UK organisations should keep data collection to a minimum to
reduce the risk of contravening theData Protection Act, says the Information
Commissioner's Office.
"If you haven't collected it, you can't lose it," Dave Evans,
senior data protection practice manager at the ICO told the
Inbox Out conference in London yesterday.
Good data protection practice means collecting only data that is
absolutely necessary, he told mainly e-mail marketing practitioners
at the electronic messaging conference.
"Anyone signing up to online services such as newsletters should
have to answer only the minimum of relevant questions," Evans
said.
He cautioned that asking for more information than necessary
could also make people suspicious and have a negative effect on
their confidence in an organisation.
"Independent research for the ICO has shown that 85% of people
in the UK avoid giving personal details wherever possible," said
Evans.
The number of people who are concerned about the protection of
personal information has increased 34% in the past year, he
said.
"Customer confidence is easily lost," warned Evans.
Businesses should therefore avoid using personal data for any
new purpose that would not be expected by the individuals involved,
he said.
"Organisations must be clear and honest about how they intend to
use personal information when collecting information and stick to
that commitment," said Evans.
Similar guidelines apply to
tracking people's online behaviour for marketing purposes, he
said.
"Collection and use of such information can be done only with
consent of individuals involved," he said.
Organisations using this marketing strategy must tell online
users what they are doing, give them the choice of opting out and
must respect that choice, said Evans.