One of the requirements is that the full name of the person responsible for data control is provided. This information can be given at the beginning of the policy.
The Data Protection Act does not require that persons in charge of data control provide a representative. However, if a representative is named, these details must be given in the policy.
To ensure that the data subject's consent to data processing is considered informed, the type of data that the site will process should be listed. For many sites, this information is obvious, but policies should refer to data that are collected automatically or that are collected from forums and discussion groups. The policy should also refer to data that is collected from other means than directly through the data subject.
Cookies and IP Addresses
Data files that are placed on computer hard drives are known as cookies. These data files allow Web sites to determine if a user is a return customer whenever the user visits the Web site again. These data files may also be used to review how a user uses a Web site. Browsers usually accept cookies automatically, but users may change their browser settings so that cookies can only be accepted by clicking on an accept button.
Personal Data Storage
Users should be informed if a Web site operator plans to give access to data or sell data to third parties, and the purpose of this disclosure must be given to users. One example of disclosure is selling a customer list to marketing companies or advertisers. Data controllers need to have the ability and authorization to transfer data if a business is being sold.
Under section 7 of the Data Protection Act, an individual may make a request in writing to be informed if personal data is subject to processing or to be informed of the purposes of such data collection. These requests must be made to data controllers.