CEO at Econsultancy
21 October 2000 16:58pm
Did you know that the UK Data Protection Act 1998 requires every data controller who is processing personal data to notify unless they are exempt? More importantly did you realise that failure to notify is a criminal offence? Could you be breaking the law?
Data protection is an increasingly big issue. This is driven in part by consumers who want to know that their personal data is being handled in the proper manner, in part by the industry which wants to be seen as professional and credible and in part by government bodies eager to bring some law and order to the Wild West of the internet. All this means that where perhaps a blind eye was turned in the past (maybe there wasn’t even a blind eye to turn…), you cannot afford to ignore privacy and data protection issues any longer.
If you are UK based then you can find most of what is below and more at the Data Protection web site at http://www.dataprotection.gov.uk
The Principles of Data Protection are that anyone processing personal data must comply with the eight enforceable principles of good practice. They say that data must be:
1. fairly and lawfully processed;
2. processed for limited purposes;
3. adequate, relevant and not excessive;
5. not kept longer than necessary;
6. processed in accordance with the data subject's rights;
8. not transferred to countries without adequate protection.
For a full explanation of the principles go to http://wood.ccta.gov.uk/dpr/dpdoc.nsf
1. So who needs to register?
- Every data controller who is processing personal data must notify unless they are exempt.
- A data controller is a person who determines the purposes for which and the manner in which any personal data are, or are to be processed.
- Personal data means data which relates to a living individual who can be identified from those data or from those data and other information which is in the possession of the data controller.
Find out more on the above at http://www.dpr.gov.uk/notify/2.html
2. How do you notify?
- By Internet. You can complete the notification form on-line (http://www.dpr.gov.uk/notify/4.html ), print it and send it in.
- By Telephone. You can telephone the notification help line (01625 545 740) and a draft notification form will be sent to you based on the information you will be asked to provide on the telephone.
3. How much does it cost?
Every notification must be accompanied by a fee of £35.00 (VAT nil) The period of notification is one year. The Data Protection registry does not send invoices but will acknowledge receipt of payment. After this time a continuation fee of £35.00 must be paid.
4. How long does it take?
There’s probably no standard length of time but in my case the whole process took 2 weeks.
5. What if my site gets rejected?
5. How about Privacy Policies / Statements?
The 7 key questions that you have to answer to the satisfaction of TRUSTe are:
1. What personally identifiable information of yours or third party personally identification is collected from you through the web site
2. The organization collecting the information
3. How the information is used
4. With whom the information may be shared
5. What choices are available to you regarding collection, use and distribution of the information
6. The kind of security procedures that are in place to protect the loss, misuse or alteration of information under your control
7. How you can correct any inaccuracies in the information.
For information on how to join the TRUSTe scheme go to http://www.truste.com/webpublishers/pub_join.html
The cost of joining:
Company's Annual Revenue / Annual Licensee Fee:
$0 - $1 million / $299
$1 - $5 million / $399
$5 - $10 million / $599
$10 - $25 million / $1,999
$25 - $50 million / $2,999
$50 - $75 million / $3,999
$75 million and over / $6,999
Free market research on digital marketing
Daily Pulse: award winning newsletter
It takes 30 seconds to register