Call it what you like, the ICO e-privacy law, the cookie directive, or to give it its proper name, Directive
, but on the 26th
May 2011, the law regarding how online business can use cookies for storing
information on users’ devices changed.

What does that mean for you? It means
ensuring you’re compliant with the new law and avoiding a potential fine
of up to £500,000.

You have my
attention, but what’s a cookie?

In technology terms, a cookie is file which gets downloaded
on to a device when a user accesses your site. Cookies allow a website to
recognise a user’s device and store information, which can be used to analyse
customer behaviours, this can be anything from log-in details and browsing
history, to shopping cart contents.

So what’s changed and
why does this apply to me?

In a nutshell, it used to be enough just to state somewhere on your website how you used
cookies, and the steps customers could take to remove or stop them. Under the
new regulations, you now have to actively seek out permission from the user to
store cookies on their device, be it mobile or desktop.

The majority of cookies are simply used to ‘remember’
information about customers, but businesses must now take steps to audit their
cookie usage to understand and categorise them according to their level of

OK then, so where do
I start?

The best way of doing this is to ensure you have an expert, who has the tools and techniques to: 

  • Identify and analyse what
    type of cookies you are using, your current policies for obtaining consent
    from your customers and how you are using them
  • Grade your cookies as
    essential, non-essential and non-intrusive, non-essential and intrusive,
    or obsolete
  • Produce a cookie usage
    audit report – this will outline what each cookie is for, how intrusive it
    is, whether it is first or third party, how to get more information on it,
    and what to do about it
  • Produce a cookie usage
    statement to add in to website’s privacy section – this will outline what
    each cookie is for and how to get more information on it
  • Give general advice on how
    to ensure your website is compliant with the ICO directive as defined at
    the time of the audit

So I’ve done my
audit. What now?

Well, first of all, don’t panic. The government recognises
that with this kind of change in the law, a ‘phased’ approach must be taken
before it can be enforced.

If for any reason a complaint about cookie usage was
levelled against your business, you will be able to demonstrate with the
results of your audit, that you have understood the change in the law, and are
taking steps to ensure you become compliant with it.

The Government is giving leeway of a year to implement changes
to websites, but it’s vital for any business to begin the auditing process
immediately to satisfy the initial requirements of the new law.