All users of personal information, including students involved in organising clubs and societies, are obliged to comply with the Data Protection Act.
Student societies are themselves responsible for the protection of any data that they process outside the control and responsibility of the University.
When personal information is collected, societies must declare clearly who is collecting the information, the purposes for which it is being collected, and who the data will be disclosed to.
The Act requires those using personal data to notify the Information Commissioner. However, some student societies may be exempt from the notification provisions as 'not-for-profit organisations' but this is a matter for the society to check directly with the Commissioner. There is a guide to notification at the Information Commissioner's website.
Without the written permission of society members, society organisers should not pass on names, addresses or email addresses of their members to any outside organisation. Societies must also be aware of the restrictions the Act places on direct marketing.