In the first of a two-part feature on the law relating to data, Sean Egan reflects on data protection dilemmas.
Like me, you probably receive a weekly pile of flyers for performances, not to mention the emails! Most of this material I have requested but much of it comes from companies I do not know and whose performances I have never attended. Putting aside the philosophical question as to the value of having my horizons widened in this way, this article takes a lawyer’s eye-view of what is going on.
Organisations are becoming more sophisticated in the way they use mailing lists and there are two principal ways of collecting data. The first is through box office attendance and the second is through punters’ requests to be put on mailing lists.
Most of you will be aware that under the terms of the Data Protection Act (DPA), there are restrictions on the use of data and the need to register with the Information Commissioner when holding names and addresses. There are some common practical difficulties that practitioners face in this area.
When you collect data you should inform punters (also called ‘data subjects’) of the uses you will make of their personal data and as a matter of good practice you should give them the right to refuse to allow you to do so. If you are outsourcing your direct marketing the legislation also requires that you should have a written agreement with the fulfilment house. If you are selling or sharing your lists with other organisations, you will need to put in place standard terms governing the way they are permitted to use the data. This is in addition to the requirement that the individual has given informed consent to the transfer of data. Conversely, if you obtain lists from outside sources you should establish that informed consent was given and that any person who has refused consent is omitted from the list.
The way in which data is collected at the point of sale is crucial in establishing what you can and cannot do. Some punters have a particular loyalty to a venue but at least as often the reasons for the ticket sale will be to hear a particular orchestra or to see a show or a particular company. Unless the orchestra or company can negotiate with the venue to receive the database of information for a particular presentation, it may have no access to that information – which is the experience of the Academy of Ancient Music (p6).
With venues becoming more ‘organised’ they are less prepared to make this information available as they see it as an important marketing tool and want to promote the venue as the key marketing source. All this is understandable but unless orchestras and peripatetic companies have the opportunity to acquire this information they will be limited in their ability to market their work independently of venues. Arts Council England (ACE) is sensitive to the need for companies to be able to market their work and the importance of companies and orchestras being able to develop their brands. It may be that touring organisations can be empowered in their negotiations with venues if funders require the acquisition of this information as part of their funding conditions.
Roger Tomlinson’s handbook on Data Protection1 is a valuable starting point for looking at these sorts of issues, particularly as the Information Commissioner has endorsed it. However, his approach can be seen as a cautious one and may create unnecessary burdens for some organisations. It emphasises the need to obtain consent when, as an alternative, organisations can rely on the ‘legitimate use’ argument. So long as the use of the information is fair, consent from the data subject is not necessary and no opt-out needs to be offered. The most obvious example would be sending information for shows of the same type as previously requested; consent is not necessary in this case. New restrictions come into force next month restricting the use of electronic marketing (i.e. by fax, email and SMS text messaging). I will be dealing with these changes in the next ArtsProfessional.
Sean Egan is Head of the Arts & Media Department at Bates, Wells & Braithwaite, Solicitors. e: s.egan@bateswells.co.uk.
1 ‘Data Protection: a guide to the Data Protection Acts and their implications for managers in the arts and entertainment industry’, and updates, can be found at http://www.ticketing.org.uk