Blog

If you are based in the UK and store any information about an individual on your web site, you are bound by the Data Protection Act 1998 and other UK and European laws. The information you store could simply be a mailing list or a guestbook, or it might be more in-depth, such as customer orders through an online store, or an affiliate scheme. Either way, choosing the correct hosting provider then becomes a more serious issue.

So what does this mean for me?

Essentially, there are two key principles within the act that you must be aware of when choosing your web hosting:

First Principle:

"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."

The key to this principle is "Appropriate technical and organisational measures". Today, hacking of web sites in widespread, and the benefits of firewalls and other security measures well-known. Therefore, in choosing a supplier who does not value these elements of security, you are essentially negating your responsibilities for securing the personal data. In the event that anything should happen to the data you store (for example, if your web site were hacked), your clients may have recourse under the Act to demonstrate that you had be negligent with their information.

Ampheon believe that security is paramount. This is why our servers are protected with firewalls, covered by the latest security releases, and actively monitored for untoward activity.

Second Principle:

"Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection of the rights and freedoms of data subjects in relation to the processing of personal data."

Why is there such a disparity in the pricing of web hosting? One reason is that some hosting providers have their servers in the United States, where the costs are less than in Europe. However, as the second principle above discusses, any data you collect should remain within the European Union (as an example of protection, the US does not currently have any federal laws against sending unsolicited mail). So, if your mailing list is stored on a server in the United States, you may be storing the data outside the guidelines of the Act.

Ampheon's web servers are based within the United Kingdom, and are therefore fully covered by this second principle.

Further Information:

• Information Commissioners Office

By Chelsey Evans

Follow @AmpheonLtd