Many UK websites are failing to comply with data protection legislation, putting consumer confidence in e-business at risk, says a major new study.
The Study of Compliance with the Data Protection Act 1998 by UK websites will be published this month by the Information Commissioner based on a survey by the University of Manchester Institute of Science and Technology.
Over 3,000 URLs were visited from more than 900 companies and government institutions, and 200 interviews conducted.
The study shows many companies are in breach of the Act, which says anyone processing personal data must comply with the eight enforceable principles of good practice. They include ensuring security of data, ensuring data is adequate, relevant and not excessive, and the fair and lawful processing of data.
Intelligibility of privacy statements was also found to be exceptionally poor, with only 5% of sites achieving the recommended level of plain English.