Data protection regulations

Data protection regulations apply collecting information from your visitors through online forms, by e-mail or telephone.

If planning to collect information about other people through your web site you must comply with the Data Protection Act.

These obligations include:

Making it clear why information is being collected
Only using information for the purpose that it has been obtained for e.g. if ’newsletter subscription’ forms mustn’t be used for a telesales campaign, unless that option is also included on the form.
Ensuring users are aware their data is being collected. E.g. if an opinion poll is being used to also collect voters e-mail addresses, it must made clear prior to using the opinion poll.
Making sure the information kept is accurate and up to date.
Not keeping personal information any longer than necessary.
The data must not be passed onto anyone outside of the business without the individual’s consent.
Data must be stored securely e.g. using a firewall to protect data stored on your own computer or network.
Group e-mails must not be sent in such a manner that enables each recipient to see the e-mail addresses of all the other recipients.
Website owners are obliged to provide a copy of data held onto upon request.

Websites may not have to actually register with the Information Commissioner if only using the data for marketing its own business. However, registration is necessary if:

Collecting sensitive information, particularly credit card or bank details
If planning to use the information collected for research
If selling the information on to other businesses, as part of a mailing list, for example.

If registering with the Information Commissioner, register direct. Beware of consultants who offer to register businesses for a large fee.

ADDITIONAL SOURCES:

Information Commissioner’s Office – Data Protection and Freedom of Information advice
Legislation.gov.uk – Data Protection Act 1998