More and more businesses and other organisations are realising the importance of compliance with the Data Protection Act (DPA). Customers are becoming more concerned with their privacy. Whether their personal information is being harvested without their permission. So how do we make sure the websites we make for our customers comply with the law?
The UK Government has devised 8 general principals to guide us through the DPA. They state that all information gathered must be:
- used fairly and lawfully
- in use for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred to other countries without adequate protection
A lot of the websites we make collect very little information on their users. These websites are usually quite simple sites. The sites are used to provide people with important information about the owner’s organisation. They might contain pages to show products sold. Or things such as opening hours, details on how to contact staff members and so on. This means there is no way for the site user to actually submit information through the website.
More complicated websites will often contain all sorts of forms. A user can submit forms to provide the site’s owner with various types of information. For example, it is very common for our customers to require a simple enquiry form. With this type of form a user will generally submit their name, telephone number, email address and a message.
This is where we need to ensure each of the DPA principals is adhered to.
How do we store the information sent by a customer? Is there any way we can transfer the information to the site owner without having to store it at all? Do we have the right to ask for all the information we want and is it really necessary anyway? (for example, why ask for a telephone number if the site owner is realistically never going to call the user?) What are we going to do with the information?
Although complying with the DPA is ultimately the site owner’s responsibility, it is down to us as a responsible web design agency. We need to make sure that all information is stored in the most secure way and is seen by as few people as possible. As well as making sure that it is transferred over secure connections and that it can be easily removed when it is no longer needed.