free small business advice & information

Article Index
Website and Email Law
Email Basics
Contracts and E-commerce
Data Protection
Intellectual Property

Website and Email Law

3. Data Protection

Collecting or handling personal data using email or the Internet falls under the Data Protection Act 1998. If you handle personal data in any form, you will have to comply with the Act. You may also have to notify the Information Commissioner annually.

3.1 You must not use an individual's personal data for direct marketing purposes if they request you not to do so.

3.2 Set up a clear privacy policy, and make it prominently available on your website.

  • Before asking users to give information, tell them how their details will be used. Will you be using the data for mailings or market research? Will you share their contact information with other organisations?
  • It is best practice to have people opt into further use of their personal data for mailings or market research and indeed it is required if you are sharing it with other organisations or are marketing their products.
  • Only collect the data you need.
  • If your site uses cookies, you need to tell visitors how you use them and work out how you will get visitors' consent. Cookies can be used to improve site useability and monitor visitors' browsing behaviour.

3.3 Make sure you comply with regulations on the monitoring of employees' email and Internet use (see 5).

3.4 Store any data you collect securely.

  • Access to the data should only be given to employees who need it.

Employees' Actions

You are generally responsible for your employees' actions on your email and Internet systems.

Contractual obligations created over the Internet are just as binding as any other.

Defamatory statements are easily circulated to a wide audience.

  • Defamatory emails must not be sent or forwarded, even internally.
Several major companies have been forced to pay substantial damages to competitors libelled in emails.
  • The informal nature of newsgroups and discussion forums means there could be a high risk of employees making defamatory comments.

Offensive emails or even website access can create a hostile working environment and lead to claims for stress or discrimination.

The Internet can make it easy for employees to commit illegal acts, such as stealing other people's intellectual property (see 4).

  • For example, copying photos or text from other sites to use on your own.

In most cases, an aggrieved party will pursue the company rather than the individual employee responsible for the problem. Setting up and enforcing appropriate policies, and providing any training employees need, can substantially reduce the risk of being held liable.

BHP Infosolutions

Labels: Email & Website