Thousands of UK e-tailers may be breaking the law by failing to comply with the Data Protection Act, a report released Tuesday by the London Chamber of Commerce (LCC) said.
The Data Protection Act of 1998 requires that Web sites inform visitors how information that visitors provide will be used, and that Web sites keep data secure and refrain from sharing it with third parties without permission. Violators of the Act face stiff penalties ranging from hefty fines to the closure of the violating site.
The survey found that only 44 percent of e-businesses complied with the basic requirements of the Act. Additionally, 40 percent of firms either had not carried out an audit to ensure compliance or did not know if they complied.
“Many firms could be in for a nasty shock by failing to give themselves adequate legal protection when doing e-business,” said Peter Bishop, acting chief executive of the London Chamber of Commerce. “There is little doubt that this type of business will grow steadily in future and so the risk of something going wrong increases.”
The LCC found that only 27 percent of firms expressed concern about regulatory issues involved in cross-border trading, despite the possible obligation to comply with foreign laws.
Failure to Disclose
Apparently, the Data Protection Act is not the only law being violated by UK e-businesses. A “mystery surf” by the Office of Fair Trading last month found that 52 percent of the 637 businesses visited failed to comply with the UK’s Distance Selling Regulations, which require businesses to provide full disclosure of refund, exchange and order cancellation policies.
“Failure to tell consumers about their right to cancel and to (receive) a full refund is a breach of the new Distance Selling Regulations and something which must be put right,” said John Vickers, Director General of Fair Trading.
The LCC found that 44 percent of firms surveyed had no policy in place for staff use of e-mail or the Internet, leaving them vulnerable to litigation arising from the improper actions of their employees.
Derogatory comments made by employees via e-mail can have embarrassing and sometimes expensive side effects. For instance, in 1997 Norwich Union paid out US$637,000 in an out-of-court settlement resulting from derogatory comments in e-mails.
“E-mail is a very powerful medium for spreading information, but when it is wrongly used it can create great damage,” said Chris Owen, partner in the corporate and technology group of the law firm Manches, which assisted the LCC in conducting the survey.
“Companies must ensure that, as in every other aspect of their business, they retain control of what they are doing and, more importantly, what is being done in their name,” Owen added. “They need to appreciate the dangers of having an Internet free-for-all for their staff.”