-
although you do not have to provide a copy of a confidential reference you have written, it would generally be reasonable to provide it anyway where the reference is wholly or largely factual in nature or the person is aware of the appraisal of their work or ability;
-
a person who receives a reference might have to disclose it to the individual--even if it is marked confidential and even if the referee says they do not want it disclosed. The good practice note sets out the criteria to be considered in weighing up confidentiality versus disclosure. These include whether the information is truly confidential or is already known to the individual; any explicit assurance of confidentiality given to the referee; any relevant reasons the referee gives for witholding consent; the potential or actual effect of the reference on the individual; the fact that a reference must be truthful and accurate and that without access to it the individual is not in a position to challenge its accuracy; that good employment practice suggests that an employee should have already been advised of any weakness; and any risk to the referee.
The good practice note on subject access and employment (and other) references is at www.ico.gov.uk/eventual.aspx?id=19264.
ORGANISATIONS CAN BLOCK DIRECT MARKETING CALLS
Added 24/4/04. This information updates s.38.4.2 and 45.3.2 in The Voluntary Sector Legal Handbook 2nd edition.
From 25 June 2004 businesses--including voluntary organisations--have the same rights as individuals to opt out of unsolicited direct marketing phone calls, by registering with the Telephone Preference Service (www.tpsonline.org.uk). Registration is free and must be by internet, letter or fax. Individuals can also register by phone. TPS will confirm with organisations every year whether they want to continue to opt out.
Organisations which carry out telephone marketing or fundraising must check and comply with TPS lists.
The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2004 are at www.opsi.gov.uk/si/si2004/20041039.htm.
SPAM IS A CRIMINAL OFFENCE
Updated 15/12/03. This information updates ss.38.4.4, 40.2.6 and 45.3.4 in The Voluntary Sector Legal Handbook 2nd edition.
From 11 December 2003 it is an offence, in some situations liable to an unlimited fine, for anyone to send unsolicited commercial email (UCE/spam) and text messages to individuals (including unincorporated bodies) who have not explicitly agreed to this in advance. Email, SMS text, fax and other electronic marketing messages can be sent to individuals only with their explicit consent--an opt-in, rather than the current widely used "tick here if you don't want to hear from us" opt-out.
There is an exception where the organisation has an existing customer relationship with the individual. In this case unsolicited electronic messages can be sent in order to market similar products, unless the individual has opted out from receiving such messages. This rule applies only to commercial relationships (where goods or services have been sold to the individual), and does not apply where the individual is, for example, a member of or donor to the organisation.
In addition, organisations with websites which use cookies or similar tracking devices to store information about visitors to the website should consider how the regulations may affect them. The organisation will have to provide information about the cookies, and allow individuals to refuse them.
The Privacy and Electronic Communications (EC Directive) Regulations 2003 are at www.opsi.gov.uk/si/si2003/20032426.htm. The Information Commissioner's guidance on the regulations is at www.informationcommissioner.gov.uk/eventual.aspx?id=96.
Paul Ticher, author of Data Protection for Voluntary Organisations (Directory of Social Change), has produced a summary of the rules. To get a copy click
and send an email with your name and details.
(To prevent spamming, an email address is not given on screen. If you cannot connect by clicking, hold your cursor over the word "here" and the email address should appear at the bottom of your screen.)
Good practice guidelines are in the 11th edition of the Committee of Advertising Practice code, which came into force on 4 March 2003. To comply with the code, legitimate but unsolicited email marketing communications must immediately disclose themselves as such without having to be opened. Distance selling marketing communications must in most cases include a statement saying customers have the right to cancel orders.
In addition to the general opt-out statement on publicity, fundraising, membership etc materials, organisations should use an opt-in statement along the lines of "We may want to send you information about our work and products by email, text message or fax. Please tick here to give your consent for this." Organisations should not send direct marketing emails to individuals and unincorporated bodies unless they have agreed to this. If you send direct marketing emails, make clear in the topic bar/subject line what they are. Include a statement about the right to cancel orders in any distance selling materials.
|