Blackpool Displeasure Breach

I like watching football, but any real interest I had in following a club waned around the time David Hirst stopped scoring for fun for Sheffield Wednesday. I also came to be disillusioned by the advent of big money, with clubs run more and more as business concerns aimed at boosting the investments of shareholders.

So I hadn’t appreciated that convicted rapist Owen Oyston was still listed as Director of Blackpool F.C. Nor that his son Karl Oyston is Chairman. Nor that Karl’s son Sam runs the club’s hotel. It appears that at least some fans are highly critical of the Oyston dynasty, and this manifested itself in a rather puerile twitter exchange which was drawn to my attention this morning

Bw61QjoCAAEWYxL

To explain what’s going on here, a fan replies to a news item about the club’s manager, and calls the Oyston family “wankers”. Sam Oyston responds by identifying the seat the fan – presumably a season-ticket holder – occupies, and implies that if he continues to be rude the ticket will be withdrawn.

This is all very unsavoury, but it also raises concerns about the club’s handling of its fans’ personal data. The publishing of the seat number is not particularly worrying in itself: it refers to the fan’s physical place in a very public arena, and I doubt he would be bothered about it being publicised (he might even be proud, as it implies he is a dedicated fan). However, one must ask how, and why, the manager of a hotel run by the club has such ready access to customer details.

The first data protection principle of the Data Protection Act 1998 (DPA) requires that personal data be processed fairly (and lawfully) and the second principle requires that personal data “shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes”. If fans’ details are being accessed by the club’s hotel manager, in order to implicitly threaten them with removal of their right to attend matches, it would be difficult to see how this would be compatible with purposes for which they were obtained by the club, as data controller. I suppose it is just possible that the terms of the tickets explain that, say, abusive behaviour could lead to cancellation, but even so, it would be unlikely that this would cover what happened in the twitter exchange. One might also question whether, if someone apparently unconnected with the running of the club membership can access ticket data, the club has – in accordance with the seventh data protection principle – appropriate organisational measures in place to safeguard against unauthorised processing of personal data.

A data controller has a statutory obligation to comply with the data protection principles – a failure to do so opens it up to the possibility of civil claims being made against it, and civil enforcement action being taken by the Information Commissioner’s Office.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

7 Comments

Filed under Data Protection, Information Commissioner, social media

7 responses to “Blackpool Displeasure Breach

  1. The Oyston Clan are not interested in Blackpool F.C. its time the real fans stood up and got voted by terminating season tickets boycotting all home and away matches The Clan are only interested in making money at the fans expense take the money away and make them sell the club

  2. Sam Oyston
    ‏@samoyston
    Before any more lies are published about me regarding data protection I confirm I intend to prosecute all those who make such allegations.

  3. Stanley Matthews

    Rather foolish of young Sam really, especially seeing as the fan in question could quite easily make a complaint to the Information Commissioner by contacting using this link! https://ico.org.uk/Global/contact_us

  4. Pingback: Blackpool Displeasure Breach, redux | informationrightsandwrongs

  5. Pingback: Fortifying Networks – Blackpool Displeasure Breach, redux

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s