Page 4 of 6
Website and Email Law: What You Need to Know as a Business
What data protection law should I be aware of as a business?
Any personal data you collect or handle from consumers is governed by a set of regulations under the Data Protection Act 1998, which is administered by the Information Commissioner’s Office (ICO).
If you handle personal data in any form, you must comply with the Act – which normally means registering as a ‘data controller’ with the ICO annually, paying a fee of £35. Any use you put personal data to is governed by a strict set of principles – to comply with these, you should:
Am I responsible for my employees’ actions over the Internet?
- Always obtain consent from a customer if you plan to share their data with third parties for mailings, research or marketing purposes – it’s the law
- Only collect the data you need
- Never use a person’s information for direct marketing if they ask you not to
- Store any data you collect securely, and put measures in place to restrict access to only the employees that need it
Generally, yes – just as in other areas, you are legally responsible for your employees’ behaviour when using your email and Internet systems. Particular risks you should be wary of include:
- Defamatory statements – these should never be circulated, even internally, as they could lead to your company paying substantial damages
- Hostile, offensive and bullying emails – these could create a hostile work environment, leading to claims of stress, discrimination or harassment
- Intellectual property breaches – for example, employees copying rights-restricted images from elsewhere on the web and using them on your website
You should set up and enforce an IT policy at your workplace and make sure you provide any training employees need – this can go some way to reducing your risk.