Frequently asked questions
These FAQs are compiled from a number of queries which UGLE has received about what individual Lodges need to do with regard to data protection. They are additional to the guidance that has already been circulated.
Do I need to collect individual consents from members of the Lodge or new joiners/initiates?
The standard application forms for initiates or joiners collect the necessary consents from them. There is no need to obtain consents from existing members for normal Lodge business.
Do I need members’ consent to store their details?
Lodges do not normally need their members’ consent to store personal information such as names, initiation dates and contact details when that information is needed for normal Lodge activities. For example, Lodges can store members’ contact details because they are required for the purpose of sending out summonses.
How should I store members’ details?
Personal data must be stored appropriately depending on its nature. For example, the level of security for members’ bank details or Almoner’s reports might be higher than the level of security for members’ addresses. As a minimum, personal details should be stored in locked filing cabinets if kept in places to which other people have access such as Masonic Halls, and any computer files containing personal details should be password protected. When no longer required, documents containing personal details should be destroyed unless there is a good reason for keeping them (for example, Lodge minutes must be retained as a record of the Lodge’s proceedings).
How can I use members’ details?
Members’ details should only be used for normal Masonic activities relating to the Lodge such as issuing summonses, arranging Almoner’s visits, chasing subscription payments or Lodge committee business or for activities relating to the Metropolitan Grand Lodge, Provinces, Districts or UGLE such as submitting annual returns or contributing to disciplinary processes.
Any other use of details held by the Lodge requires the consent of the individual concerned. For example, the Lodge mailing list should not be used to circulate requests for charity donations except for those on the list who have provided their consent to receiving such requests.
How can members contact each other?
Members are free to contact other members but unless they are acting on Lodge business they may not use the Lodge’s mailing list for this purpose. The Lodge Secretary must not use the mailing list to divulge a members’ contact details to anyone without consent. If member A wishes to contact member B but does not know his contact details, member A may ask the Lodge secretary to be put in touch. The Lodge secretary can then send member A’s details to member B, inviting him to contact member A directly if he wishes.
What personal data can I include in Lodge summons?
For each piece of personal data on your summons you need to be able to answer the following three questions with a “yes”:
1. Does it have a legitimate purpose? A purpose will typically be legitimate if the data will be used for one of the Lodge’s normal activities as a membership organisation.
2. Is it necessary for that purpose? It will typically be necessary if there is no other practical way to achieve the same result which would involve less use of personal data.
3. Is including it a fair balance of members’ rights against the Lodge’s rights? It will typically be a fair balance if it falls within what members of your Lodge would expect to happen to their data.
Example 1 – information about candidates
For example, the summons for a meeting at which an initiation is proposed must include certain information about the potential new member, as specified in Rule 164(b). The purpose is to inform members about who is being proposed and enable them to make a decision. Only information necessary for that purpose should be included. By way of illustration it is unlikely to be necessary to state a candidate’s date of birth because the Rule already requires the age to be stated and the additional information contained in a date of birth is unnecessary for the purpose of informing members about the candidate.
Example 2 – names of all Lodge members
Some Lodges include a list of members’ names on all of their summonses, sometimes with their addresses or other personal details. The purpose of including names is so that all members are reminded who is currently a member of the Lodge and informed of any changes, ahead of the next meeting. There is no easier, less obtrusive, method to achieve this and so it is necessary for the purpose. Many Lodges will consider that including the list of names represents a fair balance of individual rights against the Lodge’s rights.
Example 3 – contact details for all Lodge members
Some Lodges include all of their members’ contact details on their summons. This is for the legitimate purpose that they may contact each other about Lodge business. However, it is unlikely that including contact details in this way is necessary or represents a fair balance of members’ and Lodge rights. There are other effective ways for members to obtain each other’s contact details which better protect members’ privacy. For example, members may approach the Lodge Secretary when they require another member’s contact details (about which see “How can members contact each other?” above).
Example 4 – Lodge officers
Summons can include the contact details of Lodge officers who members may need to contact, such as the Secretary or Treasurer. This is legitimate, necessary and represents a fair balance of the officer’s rights against the Lodge’s rights: the officer cannot fulfil his duties if members cannot easily contact him. If an officer does not want his contact details to be published then he should establish a generic email address (e.g. secretaryofABCLodge@gmail.com) and forward all mail from that to his personal email address.
What if the Lodge members want to include a list of contact details on the summons?
If the Lodge cannot justify including members’ contact details on its summons following the test set out above, then it has a choice. It can remove the details from its summons or it can include them but with the members’ explicit consent. In that case the summons can only include the contact details of those members who have actively provided their consent to the publication of their contact details on the summons. A member can remove that consent at any time.
What else do I need to think about for a Lodge summons?
If a Lodge circulates its summonses by email, care should be taken not to reveal each members’ email address to other members. This means that the email addresses of the recipients should be put into the “bcc” box by whoever is sending the email.
A Lodge Secretary may wish to remind members verbally or in writing at the bottom of Lodge summons that summonses contain personal information and so should be stored securely and shredded when no longer wanted.
Does my Lodge need a Data Protection Notice?
Yes, all Lodges should adopt a data protection notice. A template has been circulated, but this will need to be adapted by each Lodge if it holds or uses data for any purpose not covered by the template. The Notice must contain contact details (such as the Lodge Secretary’s email address) so that Lodge members have a contact for their queries about the notice or if they wish to exercise their rights, such as the right to request a copy of their personal data that the Lodge holds.
Does my Lodge need to appoint a data protection officer?
Lodges do not typically conduct large scale data processing and so do not need to appoint a data protection officer. However, any person who holds or uses the personal details of the Lodge members will have a duty to take appropriate steps to safeguard that information and only use it for the Lodge’s purposes. Some Lodges may consider it useful to identify one person in a Lodge with responsibility for looking after the records containing members’ details, and ensuring that these are only used in a way which is compliant with data protection laws. This person may often be the Lodge Secretary.
Does my Lodge need to take professional advice?
If a Lodge processes personal data for reasons outside normal Lodge business then it will need to consider what the lawful justification is for that processing. Before spending money on professional advice, it is worth considering the content on the data protection regulator’s website, www.ico.org, or using the ICO’s helpline for small organisations on 0303 123 1113.
Beware that many advisers may not understand how data protection law applies to not-for-profit membership organisations or members’ data and that a minority try to sell products and services they have developed that are not tailored to a Masonic Lodge’s needs. By contrast, many professional advisers will be able to assist those Lodges that need professional advice because of personal data they process relating to their commercial interests or property holdings.
My data protection question is not answered here – what should I do?
At first instance please contact the Provincial Grand Secretary.
These FAQs are intended to help share knowledge and guidance but are not legal advice and are not a substitute for independent legal advice on compliance, if you consider that necessary. Lodges which are not based in the UK will need to consider the impact of any local laws concerning data protection.
Provincial Grand Lodge of Wiltshire
30 April 2018