Rifle clubs across the country are scratching their heads after the NRA issued a letter stating that fullbore shooters’ names and ages must be supplied to them by affiliated clubs – with some people worrying the move may be linked to insurance.
The letter, seen by UK Shooting News, is headed “Club Certification for Bisley and MoD Ranges 2016”. The key paragraph is bolded in the original and reads:
The NRA now requires all clubs, schools and associations to provide them with the name and age of their certified members to ensure that all members are fully certified in the case of any reported incidents. We have enclosed a form for completion. Should any certified member of your club leave in the year, their certification card should be returned to the NRA with immediate effect.
Members of the popular UK Fullbore Target Rifle group on Facebook were discussing the situation last night, with the NRA’s reasoning being unclear. Some members reported that they had been told the change was to do with insurance, explicitly linking the NRA shooter certification card (SCCs) to whether affiliated members are insured to shoot.
NRA SCCs are required for anyone shooting a fullbore rifle at Bisley or on a Ministry of Defence range. They are required by the MoD and the NRA as a condition of range use. Although a fee is payable for the issuing of SCCs, they have never been linked to insurance before.
If this is a change in insurance policy from the NRA, it will cause affiliated clubs a lot of upset. The NRA insurance package, while comprehensive, is not the cheapest club insurance product on the market; for example, many clubs opt to use the NSRA insurance scheme, which is effectively bundled with affiliation to the association. Where would a change in NRA SCC policy leave shooters whose clubs aren’t insured via the NRA – or, indeed, those shooters who have personal insurance through BASC or one of the other shooting associations?
Data protection concerns
The transfer of personal details from clubs to the NRA is also legally troublesome. Under Schedule I of the Data Protection Act 1998, “personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.”
Where rifle clubs have acquired members’ personal data for the purpose of administering their memberships, your correspondent – who is not a lawyer but knows a thing or two about the DPA and what happens to organisations that get it wrong – believes it would not be lawful to transfer any details on to the NRA without explicit consent from members.
Registration with the Information Commissioner is not a defence against unlawfully transferring personal data (i.e. sending people’s personal data to external organisations without their explicit consent); companies are regularly fined for doing exactly this.
It is worth noting that small not-for-profit organisations which only process personal data for the purpose of establishing or maintaining membership are exempt from the normal requirement to register with the Information Commissioner’s Office as a data processor.
As the ICO website states: “In practice, you often need to get prior consent to use or disclose personal data for a purpose that is additional to, or different from, the purpose you originally obtained it for.”