Basically, it is accepted that the information that directly or indirectly identifies a person’s personality is called personal. In relation to such information, various laws on the protection of personal data have been created. For violation of many of them, you can even get a prison sentence, so you should carefully and thoughtfully take the protection of personal information.
Personal information usually includes a person’s passport data, as well as his email data, place of residence, date of birth, phone number and other data.
The most recent document regulating these rules was developed in 2018. The paper unites the processes of collecting individual data of all users of websites in the EU. Instead of GDPR, the European Union was previously covered by the Data Retention Directive.
The owners of any site must also additionally comply with some requirements of the Economic Development Organization:
- promptly notify the user of the purpose for which the data is collected;
- notify each user of the site that their data is subject to collection and processing;
- to ensure the confidentiality of the received user data if the site visitor is not aware of this or against it.
UK Data Security Policy
In the UK, the protection of user data on the Internet is ensured by a law passed by the Parliamentary Government of that country. The following provisions are spelt out in the law:
- The processing of the personal information of users must be carried out legally and honestly.
- The site owners have the right to collect only the required minimum of information, therefore exceeding the collection of user data is excluded.
- All purposes of collecting personal information from users of the sites are clearly formulated and regulated by law.
- The period of using personal data of users is limited; therefore, after the expiration of the period of use, all data is deleted.
- The information that the site owners receive must be up-to-date at the time of collection.
- During the processing of personal data, the user’s rights must always be taken into account.
- Users’ personal data must be subject to strict anti-illegal activities.
- The data received from users can only be used in the territory of the European Economic Area.
- GLBA is the Gramm-Leach-Bliley Act, which requires companies in the financial segment to provide information exchange data in text format.
- HIPAA is the health insurance law. It obliges all medical institutions in the country to provide timely reports on the storage of patients’ personal data.
- clearly define what personal data will be collected;
- how the security of the requested data will be ensured;
- for what purpose the received information will be used;
- whether it is planned to transfer the information, received to third parties – and if so, for what purpose, and how it will be used;
- what rights are granted to the user who provided their confidential information.
The less data is required from a user, the simpler the policy is. For example, if the customer personal data is collected by a company to compile a list of users for a subsequent advertising mailing campaign, then only an email address is required from customers. In other cases, they may also ask for the date of birth and place of residence, phone number, place of work, information about relatives and additional personal information.
Official information about the activities and purposes of the company owning a site that a user is visiting
- Data collection process.
- Use of the received data.
- Ensuring the protection of the personal data of users.
- Respect for user rights stipulated by company policy.
- Security policy update.
- Company contact information.
Also, many web pages sometimes use gadgets to collect statistics that show a user’s browsing habits. This includes the following data: which sections of the site a user most often visits, how quickly they view the information reflected on a website page, which order they prefer to open the tabs, as well as the time of using a particular page and the algorithm of actions on the site.
The collection of this data allows the site to improve its interface to make it more user-friendly when browsing. Such programs are part of a web page, and information that is collected in the process may be transferred to third parties.
Software gadgets are also used to broadcast certain advertisements to users. Instead of displaying random goods and services, such ads create a personalized experience and show the products that will most likely interest particular clients. Advertising companies sometimes use this information to promote their products, provided that this process is carried out in accordance with the law adopted in the territory of a particular country.