Legalities

Kevin,

From your post header I assume you're in the UK. And that your website owner
is also. And probably your host. Which means you are governed by UK law?
Data Protection Act?

I think strictly speaking, as a developer, you're not obliged under law.
It's the owner of the data that is. But you're as well to inform the owner
of their obligations. I'm not sure if the obligations are too onerous. You
have to inform the DP registrar what information you're storing and you have
to provide mechanisms to remove data based upon an individuals request.


"Kevin Lawrence" <sp******@spam.com> wrote in message
news:3a*************************@news.rmplc.co.uk. ..

Hi all

I will soon have a site that allows people to register and you are
capturing their name, email and some information about their interests.

What legal issues does this raise? I may expose "certain" information to
other registered users, but only at the consent of the registering user.

What other steps are appropriate when dealing with people's data? What do
I need to do to ensure I'm not going to hang myself legally?

Sorry if sounds a bit vaige.

Thanks
Kev

> Kevin,

From your post header I assume you're in the UK. And that your website
owner is also. And probably your host. Which means you are governed by
UK law? Data Protection Act?

I think strictly speaking, as a developer, you're not obliged under
law. It's the owner of the data that is. But you're as well to inform
the owner of their obligations. I'm not sure if the obligations are
too onerous. You have to inform the DP registrar what information
you're storing and you have to provide mechanisms to remove data based
upon an individuals request.

Well, I haven't found a host yet - so it really depends on where the host
is located?

Kev

"Kevin Lawrence" <sp******@spam.com> wrote in message
news:3a*************************@news.rmplc.co.uk. ..

Kevin,

From your post header I assume you're in the UK. And that your website
owner is also. And probably your host. Which means you are governed by
UK law? Data Protection Act?

I think strictly speaking, as a developer, you're not obliged under
law. It's the owner of the data that is. But you're as well to inform
the owner of their obligations. I'm not sure if the obligations are
too onerous. You have to inform the DP registrar what information
you're storing and you have to provide mechanisms to remove data based
upon an individuals request.
Well, I haven't found a host yet - so it really depends on where the host
is located?

To be honest, not sure. But I imagine not. Otherwise people would simply
avoid their obligations by hosting in Vanuatu. I believe the crucial
responsability lies with the owner of the data, which would normally be the
registered owner of the domain. A precise definition is sure to be found by
reading through the docs for the DPA, if you have time.

Sounds like *another* valuable topic for a post when you've finished
digesting the material.
Kev

"KMA" <km*@schneeberger.ch> wrote in message
news:ds**********@atlas.ip-plus.net...

To be honest, not sure. But I imagine not. Otherwise people would simply
avoid their obligations by hosting in Vanuatu. I believe the crucial
responsability lies with the owner of the data, which would normally be
the registered owner of the domain. A precise definition is sure to be
found by reading through the docs for the DPA, if you have time.

Sounds like *another* valuable topic for a post when you've finished
digesting the material.

I was faced with this very issue about 18 months ago when I was developing
my on-line timesheet web app. Basically, it's a portal / conduit primarily
aimed at self-employed contractors, their agents and their clients.

Because I was capturing personal information about the users, there was no
option but to register with the DPA. It was a simple and fairly inexpensive
process. Obviously this allowed me to advertise the fact that the data
captured through the site was held in accordance with UK law which, judging
by the feedback, certainly gives potential users that warm feeling of
reassurance...

I got the following proforma privacy policy from them which I had to adapt
only slightly:
http://www.contracting-online.com/ap...acypolicy.aspx

> "KMA" <km*@schneeberger.ch> wrote in message

news:ds**********@atlas.ip-plus.net...

To be honest, not sure. But I imagine not. Otherwise people would
simply avoid their obligations by hosting in Vanuatu. I believe the
crucial responsability lies with the owner of the data, which would
normally be the registered owner of the domain. A precise definition
is sure to be found by reading through the docs for the DPA, if you
have time.

Sounds like *another* valuable topic for a post when you've finished
digesting the material.

I was faced with this very issue about 18 months ago when I was
developing my on-line timesheet web app. Basically, it's a portal /
conduit primarily aimed at self-employed contractors, their agents and
their clients.

Because I was capturing personal information about the users, there
was no option but to register with the DPA. It was a simple and fairly
inexpensive process.

How did you go about this? How inexpensive was it?

Thanks
Kev

"Kevin Lawrence" <sp******@spam.com> wrote in message
news:3a*************************@news.rmplc.co.uk. ..

How did you go about this?
http://www.informationcommissioner.g...al.aspx?id=322
How inexpensive was it?

£35

> "Kevin Lawrence" <sp******@spam.com> wrote in message

news:3a*************************@news.rmplc.co.uk. ..

How did you go about this?

http://www.informationcommissioner.g...al.aspx?id=322

How inexpensive was it?

£35

Thanks

What if it's just firstname/lastname/dob that is being stored?

Kev

"Kevin Lawrence" <sp******@spam.com> wrote in message
news:3a*************************@news.rmplc.co.uk. ..

What if it's just firstname/lastname/dob that is being stored?

I really don't know - I'm storing other more "sensitive" info e.g. bank sort
code / account number etc so that agencies can pay contractors directly by
BACS.

They have a pretty good helpline - ring 'em up and ask... :-)

> "Kevin Lawrence" <sp******@spam.com> wrote in message

news:3a*************************@news.rmplc.co.uk. ..

What if it's just firstname/lastname/dob that is being stored?

I really don't know - I'm storing other more "sensitive" info e.g.
bank sort code / account number etc so that agencies can pay
contractors directly by BACS.

They have a pretty good helpline - ring 'em up and ask... :-)

Thanks a lot, you've been a great help.

Kev