The majority of UK websites are failing to comply with data protection legislation, putting consumer confidence in ebusiness at risk, according to a major new study.
The Study of Compliance with the Data Protection Act 1998 by UK-based websites, revealed exclusively to vnunet.com, will be published later this month by the Information Commissioner based on a survey conducted by the University of Manchester Institute of Science and Technology.
During research, over 3,000 URLs were visited, from more than 900 companies, organisations and government institutions, and 200 interviews were conducted.
The study shows that many companies are in breach of the Act, which says that anyone processing personal data must comply with the eight enforceable principles of good practice. They include ensuring security of data, ensuring data is adequate, relevant and not excessive, not keeping data longer than necessary, and the fair and lawful processing of data.
"Customers should know who they are dealing with and how to get hold of them," said Iain Bourne, strategic policy manager from the Office of the Information Commissioner.
"Respect for people's information is not antithetical to good business. It should be part of it. It promotes confidence in ebusiness and reassures users that they are not dealing with a fly-by-night organisation."
The intelligibility of privacy statements was also found to be exceptionally poor, with only 5 per cent of sites achieving the recommended level of plain English.
"Data is not being processed fairly if people can not easily understand what is happening to it," said Bourne.
More than half the sites surveyed were found to place cookies on user computers.
The use of this technology is very prevalent," said Bourne. "One site had 22 active web bugs on one page collecting information."
Other findings show that only 40 per cent of sites have procedures for recording what personal data is collected, and at least a quarter of sites have no data retention policy.
"Data retention is not understood. Businesses are just storing information unnecessarily," said Bourne. "There's a lot of work that needs to be done to make sure websites are up to scratch with data privacy issues."
Commons Science and Technology Committee calls for new post-Brexit skilled-workers immigration system
Committee calls for visa-free travel and permit-free work for skilled workers
Eleven 'normal' outer moons, and one described as 'oddball' found circling Jupiter
Scientific discovery has found a quadrillion tonnes of diamonds in the earth's mantle
Mobile payment app makes users' details public by default