UK websites in breach of Data Act

The Study of Compliance with the Data Protection Act 1998 by UK websites will be published this month by the Information Commissioner based on a survey by the University of Manchester Institute of Science and Technology.

Over 3,000 URLs were visited from more than 900 companies and government institutions, and 200 interviews conducted.

The study shows many companies are in breach of the Act, which says anyone processing personal data must comply with the eight enforceable principles of good practice. They include ensuring security of data, ensuring data is adequate, relevant and not excessive, and the fair and lawful processing of data.

Findings reveal 75% of sites surveyed do not provide contact details, such as an email or postal address, 42% post no privacy statement and only 27% detail how to question privacy policy and use of data. ‘Customers should know who they are dealing with and how to get hold of them,’ said Iain Bourne, strategic policy manager from the Office of the Information Commissioner.

Intelligibility of privacy statements was also found to be exceptionally poor, with only 5% of sites achieving the recommended level of plain English.

Related reading