List of HSL members

[green day]

As I understand it, the publishing of a name alone is not a breach of GDPR because without another identifier (DoB, NI Number, Bank Details etc) you cant be identified.

Look forward to seeing mine on the strip

[Just Alf]

Im guessing that some of the missing names might be from folk that replied to HSL asking for their name to be removed when months ago they emailed telling us that they'd be publishing the list so we can all check our names are on it prior to it being passed on to the manufacturer.

I'm also guessing that all those names we can see are those that were happy for their name to be on the strip (.i.e made public?)



Sent from my SM-G935F using Tapatalk

[The 90+2]

This quote is hidden because you are ignoring this member. Show Quote

As I understand it, the publishing of a name alone is not a breach of GDPR because without another identifier (DoB, NI Number, Bank Details etc) you cant be identified.

Look forward to seeing mine on the strip

Yes it is. No name is allowed to be viewed on a public database without full consent (which I’m thinking there has been with this when agreeing to have name on strip)

[Purple & Green]

Given the close links between HSL by and club, I’d be really surprised if the clubs lawyers hadn’t ok’ed the publication.

I must admit I’m surprised because my understanding was that your name in itself is subject to GDPR, but I also think (and I might be wrong on this) that the member list should be in the public domain in much the same way as a shareholder list.

[Danderhall Hibs]

Interesting that only one player’s on the list though. Who all said they had joined - Allan, Lennon, Gray, McGinn?

[Bostonhibby]

GDPR*or DPA 2018 personal data*breach

A personal data*breach*is a*breach*of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. If you experience a personal databreach*you need to consider whether this poses a risk to people.

In light of the above I don't see that just having my name out there would create a breach so I'm happy.

Sent from my SM-A750FN using Tapatalk

[Beefster]

This quote is hidden because you are ignoring this member. Show Quote

As for GDPR, I don’t think it’s a breech as from the personal details released you cant identify an individual. It’s just a list of names. Also it would need a member to complain and proved they’ve suffered a determent because of this list being in the public domain

You’re wrong about GDPR. A name is personally identifiable information.

[BT58]

I noticed a few friends who have got duplicates, need to find out if they know this or its other people with exact same spelling. Im just surprised its not surname first. I have no problems with my name been shown, but was surprised that guys i know who said they were in are not now, perhaps have since left when Ron bought us over
B

[green day]

This quote is hidden because you are ignoring this member. Show Quote

You’re wrong about GDPR. A name is personally identifiable information.

I am not an expert nor looking for an argument, but interested in how a persons name alone can be "personally identifiable" in this context?

There is someone on the list with the same name as my cousin - who lives in London and has no interest in football, never mind Hibs.

[matty_f]

This quote is hidden because you are ignoring this member. Show Quote

I am not an expert nor looking for an argument, but interested in how a persons name alone can be "personally identifiable" in this context?

There is someone on the list with the same name as my cousin - who lives in London and has no interest in football, never mind Hibs.

It is classed as such, even though I agree with you.

[green day]

This quote is hidden because you are ignoring this member. Show Quote

It is classed as such, even though I agree with you.

Ta, so the very act of releasing it - even though it seems difficult to identify a specific person - is deemed a breach.

Sounds about right for these sort of regulations !!

[OfficialHSL]

This quote is hidden because you are ignoring this member. Show Quote

I'm not even sure that printing the names on the strip ,without the express permission of all members to allow this , would be allowed under GDPR.

Permission now needs to be sought and essentially you need to opt in to allow use of personal details to be used, of which full name is one , when previously you had to opt out if you didn't want to be included in such things. Therefore it's not sufficient to say folk could simply ask not to be involved , it's now the law (or my understanding of it) that people must expressively opt in rather than permission being assumed.

I know Hearts done this a few years ago but that would have been before the new rules came into play last year.

I'm not having a go at HSL, it doesn't bother me, but I do hope they have got all their ducks in a row as such. GDPR is an absolute minefield.

Can we please put everyone’s mind at rest. Like any other Company our list of Members is a matter of public information.
We did however also take the precaution of taking legal advice from Solicitors with particular expertise in GDPR.

Thank you to everyone who is responding with feedback. The vast majority of amendments we are making relates to inaccurate input by Members at the outset. For this reason it will take us a number of days to update the list and respond to emails. Please be patient. We will ensure by 20th October that the list is accurate.

Hibernian Supporters

[Beefster]

This quote is hidden because you are ignoring this member. Show Quote

I am not an expert nor looking for an argument, but interested in how a persons name alone can be "personally identifiable" in this context?

There is someone on the list with the same name as my cousin - who lives in London and has no interest in football, never mind Hibs.

That might be the case for 99% of names but some names are completely unique, even if only by spelling. Presumably that’s why names are classified like that under GDPR.

Bear in mind that taking this situation as an example, if Gretchen Blueballs is an HSL member, it’s unlikely to be the Gretchen from that tiny village in Austria and far more likely to be the Gretchen from Danderhall.

Anyway, HSL are confident that they’re on safe ground so it’s not an issue. My beef was with a poster stating an incorrect opinion.

[green day]

This quote is hidden because you are ignoring this member. Show Quote

.. the Gretchen from Danderhall..

You having Oktoberfest barmaid fantasies?

[Dom'sFirstTouch]

To provide a bit of clarity around the data protection questions being raised.

There's 2 key issues:
1) Is your name in this context personal data (and therefore covered by data protection legislation)
2) If yes to 1), is the processing of personal data compliant with data protection legislation

1) By the letter of the law yes. Personal data is information which relates to an identified or identifiable individual. A name relates to an individual and is a unique, or very close to unique, identifier. It's clearly very low risk personal data though and there's virtually no risk of harm and/or distress being caused by your name and the fact that you're an HSL member being disclosed to other members(I think it might be public info anyway?).
2) For the processing of personal data to be lawful, it must comply with the data protection principles. The key one here is the 'lawful, fairness and transparency' principle. To be lawful a 'data controller' must have a valid lawful basis for the processing of any personal data. Contrary to a common misconception, this does not need to be consent of the individual(s) (one of the biggest GDPR myths). There's six options: consent, contract, legal obligation, vital interests, public task and legitimate interest. For me it's in the legitimate interests of HSL to ensure the success of their intitiative, which potentially contributes significantly to their overall objective as an organisation. It's also in the legitimate interests of members to make sure their name, and an accurate version of it, is included on the strip. To me that outweighs any risks to individuals in the sharing of a list of members to members. I don't think there's any issues around transparency here either - HSL have been pretty open to members about this initiative for a while.

I could go into more detail here ( believe me, you don't want me to ) but in my opinion there's no issues here from a data protection perspective.

I'd encourage anyone with any issues to read the privacy notice on HSL's website which outlines more generally how they use personal data.

[Andy74]

This quote is hidden because you are ignoring this member. Show Quote

Can we please put everyone’s mind at rest. Like any other Company our list of Members is a matter of public information.
We did however also take the precaution of taking legal advice from Solicitors with particular expertise in GDPR.

Thank you to everyone who is responding with feedback. The vast majority of amendments we are making relates to inaccurate input by Members at the outset. For this reason it will take us a number of days to update the list and respond to emails. Please be patient. We will ensure by 20th October that the list is accurate.

Hibernian Supporters

You’re a private company limited by guarantee with no share capital.

I don’t see why the member scheme that you operate would be in any way a matter of public record.

[berwickhibee]

Ive paid in since it started. No email for me though😡

[Eyrie]

My name is on the list.

However I've just googled my name, and I don't appear on the first five pages of results. Gave up checking at that point as it's proved that my name on its own means nothing.

[hibby6270]

This quote is hidden because you are ignoring this member. Show Quote

Ive paid in since it started. No email for me though😡

Send an email to HSL - info@hiberniansupporters.co.uk - and point this out to them.
Happened to me originally but was sorted very quickly.

[dp00]

I wondered about the Hibs players who signed up too ? Any official line on it


Sent from my iPhone using Tapatalk

[Danderhall Hibs]

This quote is hidden because you are ignoring this member. Show Quote

You’re a private company limited by guarantee with no share capital.

I don’t see why the member scheme that you operate would be in any way a matter of public record.

Andy! Welcome back.

[NadeAteMyLunch!]

This quote is hidden because you are ignoring this member. Show Quote

Can we please put everyone’s mind at rest. Like any other Company our list of Members is a matter of public information.
We did however also take the precaution of taking legal advice from Solicitors with particular expertise in GDPR.

Thank you to everyone who is responding with feedback. The vast majority of amendments we are making relates to inaccurate input by Members at the outset. For this reason it will take us a number of days to update the list and respond to emails. Please be patient. We will ensure by 20th October that the list is accurate.

Hibernian Supporters

Thought I had reached full subscription but don’t see my name. Is this list now final or is there still time to make up any deficit and ensure my name is on there?

[Wilson]

Gretchen Blueballs?

[CapitalGreen]

This quote is hidden because you are ignoring this member. Show Quote

I wondered about the Hibs players who signed up too ? Any official line on it


Sent from my iPhone using Tapatalk

The list published is only those who are full members, it is not an exhaustive list of everybody who has signed up to HSL.

[jacomo]

This quote is hidden because you are ignoring this member. Show Quote

Andy! Welcome back.

Yay!

[Chuck Rhoades]

Can HSL respond to the question around player / manager names being missing please?

[eezyrider]

I just did a search to see if I could establish if releasing a name only could possibly breach GDPR and found this quite interesting:

" “‘[P]ersonal data’ means any information relating to an identified or identifiable natural person (‘data subject’).”

In other words, any information that is clearly about a particular person. But just how broadly does this apply? The GDPR clarifies:
“[A]n identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

That’s an awful lot of information. In certain circumstances, someone’s IP address, hair colour, job or political opinions could be considered personal data."

https://www.itgovernance.eu/blog/en/...-personal-data

EZ

[Salisbury Hibby]

This quote is hidden because you are ignoring this member. Show Quote

/

Im sure that sharing those membership names is against the new rulings

I'd like to check whether this is the case. According to the list and putting two and two together, a certain ex-member of Genesis is a Hibee. But probably not.

Sent from my SM-A520F using Tapatalk

[danhibees1875]

This quote is hidden because you are ignoring this member. Show Quote

I just did a search to see if I could establish if releasing a name only could possibly breach GDPR and found this quite interesting:

" “‘[P]ersonal data’ means any information relating to an identified or identifiable natural person (‘data subject’).”

In other words, any information that is clearly about a particular person. But just how broadly does this apply? The GDPR clarifies:
“[A]n identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

That’s an awful lot of information. In certain circumstances, someone’s IP address, hair colour, job or political opinions could be considered personal data."

https://www.itgovernance.eu/blog/en/...-personal-data

EZ

Someone else went into more detail earlier but while it's technically personal data that doesn't mean you're not allowed to do anything with it, so long as you have a legitimate reason for doing so.

HSL have a legitimate reason, for the advantage of both them and the members, to have shared that list to their members. It also doesn't adversely affect the rights and freedoms of these individuals which is generally one of the key things to consider when deciding if there has been a data breach.

The new GDPR laws can be a pain, but there's usually more wiggle room than you'd think.

[Salisbury Hibby]

This quote is hidden because you are ignoring this member. Show Quote

Someone else went into more detail earlier but while it's technically personal data that doesn't mean you're not allowed to do anything with it, so long as you have a legitimate reason for doing so.

HSL have a legitimate reason, for the advantage of both them and the members, to have shared that list to their members. It also doesn't adversely affect the rights and freedoms of these individuals which is generally one of the key things to consider when deciding if there has been a data breach.

The new GDPR laws can be a pain, but there's usually more wiggle room than you'd think.

As they have emailed each member, all they really needed to do was say "This is the name we have on record for you".

There is no need for me to know other members' names.

However, some thought should be given how to cover people whose email addresses may be out of date.

Sent from my SM-A520F using Tapatalk