Join Now! /
View Our Toolkit

Why you should care about your website privacy notice

Startacus RSS

by Startacus Admin

Over the last few weeks Thomas Taylor a director at Legal Document provider Net Lawman has written some fab posts for Startacus. First up came why forming a company shouldn’t be a priority when starting a business and then last week Thomas returned with an equally burning dilemma - If your Co-founder Left, Who Would Own Your Business? 

This week Thomas returns, to highlight why you should care about your website privacy notice. Over to Thomas to explain all...
website privacy notice

Having a privacy policy is nothing new. For years, website owners have been telling their visitors how they use personal data.

There have been two reasons: first, to re-assure visitors that their data is safe, that you will not sell it or spam them with marketing messages; and second, because the Data Protection Act 1998 provides that they must comply with certain rules. Compliance is administered by the Information Commissioner’s Office (“ICO”).

After several small changes, the rules changed dramatically with the Data Protection Regulations 2013. To emphasise the changes, they even came up with a simple new name for the document: a “privacy notice”. (The new regulations are technically part of the Act.)

The ICO suggests placing the information you need to provide in a privacy notice, and making that page available from any page on your site. In that way, you comply with the need to make the information accessible whenever someone might need it. Most sites link to it in the footer.

The main changes are:

  1. Your privacy notice must contain a lot more information than before.
  2. Your obligations to comply are greater.
  3. There is a whole new obligation around cookies. You have to ask every visitor to your website whether he trusts you with your data – hence those little pop-ups about cookies everywhere.

Every one of us who runs a website is also a private individual. We like to be free to choose what specific things other people know about us – no matter how freely we use social media. The present Act appears to be powerful and it does protect us to some extent. However, where cookies are concerned, many website operators agree that the rules are “overkill”. But that is how it is. If your website uses cookies, it has to show one of the many variants of pop-up notice you now see everywhere, and it has to show a privacy notice to explain what it is all privacy notice

There are exceptions. If you use social media accounts as a front for your business (such as a Facebook page), or your store is within another site, such as Etsy, Amazon or eBay, then it is the responsibility of the store provider or social media site to inform visitors.

The law aims to make sure that information is collected and used fairly and transparently. It should, provide an individual with information about the organisation; how the data will be used; and who the data will be shared with. It must take in to account the current use of the data as well as likely future uses.

The Information Commissioner’s Office (ICO) has created a “Code of Practice” (which is well worth reading) to guide businesses as to what they should tell their visitors and customers. Although you don’t have to follow the Code, you do have to comply with the law, and following the Code is the easiest way to do this.

The Code is based on eight principles. We can summarise them in six as:

  1. You take personal information only if you really need it for your transaction with your user and the extent that you need it.
  2. You must not keep the data longer than you need it.
  3. Personal data you record must be accurate and kept up to date. (There is no help with how you are to do that. We assume it applies only to date you do not take directly from the human owner).
  4. You cannot keep the data for longer than you need it for the purpose for which it was given.
  5. You must take technical steps to prevent unauthorised use of the data, loss of it or damage to it.
  6. You must not transfer the data to a country where the privacy requirements are substantially less protective than the UK.
website privacy notice

The good news is that although there are criminal sanctions for breach, there is no organisation with the money and organisation to police this law. Any retribution for breach is likely to be through a civil court. However, that will not be very effective either because the aggrieved person would have to be able to prove that he had lost money in some way, by the breach.

So, a cynic might say that provided you comply as best you reasonably can, this law is unlikely to hit you hard. That means just two things:

  1. Get a really good privacy notice; and
  2. Show one of those cookie permission pop-ups.

Your privacy notice needs to be readable. That means both that your visitors must understand them (a good reason to use plain English rather than legalese) and that the font style and size should be large and clear.

It is tempting to copy the notice of a competitor, but you should be careful in doing so. His might not be a good example – it might not comply with the law, or his business might be slightly different to yours. It is better to find a template online that you can customise from scratch. Net Lawman, for example, provide one for free.

Having a good notice isn’t just about legal compliance. Your visitors will see that you care about their privacy and trust your site. And some of those visitors are not human, but search engines. Although Google has recently been in hot water with the ICO over non-compliance with the law, the search engine has indicated that it looks at whether your site clearly displays a privacy policy as a trust signal when deciding how highly to rank it in the search results.

It is probably something you would rather not deal with, but making sure you have a good privacy notice in place will benefit your new business. 

About Thomas

Thomas Taylor a director of Net Lawman, an alternative for small and growing businesses to using a solicitor to obtain legal documents. He is a qualified accountant (FCCA, FPA/FIPA).

Startacus RSS
Business DealsSubmit Your Startup
Win TicketsNetwork and Collaborate
Our Latest Features

Published on: 18th January 2016

If you would like to enable commenting via your Startacus account, please enable Disqus functionality in your Account Settings.

Create an Idea!View Other Ideas, Projects or Startups
Reach, Connect and Engage with Startups and SMEs! Why not Sign Up?
Create Projects
Edit Projects
Self Interviews
Self Starter of the Year
Product Giveaways
Subscribe to our Newsletter
Check us out at our Google+ page!