What happened when the British Standards Institute and the Information Commission (formerly the Data Protection Commission) got together to draw up a Guide to developing corporate data protection/e commerce policies?
Topic: Data privacy
Who: The British Standards Institute and the Information Commission
When: Early 2001
Where: UK
What happened:
As part of a series of Guides to the Data Protection Act 1998, the British Standards Institute has published a "Guide to developing an Electronic Commerce Policy". While not available free or on-line, the Policy is still a useful read for marketers seeking an idea of basics of data protection law. It includes some privacy statements for website use and case studies illustrating when those statements would be advisable. Sections such as "Collecting data from the individual," "OnLine application forms" and "Cookies and other tracking software" go into helpful detail as to the Information Commission’s preferred practice, although in many respects, as one might expect from a gamekeeper, the interpretation of what is the law is rather stricter than that of most commentators.
There is also a useful compliance checklist, while other areas covered include the often forgotten legal obligation to keep information held about individuals that is accurate, up to date and not excessive given the intended purpose. Security, another legal obligation under the Data Protection Act, is also helpfully covered and since this a BSI document, the relevant BSI standard, BS 7799 on information security management, is given a plug. Another plug is for the website of the Organisation for Economic Co-operation and Development at www.oecd.org. This contains a helpful do it yourself "privacy statement generator" where you key in your basic requirements and the site composes a privacy policy statement just for you.
Why this matters:
Under the previous Data Protection Act, the Commission in Wilmslow published a guide on data protection for marketers. Until a version appears for the new statute, guides like this can be helpful when there is so much confusion about what the actual legal rules are. We repeat, however, that these are guidelines only and should not necessarily be regarded as setting out the basic legal requirements. For this, take expert legal advice.