Andy Robinson (blackadder) blackadderajr at googlemail.com
Thu Aug 20 10:50:12 UTC 2009

Peter Miller wrote:
>Sent: 20 August 2009 11:13 AM
>To: Nick Black
>Cc: osmf-talk at openstreetmap.org
>Subject: Re: [Osmf-talk] EVERYONE: PLEASE VOTE
>On 20 Aug 2009, at 11:05, Nick Black wrote:
>> Grant,
>> I think that the OSM-F membership list should be available for anyone
>> to request for their own personal use, in line with the UK Companies
>> Act.
>> My understanding and the understanding of the Board is that because
>> the OSM-F is not Data Protection Act registered, we are tightly
>> constrained by what we can do with a membership list.  Until last
>> night I did not have access to the list.  We can only use it for
>> purposes of membership - sending membership reminders is about the
>> extent of the actions we can take.  I personally think this is sub
>> optimal, which is why I'm working with the other OSM-F Board members
>> to get clarification on the DPA and other regulations.
>> I think the members should have access to the membership list and the
>> information that can be inferred from it, but this has to be done
>> through the proper channels.
>The Foundation is legally required to register under the Data
>Protection Act 1998 and failure to do so is a criminal offence:-
>"Notification is a statutory requirement and every organisation that
>processes personal information must notify the Information
>Commissioner's Office (ICO), unless they are exempt. Failure to notify
>is a criminal offence.

Ah, but you have not stated what the exemptions are. We know that we do need
to register because of all the things we might need to be able to do with
the wider OSM database (the OSM User data). The membership is a different
matter and as Nick says, its not a requirement to notify for the purposes of
managing an individual's membership as far as I am aware and thus not
legally required on what we have used the data for to date, but clearly it
is in our interests to do so for the future.

Notification is the easy part. It's ensuring the systems are in place to
comply with the Act that needs to be checked through so there is little
point in notifying until we are ready, otherwise if we get an audit we would
be found lacking. Those policies and procedures need to be written and put
in place. Something that will take a bit of time to do. As I said, we need
to consider not just the OSMF membership list but the OSM userbase as well.

Its on Saturday's Board agenda so this is one of the important issues being



More information about the osmf-talk mailing list