Many UK web sites overlook data protection rules

The study also found that:

• 40% of firms have not carried out an audit to ensure compliance with the Data Protection Act or did not know if they complied;
• Only 27% of firms were concerned about regulatory issues involved in cross-border trading, despite the obligation to comply with foreign laws and regulations;
• 44% of firms had no recognised policy for staff use of e-mail or the internet, or did not know if they had one, leaving them vulnerable to litigation arising from the improper actions of their employees;
• Despite this, only 4% of firms had sought any legal advice when setting up their web site or implementing an e-commerce strategy.

OUT-LAW.COM's Linda Molloy, a solicitor specialising in e-commerce, said:

"Data protection compliance is particularly key to e-commerce businesses. Ideally this issue should be dealt with before the launch of a web site. Businesses must have a policy for the collection and use of data, and ensure that data protection notices are implemented correctly on the site.

"However, businesses should not operate on the basis that they might not be caught. The consequences can be severe. E-commerce businesses should act now to ensure that they resolve these issues.

"We are often approached by businesses who have a web site either ready to launch or already available on the web. We can review the web site and identify compliance issues. When compared with the threats of non compliance it is fairly straight forward to deal with data protection compliance."