-
08MarData protection by David Hall No Comments
Print This Post
I couldn’t believe my eyes when I saw this on the Beeb website today – on the home page in the feature story banner across the top, no less (see link below).
Apparently UK businesses need to wake up and sort themselves out by May – it’s another law change that we’re about to flout to the collective detriment.
The real stories are far more interesting. I’ll start with the trite angle. Someone’s been caught napping, but it’s not businesses: it’s our Government. I may be mistaken but I don’t think it has tabled any legislation to implement this EU-sourced law, which was passed in November 2009, and covers lots of issues besides cookies. (This may well be the real reason behind the regulator’s press release today. What do you reckon?)
The important news angle is that many UK organisations probably don’t comply with the current data protection law on cookies and customer profiling, let alone the changes. This is about old law and a wide range of organisations not just the businesses, across the public and charity, not for profit and voluntary sectors as well as for-profit organisations. Think CRM, customer profiling, stakeholder and donor management … these are the activities that the law change affects, and they’re a focal point for many organisations who are feeling the pinch.
Another important point is a corrective. The BBC says that the changes mean you have to get explicit consent before using cookies. The EU law just says “consent, having been provided with clear and comprehensive information”, and to me that means that implied consent is enough. EU law, like UK law, only means explicit consent when it says “explicit consent”.
Come on BBC, can’t you find some new angle for reporting consumer law changes instead of wheeling out a load of negative assumptions about UK business? Can’t you run some positive case studies from organisations that already have simple, cost effective ways of coping, instead of making us all feel guilty about overlooking over-complicated laws?
Whatever, this new law definitely won’t affect all websites or all organisations. Privacy campaigners rightly focused on cookies in the early years of the internet, and triggered a move away from cookies. As a result modern ‘brochureware’ or informational websites often manage to provide a great user experience without resorting to cookies.
Cookies come in two flavours, session cookies and persistent cookies. Simple session cookies are only used during a site visit, then they are deleted from the visitor’s machine. These cookies are tarnished with the same brush but the legislation isn’t really aimed at them.
The law really affects charities and their donor networks; online retailers; professional businesses and consultancies that thrive on CRM; new media businesses for whom advertising is a major source of revenue; marketing and PR agencies; mailing list suppliers; the networks of advertisers, technology and suppliers who generate sales leads. It also affects organisations who have highly sophisticated CRM or lead generation systems which are derived from ecommerce/ social web/ web 2.0, or are strongly sales orientated. Put it this way, you’re likely to need to think about cookie/ similar compliance if you’re doing the following or similar:
- your website presents adverts to visitors, selected by relevance to the customer’s interests
- your website carries adverts from third parties
- you use customer profiling
- your website use techniques for achieving/ maximising sales or leads
- you are an online retailer (ecommerce, e-contracting, e-retail)
- you generate revenue from selling customer details to third parties
- you use unsolicited email or phone calls and you use data from your website
- your website gives you statistics about individual users.
In other words, it will affect you if you really want to collect lots of information about your visitors, and you really want to leverage the information to make a sale or generate revenue from advertising or data sale. If you use anything like Phorm, the new law will apply to you too. (Phorm assigns you a number, not a name, and builds a profile about ‘you’ from a wide range of participating websites to make lead generation and sales more effective. Perfectly lawful … if you do it properly.)
There are already five headline ways to break the law with cookies: don’t tell people that you’re using cookies, don’t tell people what you’re using cookies for, don’t give people an opportunity to opt out, give the cookie data to other organisations without permission, and evade or ignore opt outs. Whatever the law gets around to saying, none of this is good for your business – it tarnishes relationships with customers, tarnishes reputation, and can lead to complaints and waste of management time.
We’ll have to wait and see what the UK Parliament does to implement the changes ready for 25 May. ICO’s press release refers to solutions that would have a very low impact on UK organisations, such as a legal presumption that users who use a browser with adjustable privacy settings are deemed to consent if cookies settings are switched on. Which leaves us pretty much where we are.
Adopting a risk-based approach, how hard you have to try with getting consent under the current law depends in the real world on what you’re doing with the information. If you’re just using session cookies, arguably you just mention that in the website privacy statement but make not much more of it. If you’re doing any of the stuff in the bullet point list above you need to be going through a process of getting consent before you do that. There are lots of ways to do this. A classic one is that you only apply cookies to registered users, you tell them explicitly about your use of cookies during the sign-up process, and you give them a chance to opt out. It’s good practice to include a link to information about how to manage browser privacy settings. You might also give users the facility switch off cookies via their registered user account settings going forwards.
Any organisation that does lots of CRM, donor/ stakeholder management, lead generation or sales should be looking pretty hard at data protection compliance across the board at the moment if it hasn’t done so over within the last 18 months. Lots of my clients are doing a policy review or full compliance refresh. For many it’s a routine review. Even for those who don’t have a routine, let’s face it data protection compliance isn’t something you want or really need to be staring hard at every week, or even every month. There should be no embarrassment about being in the position of playing catch up, and shame on the BBC for pretending that there is.
Come on folks, let’s just get on with it! By the way, there are lots of other changes that the new laws will bring in, which are nicely hinted at by Hawktalk, an excellent technical blog on privacy (see the link below).
Links
BBC article: http://www.bbc.co.uk/news/technology-12668552Information Commissioner’s announcement: http://www.ico.gov.uk/news/press_releases.aspx (8 March)
Tags: behavioural advertising, cookies, CRM, customer profiling, data sharing, Directive 2009/136/EC, donor management, ePrivacy, lead generation, New EC Directive, Privacy and Electronic Communications Directive, privacy statements, sale of personal data, sales pipeline, stakeholder management, web 2.0
-
03MarInternet by David Hall No Comments Print This Post
Time to eat humble pie. I met Sheldon Witney last week (link below) and he pointed out that cloud technology is ready right now and feasible for knowledge-based businesses such as consultancies. And he’s already done a full cloud set-up for several businesses, and I was introduced to the boss of one of them.
‘Course it’s ready for that kind of business, especially during its start up phase or in the first few years. In my predictions for this year I was thinking of bigger businesses. Sheldon’s got me thinking though – is it more feasible even for big organisations than I reckoned? Need to have a few more chats with him I think … !
What we both agreed on though is this. We come across lots of organisations that are happy to let the ICT Manager focus on purely technical objectives – a stable, secure system, maybe cheaper, greener. We reckon you should ask more of your IT. It should be on the hook to deliver core objectives: process more business, faster, with a better customer experience.
There’s a lot to gain from going into the cloud, and lots of businesses are talking about it. The smart money starts with a business-focused IT strategy. How do you know what to buy until you know what your business and people need?
Link: http://www.linkedin.com/profile/view?id=2949469&goback=.nmp_*1_*1_*1_*1_*1&trk=NUS_NCON-updtr
Tags: cloud computing, collaboration, mashup, predictions, smart procurement, social web, web 2.0
-
28FebCommercial, What we're up to by David Hall No Comments Print This Post
Public sector procurement has a shocking reputation for being slow, expensive and ineffective, especially for new IT. We’re really excited about the prospects for doing fast and cost-effective procurement that succeeds in creating strong competition between the bidders and a meaningful contract. We’ve just published a press release about a recent project that’s got us quite excited about on this front – click the link below for details.
What do you think … a ray of hope for a cash-strapped age (and beyond), or a positive spin on a broken system?
Tags: Buying Solutions, local authority, Logica, Nottinghamshire County Council, public sector procurement, SAP, Service Framework RM720, smart procurement, Sprint ii
-
03FebCommercial by David Hall 1 Comment Print This Post
How’s the exit strategy looking? For many in the manufacturing sector the options are limited because there isn’t the flow of able, motivated youngsters coming through the industry. You have a solid business with growth prospects, a skilled and local workforce, you could export, but no obvious successors or buyers.
The West Midlands has a formidable cluster of universities and colleges. What does it take to attract them to the manufacturing sector and keep them here, at a budget that small/ medium manufacturers can realistically commit to? Ideas:
- Join forces with other manufacturers eg via trade associations, the local Chamber.
- Do school/ college placements, knowledge transfer schemes.
- Rent equipment/ facilities to schools/ colleges. (For a fee, or to get on their radar.)
- Offer expertise/ mentoring for local schools/ colleges. (For a fee, if poss.)
- Offer modest sponsorship deals for schools/ colleges.
- Get onto Twitter and Facebook. (Manage it carefully.)
- Risk-managed apprenticeship.
- Employee incentive schemes to encourage them in and upwards.
-
02Febintellectual property, Internet by David Hall No Comments Print This Post
Word to the wise – who owns the copyright in the translated version(s) of your website? Easy to get stung, easy to get it right as well.
Tags: enforcement, export, intellectual property, manufacturers, smart procurement
-
31JanData protection, Internet by David Hall No Comments Print This Post
Spend a few minutes on the web ‘shopping’ for sites that are accessible. Which ones do you really rate as meeting every accessibility need?
I guess it’s only fair to look at big, high profile organisations that have a diverse user base – broadcasters, big retailers, public authorities. Comments please: who are your top performers? I don’t want a naughty list but if you spot some trends I’d be interested: “Not many retail websites do …”, “The public sector is great at …”. My comment about websites for mid-sized organisations would be: “Patchy – not all websites address accessibility, and those that do often don’t offer a complete set of facilities”.
Like many technology lawyers I’ve been offering ‘accessibility/ data protection/ consumer compliance audit’ services for years, so I’ve kept a lazy eye on accessibility features. I think we’ve seen steady, quite slow growth in accessibility features on websites over the years. I’d say it’s to do with the rise in businesses trying to learn about their customers and meet their needs, and not really prompted by the steadily increasing demands of the law over the same period.
Accessibility support is quite an easy thing for website buyers to specify, and offers massive added value that appeals to perhaps 20% of the buying public who rely on accessibility features. For anyone who’s spending money on the corporate website in 2011, it’s a simple but effective thing to put on the shopping list, a solid buy with a good business case at this time of slow recovery for many economic sectors.
Getting hot on accessibility is also a pretty easy way for website developers/ providers to differentiate themselves from the competition and/or command a premium. It could be a good return against the price of developing standard features that will appeal to many business customers across all sectors. Sometimes legal compliance is just frustrating, whereas this one offers benefits for developer/ provider, corporate customer, staff and the public alike. I’ve come across providers who are rolling out well thought-through features in their products this year.
Killer apps for accessibility? Yes, I think there’s plenty of scope for getting creative and taking it outside the ‘we must so we will’ category of website functions. I’m not aware of anything out there at the moment – let me know if you are. Maybe 2011 could be the year for accessibility.
I’m booked variously to speak and advise on accessibility this year so please get in touch if you’re looking for input/ support too – if we can get similar work whilst we’re on the boil it’ll help reduce our prices for everyone. Meantime, have a look at the links.
Pesky People blog: http://www.peskypeople.co.uk/
WAI-ARIA web standard: http://www.w3.org/WAI/intro/aria.php
Tags: accessibility, compliance strategy, customer profiling, predictions, smart procurement, web 2.0
-
26JanData protection, What we're up to by David Hall No Comments Print This Post
Jane Plant, one of my colleagues who is an expert in data protection in the social housing sector, is presenting at this event which is convened by Housing Quality Network.The event will take a broad look at personal data management. Our contribution will follow suit whilst drawing particularly on customer profiling case study scenarios.Link: http://www.hqnetwork.co.uk.
-
26JanNew technology by David Hall No Comments Print This Post
Isn’t there a lot of talk about cloud computing coming of age this year? I think some sectors are keen and ready for it. I wonder if functionality in the cloud has quite come of age so that internet-based software can genuinely support business needs. Privacy issues can be addressed. What about:
- Interfacing and integrating with your legacy systems which are not in the cloud.
- Different cloud services ‘working with each other’ and sharing data.
- Adaptability. Are the graphical user interfaces for online business software as sophisticated and flexible as web 2.0 can do?
I predict that lightly regulated businesses will start moving into the cloud – the business case based on cost alone is hard to resist. There are lots of barriers for larger or more heavily regulated businesses, such as getting the internal buy-in, and having the cash available to pay for the transition.
I expect 2011 to be the year when mash ups start having an impact on online business software and services. The ability to syndicate content from all over the web, and do what you want with it for your business, offers some real benefits for business over any above what legacy software can offer. Could that provide a competitive edge and make a transition to the cloud hard to resist?
Tags: cloud computing, predictions, smart procurement, web 2.0
-
07SepWhat we're up to by David Hall No Comments Print This Post
Have you heard about the new book masterminded by Kate Cooper called The New Optimists? Surely destined to become a bestseller in the mould of Stephen Hawking’s Brief History of Time. If you’d like you can book to go along to the launch party as part of British Science Festival next week: http://newoptimists.eventbrite.com/. See you there.
-
06SepUncategorized by David Hall No Comments Print This Post
I can’t understand it – there’s virtually web silence. I can’t see war stories from anyone about how they’ve got on or not with Sprint ii. Is there anybody out there who’s used it?
It looks like procurement dynamite to me. It kicks competitive dialogue into a cocked hat because it’s cheap but effective. Tell me you’ve used it! If you haven’t … look at it now and tell me what you think.
Recent Comments