The British government has changed UK law, in response to anDirective, by amending Regulation 6 of the Privacy and Electronic Communications Regulations (PECR) 2003. The revised Regulations come into force today (26th May).
The ICO advises that, as a web site owner, you need to take the following steps in order to check your compliance with the revised PECR rules:
Check what type of cookies (or similar technologies) you use and how you use them;
Decide what solution to obtain user consent will be most effective in your particular circumstances.
More detailed advice issued by the ICO indicates that it will not be sufficient for web site owners simply to rely on the fact that a user’s browser is set up to accept certain types of cookie as indicating (at least implied) consent to the use of such cookies.
Few, if any, organisations set out to deliberately flout Data Protection legislation. Most breaches result from a lack of clarity about what is required and/or a false assumption that the organisation’s existing information security measures will be adequate to meet these changing requirements. Even where proper procedures are in place, organisations have been fined for not ensuring that they were actually being followed by their staff.
Regency IT Consulting can provide you with the assurance you need that your technical safeguards and associated procedures do provide the level of protection for personal data that is required, either under the Data Protection Act or by regulations such as PECR. Our experienced consultants have considerable expertise in carrying out compliance audits, not only in the area of data protection but against widely recognised international standards such as ISO 27001. We are also able to advise on the need for a Privacy Impact Assessment (PIA), which is an ICO requirement if you store or process sensitive personal data, and can draft a PIA report which is precisely tailored to the level of risk that you face.