First things first - if you are running a business and collecting any customer's personal information (this could simply be name and email address), you must be registered with the Information Commissioner's Office as a data controller.
The legislation covers not only the collection of the information, but also the safe storage - you must be able to prove that the data is stored securely.
I suspect that a lot of the smaller traders on here have not registered and anyone reading this that isn't, please consider doing so for your own protection - the ICO do have sharp teeth.
You can find some good info here :-
http://www.ico.gov.uk/Home/what_we_c...rotection.aspx
This is a useful guide and has links to their FAQs.
Anyone collecting contact information should register and pay the annual fee (£35 I think), as it is illegal not to do so and could have serious consequences.
A good place to start is by ordering their FREE interactive training DVD "The Lights Are On". It also has a quiz on the DVD to see how much you know about the DPA. all staff here have watched the DVD and some of it may seem obvious, but it is quite a light hearted film and done in a mildly amusing way.
You can order copies from here :-
https://www.ico.gov.uk/tools_and_res...lications.aspx
I know it sounds like I'm a paid rep for the ICO, but having registered 3 businesses with them, I am totally aware of the obligations.
BTW, they have examples of their enforcement actions to view on the site as well. You may be surprised at some of the organisations that have been in breach of the rules - even the Home Office!
Linear Mode
March 2010
