The collection and use of personal data by e-businesses in the UK must comply with UK data protection laws. These laws are primarily contained in the Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Failure to comply with data protection legislation can, in certain cases, lead to criminal sanctions (with directors and other company officers potentially facing personal liability) and liability for damages, not to mention negative publicity.
The Privacy Policy outlines a business' practice in relation to any collection, storage and use of non-sensitive personal data as well as other important data protection issues that anyone running a website needs to consider.
Generally, to comply with the DPA, processors are required to gain consent before using, personal information. Including a link to a Privacy Policy on the website, which visitors can view before agreeing to send their data to the site, is one way of complying with the fair processing requirements under the DPA, although in practice, this will depend on the circumstances.
The Privacy Policy and Terms and Conditions of use are examples of a number of contracts that a business may be legally required to have in place when running a website or providing goods or services via online means.
For further information, please contact Andrew Tzialli on 020 8422 5678 or by email at Andrew.Tzialli@haroldbenjamin.com.
