In his September 10, 2012 blog entry, Evans discusses the two-prong approach the ICO has taken in connection with implementing the cookies law and regulations:
Broadly speaking, there’s two ways we go about this: an education programme to inform the industry, and enforcement work to ensure compliance.This mirrors the approach taken by the U.S.' Federal Trade Commission ("FTC") in its privacy and data security activities, as with the moving deadlines and business education program around the Red Flags Rule. Both agencies understand that laws and regulations cannot fulfill their purposes if those who must comply with them are unaware of the requirements. In the privacy and data security area, this challenge is especially great for the numerous small and mid-sized businesses which may not have the personnel or other resources to keep abreast of either legal mandates or best practices. To reach those audiences, governmental agencies do well to partner with regional and local trade groups and educational institutions (such as Touro Law's Institute for Business, Law and Technology) to help spread the word.
So we’ve issued guidance and press releases, spoken at conferences, held meetings and workshops and even written to 75 of the most visited websites, asking what steps they had taken to achieve compliance and offering our help. We are working through the intelligence we have gathered to see if websites are taking action to increase the visibility of information about cookies, and already a fair number have.
But we’re balancing that with enforcement: for example, some sites have failed to engage with us at all, and they’re now being set a deadline to take steps towards compliance, with formal enforcement action likely if they fail to meet this deadline. Failure to act on an enforcement notice is a criminal offence.
(via TRUSTe on Twitter)
No comments:
Post a Comment