How secure is your customer's data?

On the 20th November 2007, data security suddenly grabbed all the headlines. HMRC had lost 25 million personal records, and the government admitted they had taken precautions in case the data had fallen into the 'wrong hands'.

Websites collect all sorts of information about their users. Many websites require registration, some just ask for an email address to register for a newsletter. So, how much data do you hold on your website about it's users? Probably not 25 million records, but you still fall under the Data Protection Act, and therefore there are measures you must undertake to stay within the law. The information commission is a good place to look at your legal obligations, as a "Data Controller".

In summary, you make take reasonable steps to ensure data you hold about your users is most importantly secure, and is kept up to date. A website that captures data about it's users should also have a privacy statement which:

• Identifies who the data controller is, who is responsible for complying with the data protection act regarding the data,
• What purpose the information will be processed for,
• Will set out what information is needed for this purpose, so as to only keep what data is required,
• To inform the user of any other usage of the data except for the primary purpose e.g. will the data be sent to 3rd parties.