Changes to our privacy policy

There’s a new version of the GovCamp privacy policy now live on our site. You can compare the old and new versions using this Google doc.

Why are we making this change?

We made a mistake in applying the policy particularly in relation to data retention, and we want to be open about that, detail what happened, and change the policy so it’s appropriate.

The bit of the policy that we’ve changed used to read:

attendee data is deleted after the event

sponsorship information is kept while the event is still running so we can contact them again in future.

We reviewed the policy as part of preparing for this year’s event, and identified two areas where this hadn’t been adequately enforced in the past:

1. Management of code of conduct breaches. We kept attendee data after events in order to ensure that we could know if someone who had breached our code of conduct had applied for tickets for a subsequent event, and manage this appropriately.
2. Ensuring fair ticketing. We kept attendee data after events in order to ensure fair ticketing (deprioritising attendees who had previously signed up but not attended, without letting us know). This enabled us to know if someone had applied for tickets and not used them in the past.

We also realised that the wording of the policy on sponsorship information was unclear about whether data would be deleted after each event, or held indefinitely to support the organisation of further events.

What’s the impact of this?

We believe that the impact to attendees and sponsors is small. Only ukgc organisers (approximately 8 people) had access to this data at any time. But we still think it is important to update the policy to ensure that this is clearer moving forward.

What are we doing now?

What we’re doing now is this:

1. Updating our privacy policy to reflect the ways we want to use data to ensure the safety of our participants, and fair access to tickets
2. Deleting all data on attendees that we’ve held up to now, as it was gathered under a policy which said we would. The exception to this is that we will keep the data of anyone who has previously breached the code of conduct. We’ll keep this data as part of an exclusion list, on the basis that it is in the legitimate interests of ukgc and our attendees.

The relevant part of the privacy policy now reads:

attendee data is kept after the event so we can ensure the safety of attendees from year to year, and work so that ticketing is fair.

sponsorship information is kept after the event so we can contact them again in future.