All information carried on the web or by e-mail is data. If it relates to an identifiable individual, the Data Protection Act 1998 rules apply.

What should I look out for?

When doing business via the internet, there are external factors which may affect your data protection compliancy as well. Here are some to look out for.

Cookies are small pieces of information stored on a user’s computer that enable websites to recognise individual visitors (more accurately, individual computers). Cookies can be used for a variety of purposes, such as providing personalised pages. Websites often use cookies to track internet users.

They are downloaded to a user’s hard disk by the web browser and used to recognise and authenticate individuals when they return to the website thereby saving the user from logging in when re-visiting a site. Some cookies, such as those involved with an online purchase, last only for a short duration, but others can last longer, potentially creating a record of a user’s web surfing activities over several years. Concerns over privacy have led to changes. Users should now know when their computer receives a cookie and all modern browsers provide the option to reject them.

Collection and use of anonymous data, unless combined with other data which can be linked to a particular individual, is not prohibited under the Act.

Active content mini-progammes known as ‘applets’ can also be transferred to a user’s computer or a webpage to add functionality or increase browsing efficiency. Used maliciously, they can allow access to personal data, including e-mails.

E-commerce businesses with databases in different countries should recognise that the Act’s requirements apply to both its UK data controllers and those outside the European Economic Area (EEA) using the UK equipment to process data for any reason other than for transit.

An e-commerce business with a data controller established in more than one EEA member state may have to comply with data protection laws relevant to each country involved.