- Obtain and process information fairly.
- Keep it only for one or more specified, explicit and lawful purposes.
- Use and disclose it only in ways compatible with these purposes.
- Keep it safe and secure.
- Keep it accurate, complete and up-to-date.
- Ensure that it is adequate, relevant and not excessive.
- Retain it for no longer than is necessary for the purpose or purposes.
- Give a copy of his/her personal data to than individual, on request.
A Privacy Statement is public declaration of how the organisation applies the data protection principles to data processed on its website. It is a more narrowly focused document and by its public nature should be both concise and clear.
Under Republic of Ireland legal requirements, two distinct pieces of legislation apply.
- The Data Protection Acts 1988 & 2003
- Statutory Instrument Number 535 of 2003 European Communities (Electronic Communications Networks and Services)(Data Protection and Privacy) Regulations 2003 ('SI 535/2003')
Roughly speaking a web site requires a Privacy Statement if the site does any of the following.
- Collects personal data (visitors filling in web forms, feedback forms, etc).
- Covertly collects personal data (IP addresses, e-mail addresses.)
The Orlogix website www.orlogix.com does all three.
Please note that the use of the word "Covertly" above does not automaticaly imply any negative behaviour. It effectively means "automatic and in the background without the explicit observation of the visitor". Many such processes occur on a typical PC and some information such as IP address can typically only be collected in this way.
For more info please visit the Republic of Ireland Data Protection Commissioner at http://www.dataprotection.ie/docs/PrivStatements/290.htm