Could cookies make your website illegal?

Media_httpfarm1static_lnjtc
The law applying to the use of cookies changes on 26 May 2011.  UK law is changing to implement the revised EU Privacy and Electronic Communications Directive, otherwise known as the Cookie Directive.

Cookies are small text files.  You may not deploy them on your own business website, but when you visit someone else’s site a cookie can be downloaded onto your computer to collate information on your browsing activity.

Previously, the use of cookies was often mentioned in a website’s privacy policy, sometimes with an “opt out” facility.  The new rules now put the onus on cookie users to obtain permission before using them to track anyone’s site visit.

The new legislation has its critics, including me, for being burdensome.  Guidance from the Information Commissioner’s Office, the UK’s independent authority upholding information rights, is available here.  Interestingly, the ICO recognises cookies perform a number of legitimate functions and that gaining consent to use them may be challenging.

It seems to me the legislation is targeted at tracking software such as Google Analytics.  Indeed, this is specifically mentioned in the ICO guidance, which also covers exceptions to the new rules.  Basically, these cover cookies essential for a requested service, or a website’s operation.   Prime examples here are e-commerce sites managing shopping carts, or secure user areas.

A recommended step for compliance with the new legislation is to check what type of cookies you use, and how they are used.  Do this through a comprehensive website audit, which can be done for you by an internet specialist company such as AGUK Solutions Limited.  If your cookies create a detailed profile of an individual’s browsing activity this could be considered intrusive, and the priority then is to get meaningful consent.

As a minimum, my advice to all website owners is to: (a) have a visible privacy policy and (b) ensure it includes reference to cookies, and how they are used.  To this end I highly recommend using this policy sample from Business Link. This pushes the emphasis on website visitors to accept, or deny, the use of cookies within their browser settings.

I intend to keep a close watch on this legislation, and will provide further information as things develop.  In the meantime, I welcome your views whether good, bad or indifferent.

Image credit: scubadive67

Importance of Website URL Structure

Istock_000000121110xsmall

When developing a website it’s all too easy to focus on aesthetic design and content. These certainly are important factors but so, too, is the site’s strategy. How you construct your website URLs will have a direct operational impact, and this design aspect should not be overlooked.

On many websites, URL structure is determined by the web developer and could look, for example, like: [company name].net/ files.asp?id=12adbe456&session=wertybr. Compare this with the “Contact Us” page of AGUK’s website, which is located at aguk.net/contact/. This is a nice short and easy to understand URL. You may think the contrast insignificant but, take my word for it, the benefits of a simple URL structure are substantial. Here are some of the advantages.

Easier Inbound Links
You want to encourage visitors to link to the content on your website at every opportunity. This becomes even more imperative as users share links on websites such as twitter, FaceBook and other social networking systems. If your URL is too long it makes it difficult to paste into these applications. Worse still, if your website relies on user sessions within the URL, (your developer will understand this but it is basically to track and identify visitors), then it may be impossible to link to a sub page on your website.

Simpler to Describe
If you are referring someone to the page they need on your website, whether over the phone or in person, it is much easier to describe a simple URL than one that contains a lengthy and complex string of letters and numbers.

Better Search Engine Results
Creating a URL structure where the page address also describes the content can improve your search engine rank. We have previously covered the topic of SEO, which can be accessed through our Blog.

Getting More Customers From Your Website

Spending money to increase daily website visitor numbers, even to thousands a day, widens your audience.  However, the expenditure is probably pointless if the end result is no actual customers. This month I am focusing on this issue, and two of the most common topics raised when I am asked about websites.

Keyword Advertising

There are companies paying hundreds of pounds a month, and more, on keyword advertising. This is the bidding process for chosen terms on search engine sites such as Google Adwords. The results can be impressive. Businesses are happy to declare "We spent £500 last month and received an extra 2,000 visitors to our website." But are they tracking performance? How many of those visitors viewed the website's products and/or services in detail?  How many revisited the site? Most importantly, how many of them actually got in touch and became customers? 
 
Keyword advertising can be a great way to get instant results, but you need to be able to measure those results in ways that are meaningful to your business.  My advice, if you cannot do this, is to suspend your keyword advertising until you have had some training. 

Tracking Visitor Behaviour

In order to improve your website's customer conversion rate you need to understand visitor behaviour. This is achieved by viewing the daily/weekly/monthly statistics on your website visitors. If you do not have access to your site's visitor statistics then organise this before investing any further in your website.
 
My tip here is to set this up free by using Google Analytics. This is a popular statistics service providing comprehensive information, the results of which you could find very interesting. Tracking your visitors will enable you to analyse how they use your website and what they are looking for.  By understanding what your visitors are interested in when they visit your site, you can take action and turn them into customers. Tracking them can also help you identify where future website improvements and changes are needed.  

 

Hosting Guide

Hosting is a key element to your online presence; you need it to give your website global access. Different types of hosting exist and choosing the best one for your needs can be confusing. Irrespective of the hosting service selected, your website will run on hardware called a server. The configuration of this server can determine the type of hosting you receive, and its suitability for your website’s requirements.

Shared Hosting

As its name implies, this type of hosting means you share the server with other website owners, potentially hundreds of them. You are assigned a small portion of the server’s resources for your website.

  • Advantages
    • Shared hosting can be low cost, typically under £100 per year
    • You are free from server maintenance
    • There are no issues with software licences  
  • Disadvantages
    • Unsuitable for high-traffic websites
    • May not support your website scripts
    • Shared resources may affect performance
    • Usually comes without a Service Level Agreement (SLA) 

Virtual Dedicated Server/Virtual Private Server

This type of hosting is becoming more popular within the industry. In simplistic terms, you are provided with your own server, yet sharing hardware with others. For example, there may be five other virtual servers on one physical server.

  • Advantages
    • More economic than a dedicated server
    • Access to high specification hardware at a saving
    • Faster recovery from system failures
    • Probably includes an uptime guarantee, and SLA 
  • Disadvantages
    • Resources may be monopolised by other virtual systems on your server
    • Performance not as robust as a dedicated system  

Dedicated Server

This type of hosting is aimed at websites requiring ultimate flexibility and security. Only your website would be  hosted on the server, thus giving you freedom to do what you want with it.

  • Advantages
    • Complete control over the entire server
    • No problems with sharing the server
    • Provides better security
    • Able to accommodate many flexible scripts
    • Likely to include an impressive uptime guarantee, and SLA 
  • Disadvantages
    • Can be extremely costly
    • Needs good technical server management skills, or payment for this service
    • May have to purchase your own software licences to run on the server 

 

Privacy Policies

Following recent media coverage about organisations handling personal data, now is a good time to focus on the issue of privacy. This month we explain why a privacy policy is important to your online presence. Having one in force shows a duty of care to your website visitors and customers. So, does your website have a privacy policy and if not, why not?

Their Purpose

A privacy policy is much more than another page of text on your website. As with any policy, it has significant meaning and a role to play. Its primary purpose is to explain fully and clearly how customer data will be:

  • collected
  • secured
  • stored
  • used
  • shared

It represents a legally binding agreement between you and your site visitors, with responsibilities on both sides. If it does not cover your terms and conditions, these should be displayed elsewhere on your website.  

A meaningful privacy policy will demonstrate that you respect and protect the privacy of your website visitors and customers. Convince them their privacy is protected and they will be more inclined to trust in you and your business.  

Policy Users

If you have a personal website you do not need a privacy policy. If you are a sole trader and your website is a commercial venture, then you do. All SMEs, limited companies, businesses and organisations with an internet presence need a privacy policy.

As a business, regardless of size and sector, you have certain obligations under the Data Protection Act (DPA) to ensure your customers and site visitors know and understand what you are doing with any data collected about them. 

Even if your website does not sell products online, it should still display a privacy policy. This is because, even without realising it, you may still be collecting information about your website visitors. We covered this point in an earlier Newsletter entitled “Your website and the DPA.  

Policy Requirements

First and foremost, a privacy policy should explain clearly and concisely what data you will collect and hold about the individuals who visit your site, and/or the products and services they use.  

Your privacy policy should be specific about (a) the information you collect, (b) how you gather the data, and (c) what you use it for. As an example, please take a look at our privacy policy. If you do not have a policy in place, you may need to perform an audit of your processes to verify the type of data you collect, and how it is handled. Such an audit may reveal previously unknown data collection and retention.

It is important to ensure that your privacy policy is comprehensive, accurate and truthful. It should be in plain English, easy to read and understand. Don’t forget, how your privacy policy is worded will have a positive or negative impact on its readers, influencing their decision on whether or not to use your website.  

 

Your Website and the DPA

Is your website breaking the law? Are you aware of the Data Protection Act (DPA) and its implications? This month's AGUK Newsletter covers these important points, and provides tips on staying within the law.

Data Protection Act 1998

Anyone handling personal information via a computer system or network must comply with the Data Protection Act. It is the law.  This Newsletter cannot cover the DPA's set of principles comprehensively and looks only at its impact on your website. 

Website Compliance

Ensuring your website complies with the DPA need not be complex or expensive. To check your current level of compliance, use our checklist.

Compliance Checklist

  • Do you ask customers/clients for personal information? If so, is it gathered and processed in a secure way?
  • Is the information you amass from visitors to your website considered reasonable and justified?  Or do you collect more information than you need, or your visitors expect to provide?
  • Who has access to the information collated?  Is any of it sensitive?

Sensitive Data

Even if you are unaware of it, your website - like most websites - may store data considered as sensitive. It is held in "log files". These contain information about each visitor to your website and can include:

  • Their IP address and geographical location
  • Details of the site they were on previously
  • The pages they visit on your site, and in what order
  • Facts about their own computer including its name, and possibly the login username

The most sensitive data, and potentially damaging, is the last. While some internet users have security safeguards to prevent revealing such details, others do not. Some web surfers may even have called their computer by their own name. That, coupled with the potential geographical data, could be deemed under DPA regulations as processing personal information.

Website Location

Did you know the location of a website could result in breaching the DPA? 

It is not uncommon for websites to be hosted outside the UK, and even as far away as the USA.  In this situation you could be collecting data and transporting it to and from a foreign country. This is an important point.

There is nothing wrong with hosting your website outside the UK provided you: (1) tell your customers and (2) ensure your DPA notification states you transfer data worldwide. You must also still apply the same DPA principles as if the data were handled within the UK.