A new KPMG study found about 95% of UK internet companies have yet to comply with new data protection rules due to come into force next month.
The legislation – postponed from last year – limits the use of tracking cookies on business sites and requires businesses to get browsers permission or alert the browser to their existence. Fines for non-compliance could be up to £500,000.
Cookies are small text files which are used by websites to analyse their visitors' Internet behaviour. The files are stored on a user's hard disk to enable targeted advertising and personalised web pages and are also used by e-commerce sites to manage users' shopping carts.
The directive becomes enforceable UK law from 26 May 2012. From then on, websites need to obtain users' opt-in consent first if they install cookies that pass on information about browsing activities to third parties. Non-compliant websites may be subject to a fine.
Last year, the Information Commissioner's Office (ICO) gave UK companies a year to get into line with the EU regulations, which require them to obtain consent before placing a cookie on a user machine.
Yet just five percent of the 55 major organisations surveyed by KPMG had got their websites up to scratch, indicating few are worried about repercussions, or understand the dangers of non-compliance.
The ICO has the ability to fine companies up to £500,000 if it believes an infraction is serious enough.
"With less than 50 days to go before enforcement, our analysis has found that the majority of UK organisations still need to complete substantial work to their websites. Time is running out for them so they need to act to avoid severe financial penalties," said Stephen Bonner, a partner in the Information Protection and Business Resilience business team at KPMG.
"Whilst the majority of the websites we analysed made a reference to the use of cookies under either the terms and conditions or specific privacy policies, and some also state how the cookies are being used, this is not enough to ensure compliance with the directive."
Top Five Tips for organisations to ensure full compliance of their websites:
- Perform a review of the use of cookies on your website
- Evaluate the information obtained from any cookies currently in use, and whether this information is paramount for your organisation
- Start adding consent requests to cookies related to logon, registration and other similar processes
- Create a plan to expand this activity to the remainder of your website
- Don't waste any more time: Make sure you know which cookies your sites uses, understand the applicability of the law and seek legal counsel if required and have a concise schedule to make your website compliant
Are you ready for the cookie law? Let us know what you think.
