Not something I'm getting my knickers in a knot about, but I'm interested in a certain aspect of data protection & privacy. I deal with confidentiality a lot at work & the following just doesn't seem right. I was dealing the other week with a volunteer who administers access passes for a shared leisure facility for a building on behalf of a voluntary mangement committee. The volunteer mentioned that they'd caught out someone abusing the facility because they could tell from a computerised record when the person had entered & left the area. It appears each access device is linked to an individual user & when the device is used this is logged. My query is, is this legal? I asked the volunteer who said words to the effect of, "oh don't worry about privacy or data protection, only the committe & I can access these records unless the police or someone asks for them".