Site audit to check personal data laws

Bill Goodwin

The Data Protection Commissioner has urged companies to audit their Web sites to make sure they are complying with...

Bill Goodwin

The Data Protection Commissioner has urged companies to audit their Web sites to make sure they are complying with regulations to protect the privacy of personal information.

The warning comes as the Commissioner is preparing to sift through Web sites to find out how many are complying with new data protection laws that came into force on 1 March.

"We are concerned that there is not much awareness in general of data protection issues," said David Smith, assistant data protection commissioner.

"With the rush to get onto the Internet, and the pressure to be seen to have a Web site, companies may not have been as careful as they should," Smith added.

The aim of the survey, which will be completed by the end of the year, is not to identify companies to prosecute, Smith said, but to identify how much non-compliance there is on the Internet.

"We are not looking to identify people to take enforcement action against. We want to know the extent of the problem and to find out how we can tackle things in the future.

"Our first action will be to advise organisations that are not compliant how to comply. It may be that if they ignore that, we will take formal action," he said.

Smith is urging companies to audit their sites to make sure they comply with guidelines issued by the data protection Commissioner.

Breaches of the data protection act on the Internet are "rife", said Nick Headly, partner at law firm Stephenson Harwood.

Common mistakes include collecting unnecessary data or burying details about data-use in parts of the Web site that are difficult to find or contain a lot of small print.

The new 1998 Data Protection Act is more stringent than its predecessor, the 1984 act. It covers paper-based and electronic records, stipulates security standards and forces businesses to keep records up-to-date and accurate. IT managers will have to work with other departments to ensure they comply.

Data Protection Audit

Companies should make sure they:

  • Inform customers what data is being collected and how it will be used whenever it is requested

  • Publish a privacy policy on their site
  • Tell users about any cookies that may collect information about them
  • Do not retain personal information unless it is necessary
  • Regularly delete out of date information
  • Ask for customers' consent before using data for marketing
  • Read more on Privacy and data protection