Electronic voting in the BCA

2xw

Active member
Hello,

At the recent BCA AGM, Tim Allen proposed:
?The  BCA  to  investigate  a  process  of  electronic  voting  on  motions  and  nominations  properly  presented  to  the  Annual  General  Meetings.  This  process  to  be  founded  upon  that  used  for  the  2017  ballot  but  with  greater  use  of  professional help.  The  process,  and  any  constitutional  changes  required  to  implement  it,  to  be  presented  to  the  2019  AGM with  a  view  to  full  implementation  at  the  2020  AGM

It passed and I'm on the council so I'm investigating this.

There are a few constitutional and policy issues with electronic voting but these can be dealt with internal to the organisation.

I have a quote from one provider of electronic voting, UK engage (https://www.uk-engage.org/) and I am seeking a quote from another, the ERS (https://www.electoralreform.co.uk/). Both of these, I believe, would require the BCA to share email addresses with these two organisations, for which we'd need permission.

Whilst I am looking into this, is there anyone on the forum (or off it!) who has experience with this type of thing, and can help me with
1. finding other UK based providers (I've been avoiding American for sake of GDPR)
2. dealing with information sharing issues
3. Just general advice, opinions etc.

Drop me a PM and I can give you an email or telephone number if preferred.

Cheers
Will
 

SamT

Moderator
Is it worth speaking to someone in the BMC.

They've been doing email balloting of their membership for their somewhat similar constitutional issues at the moment. 
 

alastairgott

Well-known member
2xw said:
1. finding other UK based providers (I've been avoiding American for sake of GDPR)

Sorry 2xw [start rant] but I've had computer says no quite a lot about GDPR. I've had spreadsheets with passwords sent to me which can be cracked in at most 4 attempts and are often cracked with no clues in one attempt. I've also had spreadsheets sent to me and then the very next email the password is included so you can see the password even without needing to open either email (but still I could have cracked it straight off regardless).

I don't think there is any harm in at least getting a quote for overseas (USA) suppliers, if it proves better or cheaper in the long run, then it's worth a shout. Given the BCA could potentially need to ballot on 3 (give or take) different questions in a year, with maybe 5 years with one company, potentially 15 votes.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/
ICO.org.uk said:
Are there any derogations from the prohibition on transfers of personal data outside of the EU?

The GDPR provides derogations from the general prohibition on transfers of personal data outside the EU for certain specific situations. A transfer, or set of transfers, may be made where the transfer is:
?made with the individual?s informed consent;
?necessary for the performance of a contract between the individual and the organisation or for pre-contractual steps taken at the individual?s request;
?necessary for the performance of a contract made in the interests of the individual between the controller and another person;
?necessary for important reasons of public interest;
?necessary for the establishment, exercise or defence of legal claims;
?necessary to protect the vital interests of the data subject or other persons, where the data subject is physically or legally incapable of giving consent; or
?made from a register which under UK or EU law is intended to provide information to the public (and which is open to consultation by either the public in general or those able to show a legitimate interest in inspecting the register).

The first three derogations are not available for the activities of public authorities in the exercise of their public powers.

[/end rant]

I agree with Sam though, if both the BMC and BCA are both going through the same thought processes, it would be worth opening a dialogue and asking probing questions. We need not follow their example on whatever company they choose.
 

2xw

Active member
Dear both,

Thanks for the suggestions.

Just to be clear, the type of voting I'm looking into for this isn't just for constitutional ballots, its for everything that anyone can vote on at an AGM, including non-constitution related proposals and officer positions.

The BMC do already use the ERS which is one of the companies I mentioned in the original post. It's a pretty easy platform, but they do have a bit of a complicated proxy vote system.

Regardless of the proxy system, it works like this:

On Friday 18 May, ERS will email all members a secure link and security code to enable members to cast their vote online.

Those members who do not have an email address will receive their information by post.
The instructions will contain links and/or unique security codes to use when voting. The codes are unique to individuals and should not be shared with any other person.

This is how most companies seem to work.

As regards GDPR Alistair, what I mean is that if we're going to share 5000 member emails with a 3rd party it's probably got to be one that will be GDPR compliant and they mess up (and BCA members start receiving PPI emails), if it's UK based it is easier to have some recourse. In addition, one of the included costs will be email and telephone support provided to voting members, which is a bit easier if you call a UK officer rather than Alabama.
 

JasonC

Well-known member
Apart from the last - good - point that 2xw makes, I can't see GDPR being a major obstacle.
Consent to share emails could be sought from members and any that aren't happy about it can continue (or not!) to attend BCA meetings in person as they do (or don't) now.

Even if all our mail addresses were stolen by Russian hackers, it would hardly be the end of the world, it would be just one more shovelful of s**t to add to the mountain we get already.
 

alastairgott

Well-known member
Sorry 2xw, i'll stop going off topic now, all this extra "security" just makes my head spin. I'm sure its going to cause grief between Financial Auditors who want specific information and the information provided under the auspices of GDPR. I feel like the Prisoner. (except we're not even allowed a number!).
 

Bob Mehew

Well-known member
As I am feeling a bit peevish, I will contribute what some may consider to be the equivalent of a gallon of petrol.

When you join a club, the club normally makes it a condition of membership that you supply certain information.  Many say they just require names and addresses.  There is no reason why that demand (for that is what it is) cannot be extended to cover an email address which will be used to send membership information.    No name, address and email address, no membership - pure and simple.  (The club could even offer a service of providing email addresses for those who don't have them to side step accusations of barring certain types of people.)

The club could then go onto make it a condition of membership that voting is only by electronic means. 

These demands are not going against GDPR as the option is don't join if you don't want to provide the information / vote in such a way.  The information stored does then have to be kept according to GDPR requirements. 

The club can then request other information which is optional and for which GDPR applies to both how it is sought from the member and how it is kept.

For information, the following is an extract from BCA's new privacy notice:

We collect contact and membership details in order to provide membership services.

That includes, but not limited to, the administration of joining and renewals, distribution of publications, organising event and training courses, access to the training qualifications service, insurance.


And for the pedants, if you make the provision of all data optional, then you can have members with no names or even addresses.  I understand one club did get itself into this position.
 

ZombieCake

Well-known member
The P in GDPR is Protection, not Prevention. It shouldn't be used, like Health and Safety often is, as an excuse to hide behind and not to do something.  A lot of it is really just common sense and fair play, which unfortunately is completely alien to a number of very dodgy organisations hence the need for the legislation.
 

2xw

Active member
Which is a good reason, almong a few others, to use UK companies.

Does anyone have any other thoughts on having an electronic vote system

(And can I ask mods to split this thread to somewhere else if people would like to further discuss data protection legislation)
 

Badlad

Administrator
Staff member
Glad you took this on 2xw.  I imagine the professional voting companies like ERS would offer good advice.  Also a call to BMC in Manchester would probably find the help as has been suggested.  Perhaps the Sports & Recreation Alliance which BCA are members of would be able to help,  They have a pretty big staff and offices - I've been there and found them very willing.

I would expect any GDPR issues could be easily overcome.  There is no intention in the Regs to interrupt democracy.  When BCA voted on the CRoW poll four years ago they used ERS.  I think the secretary's biggest problem was getting the data in the correct format for acceptance.  That should have improved by now but worth checking out further.

If consent or similar needs to be included with the membership renewals/application these go out towards the end of the year.  Best to check cut off date and when these are printed with Wendy/Cookie. 

I think one of the deeper problems with BCA is that they do not connect directly with club members.  This then places the onus on a club secretary to collect membership data and the quality of this can vary widely.  Something for longer term reform.

At present around 40 members attend the BCA AGM and they are the only ones who can vote out of a membership if 6000.  Electronic voting coupled with future reforms should see that increase significantly.

Good luck
 

GarDouth

Administrator
It's a pretty simple system to build, at least as far as is required for BCA. The advantage would be simplicity and having it hosted on BCA web servers meaning that details don't need to be shared outside of the organisation.

I would be happy to discuss it if someone wants to drop me an email about what requirements the BCA would have for it.

gardouth@hotmail.co.uk
 
Top