Do you know what cookies are on your site?
One of the questions that needs answering is do you know about all the cookies are on your site and what they are doing. Hopefully as it is your site you do, but what about 3rd party cookies attached to included widgets from other suppliers.?
- Shopping cart functionality
- Google Analytics or similar analytics, tracking or website optimisation tools
- Any form of "remember my settings" style functionality
- A content management system
- Third-party plugins - such as Facebook Like buttons, Twitter feeds
- YouTube Videos - Even with privacy-enhanced mode
Before you can create the right cookie compliance and privacy policy for your domain, you need to understand your compliance risks, firstly you must audit the types of cookies your website uses and decide on whether they require compliance
If your site uses display adverts (banners, MPU panels or text ads) it's probably using cookies that require compliance measures. If it is using analytics cookies, then they probably require compliance too. If the cookies are just session cookies to make sure the website works (like log-in cookies) they may not need compliance. It's a complicated situation and there's no quick fix, out of the box solution that's right for every business.
Early adopter results
The ICO's own research suggests this could be an issue. Since asking users to click a box if they agree to accept cookies from its site, the organisation says just 10% of visitors have complied.
However, BT's experience points to a possible solution. Since March a pop-up message on its home page has told first-time visitors that unless they take up an offer to change its settings, then they have consented to its "allow all cookies" default rule.
The ICO
The ICO says it has not been prescriptive about the wording that firms use.
However, organisations need to be careful about relying too heavily on opt-out schemes.
"At present evidence demonstrates that general awareness of the functions and uses of cookies is simply not high enough for websites to look to rely entirely in the first instance on implied consent," the regulator warns.
It adds that those who fail to implement its rules properly could be fined up to £500,000.
Conclusion
For a UK company you must comply with the directive or face the ICO over the issue, in order to meet the directive you need to know what cookies are on your site including 3rd party and inform your users about cookie usage. You must have a proactive means of collecting acceptance. Get this stage wrong and your users may have a bad experience of your website and this could have a negative affect on your company or organisation.
For more information on cookies see my article on cookies http://bit.ly/HfJ0vm, I will be at InfoSec on the 24th, 25th & 26th this month to talk about cookies on the IT Governance stand, see their web page about consultancy workshops http://bit.ly/HRVque
No comments:
Post a Comment