• Keeping mum?

    A few people have contacted us, concerned that the free availability of indexes to births compromises their identity security.

    The widespread use of mothers’ maiden names and dates of birth as passwords (NOT security checks) worries us, too. The problem isn’t particularly that this data is widely available, from numerous sources, the problem is that it is relied upon as a form of password, usually on multiple sites. Long story short: if you have used your mother’s maiden name as a password, or a place name as a password, please CHANGE IT NOW.

    INF3-273 Anti-rumour and careless talk Be like dad - keep Mum

    The source of the misplaced faith that your mother’s maiden name is not easy to discover using a wide variety of means?

    Unfortunately, there used to be a reliance on easy to remember passwords (aka "security questions") such as 'mother's maiden name' and 'place of birth'. This is a dangerous practice, and is not recommended by the government: https://www.cyberaware.gov.uk/passwords. However, despite advice from the Home Office, some companies continue to use them. If one website is hacked, that data becomes associated with your email address and potentially other passwords or personal data. We therefore advise people not to use websites that ask for such information as passwords, and if they still wish to use the website, to use real passwords instead (no one is going to be checking up that DeputyDawg is not your mother’s maiden name / place of birth, except in some very special circumstances), but a strong password, as described in the above link and to use different passwords on each site used.

    If you struggle to remember the dozens of passwords you already have (and the additional dozens created when you change good-old-mum to a number of strong passwords is going to result in a lot more forgotten passwords)there are now a number of password management tools/devices which you could look into. For example, many browsers have a simple tool. However you need to be careful that if they share the passwords with your phone, tablet, or other device that might get stolen or mislaid, that it is protected with a master password or security number (not your year of birth). Alternatively, you can use an online password vault or safe (you just have to remember one password). For added protection, you can encrypt the document you store the passwords in, too.

    Using mother’s maiden name or place of birth in essence creates the same password on multiple websites, (and the fact that it is being used shows they are websites run by companies with little regard for data security), but this is not the only problem: these are both easily found.

    Sometimes, when you’re asked to give your date of birth, this is a legitimate check as to who you are and/or how old you are. For example, if you have an interest in alcoholic drinks and visit a website that promotes one, you may be required to declare that you are legally old enough to drink in your country, and provide your date of birth. I personally feel that it's fine to answer that you were born on 5 June 1952 when in fact you were born on the 5 February 1955 in these circumstances. Sometimes it is used to check that you are you, not another Jo Smith - for example at every stage during a medical procedure where one patient can get substituted with another by accident. This seems to me to be reasonable - the identification does need to be something that will be memorable without recourse to a computer, and memorable when one is perhaps very ill and confused.

    Rarely are dates/places of birth, or mothers’ maiden names truly used for security purposes (as opposed to as pseudo-passwords). The last time I can remember being asked for genealogical data was on an application for a visa for India a couple of years ago. The Index information on FreeBMD and in other search engines which can be searched for a fee (or for free in many libraries) is actually not very useful on its own for answering such questions - one of my grandmothers, for example, was born in a small Northamptonshire village - and that is the answer I (correctly) put on the form. But the place name in the index is not the birth town/village: it is the Registration District for that place - which can even be a location in the next county. While more recent registrations contain the full date of birth, most are only identified by quarter of registration. Since the parents have 42 days to register a birth, it is not uncommon for the birth to be registered in the following quarter. So FreeBMD was no help for filling in the visa application in this area either.

    I would like to reassure you that the data we show to the public is not behind a sign-in or paywall, and we intend to keep it this way because it is public data, which we make freely available to achieve our aims as a charity. Those who give us permission to transcribe are free to put restrictions on access to the index and transcriptions, which we always honour by not showing the data until the date specified / time elapsed required. For FreeBMD, this permission is given by the Government.

    Liability disclaimer: The above advice is based upon that given in https://www.cyberaware.gov.uk/, and you should check this or similar resources.  We have not investigated the advice given by this website, and you should not rely on the information as we have presented it here and can take no responsibility for any loss that results.

  • FreeUKGEN Trustee News

    A warm welcome to our new trustees!

    We are delighted to introduce the newest members of our Board of Trustees.

    Giorgio Abraini has been with us for almost a year, and has given Free UK Genealogy the great benefit of his background in finance and economics.

    More recently, we have appointed Andrew Turvey, Alexandra Eveleigh, and Linda Baines to the board.

    Andrew has a background in accounting and risk management and has been a keen family historian for over 30 years. He is passionate about Open Data, being a founding trustee of Wikimedia UK, the charity that promotes and supports the Wikipedia family of websites within the UK. 

    Alexandra is a professional archivist by background and currently Collections Information Manager at Wellcome Collection in London, UK where her role complements her research interests in public participation in library, archive and museum contexts.

    Linda is an independent researcher, who previously worked as a senior manager for a public sector science and technology organisation.

    We are pleased to be able to further develop the range of skills and experience for the successful management and sustainability of the organisation.

  • Married couple transcribe more than a million records in FreeREG

    Volunteers' Week 2018

    It's Volunteers' Week 2018, and we're celebrating the fantastic achievement of our dedicated transcribers! 

    Married couple Maureen and Stuart Tokely, who live in Australia, have been transcribing for Norfolk since Sep 2007 and have recently passed one million records between them. Their transcriptions account for nearly one sixth of all of the Norfolk records. 

    Here, Stuart tells us about their experiences transcribing for their 'home' county.

    Maureen and Stuart Tokely (c)

    Although we now live in Melbourne, I was Norwich born and bred and Maureen moved down from Sunderland when she was about 9 months old so I suppose we could call her an adopted Norfolk Dumpling!  We emigrated with our children in 1974 and although we are now naturalised Australians, I like to think like Nelson, who famously said "I am a Norfolk man and glory in being so."

    Through transcribing for FreeREG, it is amazing how much we have learnt about a county which I thought I know inside out.  I regularly ask "Where on earth is that?" and have to refer to maps to locate villages I have never heard of.  We have a copy of White's Norfolk 1891 which belonged to my great grandmother and also a copy of White's 1845 which we bought on our last visit to Norwich.  We regularly refer to these and find many fascinating historical facts about the towns and villages in Norfolk that we were unaware of.

    Maureen and Stuart are the strong foundation of the success of FreeREG in Norfolk.

    Norfolk Coordinator, Julie Harold

    Maureen told us that Stuart has more time to transcribe for FreeREG: "While I cook, clean and bottle wash, Stuart sits there and transcribes but at least it keeps him out of my hair!"

    They hope to continue as transcribers for many years yet, but are dreading the day when Norfolk is 'done and dusted'.  Stuart says "I suppose we could always help with another county but it would not be the same as dealing with our 'home' county".

    Here at Free UK Genealogy, we are incredibly fortunate to have so many active transcribers enabling us to make more family history records available for free on our websites.

    To all of our volunteers, we send a huge vote of thanks this Volunteers Week!

  • How will GDPR impact historical records?

    The General Data Protection Regulation (GDPR) comes into force on the 25th of May 2018. Designed to augment existing Data Protection rules, the principles as set out in Article 5 show clear requirements that all personal data held by anyone must be stringently and transparently collected, stored, processed and preserved or removed, and will result in heavy fines for breaches and failure to comply.

    Genealogy services that store and process data are having to review and strengthen their procedures; for example WikiTree are removing DNA test information on living non-members. Family historians may understandably have questions about what the GDPR means for genealogical research… will we still be able to order birth, marriage and death certificates for living people?  Will the harsh rules and measures lead to the destruction of records that could be of future genealogical interest? What about other personal data that FreeUKGEN holds?

    Records on Free UK Genealogy websites

    While many of the records on our websites are about dead people, some Record Subjects are living people, and thus regulated by GDPR. Very occasionally, a record focussed on a dead person will contain information about living persons - for example, a burial record can state someone is the widow, or widower, of a named living person. 

    We collect and process publically available register and census information including personal data about a Record Subject’s birth, baptism or other similar entry into a religious body, marriage and marital status, occupation (e.g. ‘groom’s occupation’), gender, age and other personal data as is recorded in historical documents. We consider it is legitimate to process this information for research purposes, including statistical and historical purposes. Further, many of the records we process provide public access to official documents,  including indices of Birth and Marriage, and registrations of marriage these are likely to be, additionally, covered in an exemption.

    Destruction of records

    Article 5 states that “...further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes”. (Article 5)
     
    In the recent ‘Windrush immigrants’ case, a former Home Office employee reported that landing cards of people who have lived in the UK for many years, which were used to establish their status were deliberately destroyed by the Home Office in 2010. Responding to the claim, the Home Office admitted that records were destroyed but claimed that this was necessary to comply with the Data Protection Act (DPA). However, the Board of Trade had transferred comparable historical records to the National Archive (BT 26 Inwards Passenger Lists 1878 to 1960), and government departments continue to do this. For example the surviving aliens' registration cards for the London area as recently as 1991, which survived by accident, have been transferred, and are now open records.You can find them on the National Archive here. 

    It is a real concern that the fear of incurring large fines may drive organisations to destroy business records that could be a rich source of genealogical information. It is easy to see how managers and Data Protection Officers may believe that destroying documents holding personal data removes any risk of mishandling. We have seen such a case on social media involving a local funeral director with 45 years worth of records. Worried that their small business doesn’t have the time, money or expertise for further processing, they arranged for the historic records to be shredded.

    It is clear that the GDPR highlights the importance of effective records management and should help drive the case for investing in new information management technologies and programmes. Businesses could donate records that are no longer needed by them (e.g. no longer covered by a contract) which nevertheless have research value to an appropriate research institution, such as a local archive, or transfer to a business archive.

    Record Disposal Policies of local councils often include provision to ensure that records of potential historic interest or research value are identified and transferred to their Archive Service. This would have to be done with the agreement of the Archive Manager, going through the formal accession or deposition process that must take into account already strained resources such as storage space and staff to manage and maintain the records.

    The ARA are arguing for “clear language in any UK and Irish implementing legislation that ‘all archiving purposes are in the public interest’ and therefore all archives have a clear legal basis to exist and do their invaluable work.”

    Other personal data that is held by Free UK Genealogy

    Free UK Genealogy holds data for a number of other reasons that are permitted by GDPR (and its predecessors):

    Contract: e.g. we have (unwritten) contracts with our volunteers - in order that they can transcribe, we have to send them images or links to images, and in order to do that we have to hold and process their email addresses.

    Legal: e.g. some people, very kindly, permit us to claim Gift Aid on their donations.  We have a legal obligation to pass their names and addresses on to HMRC, and hold and process this information to do this.

    Legitimate interests: we include information about our legitimate interests in our forthcoming revision of privacy information. We hold, for example, the names and email addresses of people who have contacted us using our contact form, in order to be able to reply to them.
    We don’t have any ‘vital’ interests (data held/processed to save lives) and we don’t (at the moment) carry out ‘public tasks’ (if a public body delegated tasks to us, we would do).

    Consent: where we have no contract, legal or legitimate interest, we need to ask for consent to hold and process data (for example, in the past we have sent invitations to test new features, notices of forthcoming meetings, and similar to our newsletter mailing list.  While we hold and process the personal data of who has signed up for the newsletter as part of a contract (they ticked a box saying they wanted the newsletter), they didn’t sign up for additional emails - so we have asked that they give us explicit consent for each additional kind of mailing. Consent is the ‘last straw’ of legitimate data holding and processing.

    infographic

    If you would like to know how we handle the data we hold, you can read our updated Privacy Notice here https://www.freeukgenealogy.org.uk/files/Documents/Privacy-Notice.pdf