Atrium Group

 The Information Commissioner’s Office (ICO) has just released the long-awaited On-Line Code of Practice. For companies and marketers seeking to “do the right thing” this has been a very long time coming. However, if they were expecting much in the way of specific guidance, then they are likely to be disappointed. It is highly generalised with relatively few concrete suggestions – which we will cover in more detail below. Interestingly the Code of Practice is being positioned by the ICO as “for small businesses” – which then begs the question “does it apply to big businesses or are they exempt? Perhaps the ICO considers that large enterprises have access to good specialist advice and therefore don’t need the guide.

Is a good practice guide needed?

In our experience there is massive confusion within all sizes of company about what they should and should not do online in relation to data privacy. For example, some major websites encrypt pages that are collecting personal data, others do not – one mobile operator doesn’t even encrypt a page where the visitor enters his customer PIN number (Vodafone), for example. Almost no-one understands the current law relating to cookies and few understand the whole “opt-in/opt-out” issue. So guidance is needed, for companies large and small. <!--EndFragment-->

To read this article, as published in Privacy Laws and Business, in full, please click here