Table of Contents
UK business owners are becoming increasingly aware of the power of a well-run website. In fact, the strength of your company’s website could be the difference between poor and great sales. Many UK businesses utilise a Website Acceptable Use policy to control the conduct of their website users. This article will explore the main advantages of a Website Acceptable Use policy and how they can help your business control the use of its website.
What is a Website Acceptable Use Policy?
This online document provides rules on what site users can and cannot do. Some policies show good and bad behaviour and explain any adverse consequences.
Whilst these types of policy differ depending on the type of business, many will reference some of the following:
- that website users must comply with the law of their country when browsing the website;
- that any attempt to gain entry to locked areas of the website (or hack the server) will result in a permanent ban;
- that abusive behaviour towards other users or staff members will result in a warning, suspension or ban;
- that the website contains content that is subject to copyright or constitutes Intellectual Property (IP), so they must obtain authorisation before copying wording or images;
- that suspicious activity (such as heavy traffic from an IP address) may be treated as an attempt to overload the website and result in disconnection; and
- that any unlawful activity on the website may result in referral to law enforcement agencies.
Let us explore some advantages of a good Website Acceptable Use policy below.
1. Ability to Block Abusive Users
Every business owner wants their website to be an attractive and safe place for users. In this way, it is important to set clear boundaries over unacceptable content and behaviour.
So, for example, if your website allows users to review items, it is helpful to make clear that you will not hesitate to suspend or ban users for abusive language. On a lower level, it may be beneficial to make clear that a moderator will delete aggressive or offensive comments.
Continue reading this article below the formCall 0808 196 8584 for urgent assistance.
Otherwise, complete this form and we will contact you within one business day.
2. Helps Cybersecurity Measures
The General Data Protection Regulation (UK GDPR) requires organisations to take active cybersecurity measures to protect their websites and servers. This is because your IT system and servers will contain personal information, and any unauthorised use of this data will constitute a GDPR breach.
In this way, it is crucial to have a Website Acceptable Use policy that clarifies that your business will block and ban any user who attempts to enter unauthorised parts of the website. This demonstrates that your organisation will act decisively to protect any electronic network or website that contains personal data.
Any failure to stop unauthorised attempts to access personal information belonging to your staff, customers or other individuals is likely to result in a hefty fine from the Information Commissioner’s Office (ICO). This is because the ICO views it as within the public interest to heavily fine organisations that do not take data protection law seriously.
3. Evidence of Intention to Comply With the GDPR
Let us quickly consider a worst-case scenario. Your website processes personal information from its users, such as email addresses, full names and payment information. However, it suffers a significant cyberattack, and cybercriminals steal most of this information.
Your company must inform the ICO of any data breach, including cyber-attacks. Upon doing so, the ICO is likely to start a formal investigation into the cyber attack. This ICO investigation will explore whether your organisation should have taken better steps to guard against such an attack.
Most ICO investigations conclude that the organisation could have done more to prevent the cyber attack. This usually results in the ICO considering the imposition of a substantial (and public) fine against the UK organisation.
A solid Website Acceptable Use policy alongside evidence of conducting site bans against suspected hackers constitutes sound mitigation in the ICO’s eyes. This may help your organisation in two ways, which include:
- demonstrating that your business takes every reasonable precaution possible to guard against cyber-attacks; and
- arguing that they should reduce any prospective financial penalty in light of the mitigating circumstances (for example, having and following an effective acceptable use policy).
Key Takeaways
A Wesbite Acceptable Use policy can be incredibly beneficial for your business. However, it will only help your company effectively police its website and ensure good data processing practices if you follow its rules. For this reason, many business owners instruct lawyers to draft and implement acceptable use policies. Doing so also helps businesses argue that they have taken practical data protection steps within any ICO investigation. This is particularly useful given the ICO’s ability to fine UK organisations up to £17.5m for unauthorised use of personal information within a company’s IT network or website.
If you need help drafting a Website Acceptable Use policy, our experienced Data, Privacy and IT lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.
Frequently Asked Questions
No, the GDPR imposes various legal obligations on UK organisations concerning data privacy and protecting sensitive data. However, having one is good practice and constitutes a decent starting point in complying with the GDPR and Data Protection Act.
Many UK companies will utilise a Privacy Policy and employ a data controller or Data Protection Officer to carry out annual Data Protection Impact Assessments (DPIA). Most DPIAs will review the wording and effectiveness of website policies.
We appreciate your feedback – your submission has been successfully received.