Writing a privacy policy

  [DELETED] 01:50 20 Dec 2003

I wish to write a privacy policy for my personal website to declare that I don’t collect any personally identifiable information or data other than e-mail addresses of people that send me e-mail by choice. These I save in my OE address book.
I am the sole user of the computer used to publish the web site; therefore no information is available to anyone else.

The web site content is Photographs and photography information, I have however been asked on occasion to supply media publications with images to accompany articles that they are running. They have asked me to respect their privacy, which I have agreed to do.

My questions and concern are:
1. Is there any legal requirement that I need to meet other than doing as I declare?
2. Am I legally obliged to register my statement with any official body or organisation?
3. Any pitfalls or law that I should be aware of and or comply with?
4. What is a compact privacy policy?



  [DELETED] 09:57 20 Dec 2003

You need to have an understanding of the Data Protection Act - click here for some info.

Generally I think I'm right in saying you don't need to register if you only use information for business transactions (eg to send a client information).

No doubt a few others will be able to post more info on this. It'll be worth your while reading a few other sites policys to see what they are doing.

  [DELETED] 10:11 20 Dec 2003

Thank you for your responce

I have a fair understanding of the Data Protection Act, as I use it to some degree for my "real job"

As you mentioned, I am only using data to send information about my Photos etc and to send prints if required, by snail mail.

I dont keep any data other than what is given freely, as I respect peoples privacy. And wish to respect peoples privacy.

I just dont want to make any mistakes that will offend or get me into bother legally.

I have read a fair few other privacy policys, but they are mainly commercial sites, and just wondered if there were any laws that I must adhear to.

Thank you

  [DELETED] 10:27 20 Dec 2003

The Information Comissioners site (click here as above) should give you enough guidance to show if you need to do register as a data handler. There is a step-by-step guide that should help.

  Forum Editor 11:00 20 Dec 2003

That is, if you use it to run your business, sending it from one department to another for instance, you must, by law, register as a data controller. Registration costs a few pounds, and if you are in any doubt about the necessity to register it's best to do so. There are penalties for failing to register if your use of data falls withing the terms of the data control act, and they can take the form of some pretty hefty fines.

If you simply collect people's names, postal addresses, and email addresses you are unlikely to be required to register, but you must do so if you collect sensitive information, such as religious affiliations, or details of income brackets for instance.

On a general website that has a form requesting personal contact information you must place a hyperlink - as close to the point of data collection as is feasible - saying something like: "Before you provide us with your personal information please read our pirvacy policy"

Link this to a separate privacy page, which should contain the following statement:

"We respect your right to privacy, and will not distribute the information you provide to us, in whole or in part, without your prior consent. Your details will not be passed to, shared with, or sold to a third party under any circumstances, unless we are required to do so by law. We will retain your information securely, and you may at any time (on payment of a nominal fee) request a copy of the information we are holding. You may also ask that the information be amended or deleted at any time. For further information please contact: (provide an email contact address)."

If you do that you'll be doing all that you need to do without actually registering as a data controller. Data controllers must be individuals within organisations by the way - you can't register a corporate identity.

  [DELETED] 11:10 20 Dec 2003

I think that that answers my questions.

I will look at the links in detail and also into regestering as I would rather play on the safe side.

I wil resolve this now

If i run into any problems I will come back and ask some more questions.

Thanks again


  [DELETED] 14:35 20 Dec 2003

Mmmm "Pirvacy" policy.... Interesting!!!! So FE I couldn't resist, it rare for you to make an error & for it too be such a clanger is great. It deserves respected place in the out-take section of the website.

  Forum Editor 17:35 20 Dec 2003

Thank you, but I take no credit - my fingers did it all on their own. I work on multiple screens and different bits of my brain do their own thing it would seem.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Microsoft Surface Book 2 15in review

Illustrator Amy Grimes on how setting up her own eco-brand led to success with clients too

MacBook Pro keyboard issues and other problems

Test : l’enceinte connectée HomePod d’Apple