Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2002 >  June 2002 >  42% of UK web sites do not have a privacy policy

42% of UK web sites do not have a privacy policy

OUT-LAW News, 07/06/2002

A data protection survey of 170 web sites in the UK, including the country’s most visited sites, found that 42% of sites did not post any form of privacy information and of those that did, only 5% were intelligible to the average reader.

The report, entitled “Study of compliance with the Data Protection Act 1998 by UK-based web sites,” was carried out by the University of Manchester’s Institute of Science and Technology (UMIST) and the Office of the Information Commissioner.

The following were among the study’s other findings:

  • There was "good general awareness" of the Act across both large and small companies.
  • Large companies and those within regulated industry sectors demonstrated a high level of compliance. Smaller companies or those in unregulated sectors had a low level of compliance. The report comments: "those who were compliant tended to be so more by accident than by design." It continued, "Even the best examples were not 100% compliant, the key areas for concern being those of data retention and data security."
  • A common problem is that data back-ups are not secured against falling into the wrong hands. Only 37% of small companies have any kind of data security policy. Encryption was rarely mentioned or used. When one web site operator was asked about data security, the reply was that he or she "lived in an apartment block with a security man in reception."
  • Web site terms and conditions sometimes contradicted the site's privacy statement.
  • Many small companies wrongly assume that their ISP, when it stores their customer data, relieves their responsibility for compliance.
  • Many organisations fail to understand the meaning of "data collection." They assume that if they haven't explicitly asked for the data then they haven't "collected" it - such as data entered by individuals in e-mails, chat rooms and discussion groups.
  • Privacy statements were rated out of a maximum score of 100 for ease of reading - i.e. using plain English to explain how data is collected, used etc. The average score was 45; the maximum score, achieved by an unnamed bank, was 62.
  • 42% of sites did not post any form of privacy information. Of those that did, only 5% reached a recommended level for intelligibility to the average reader. "Financial and insurance sites faired worse, while children's sites, travel and retail sites scored better."

To assist organisations in achieving compliance, the specialist information law team of Masons, the firm behind OUT-LAW.COM, offers a web site review service which will provide an organisation with a report and recommendations for web site compliance. A range of follow-up services can also be provided to ensure that an organisation achieves and maintains compliance.

For further information, please contact Louise Townsend by e-mail or by telephone on 0161 234 8359.

 

 

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.