All in the <head>

– Ponderings & code by Drew McLellan –

– Live from The Internets since 2003 –

About

Data Protection

22 December 2003

Most web applications store an amount of personal data about its users such as email and post addresses, date of birth and so on. In the UK, the Data Protection Act lays out 8 principals which businesses and organisations storing such personal data must adhere to. There are exemptions (such as small clubs etc) but any company needing a decent sized web application developed is likely going to need to register. One of the principals states that data must be kept up-to-date, and another that you should only keep the information for as long as you need it. This is an obvious area where a web application should be able to help the company meet its legal obligations, but I should imagine that few take the opportunity. Here’s an idea of how user-centric web applications could take some simple steps to help the companies they serve to make sure data is both up-to-date and kept no longer than necessary – posted mainly for my own purposes so that I don’t forget.

First of all you would define two business rules. The first is the length of time data should be held after the user last used the site – it might be something like three or six months. Each time the user logs in you timestamp a ‘last login’ column against their record. Then all you need to do is schedule a script to run through the database periodically and flag users who have been inactive for longer than 3 months for deletion. Larger RDBMSs will often enable you to schedule a stored procedure to do this. Neat.

The second rule you need to define is the guessable life-span of the data you’re collecting. If it’s someone’s snailmail address, you might decide that it’s likely to be good for at least 12 months. In a ‘last updated’ column mark the date the record was created. Update this column each time the user visits their profile page and makes a change to the data (importantly – not when your application programmatically updates the row, so a trigger wouldn’t work). When the user logs in, check that the date in this column isn’t more than 12 months ago – if it is, redirect the user to their profile page and don’t let them into the site until they’ve confirmed the details are correct.

I’m not a lawyer (obviously) but I should imagine that if the company running the site were to be questioned on their compliance with the Data Protection Act, they could point to mechanisms such as those described here and it be deemed that they have taken reasonable steps to ensure that data is both up-to-date and kept no longer than necessary. Not exactly rocket science, but something that could easily be added to a web application that would bring an awful lot of value.

- Drew McLellan

Comments

Tags

Comments

  1. § george: I dont know if it will be much interest, but I can recommend ”Professional Issues in Software Engineering.” @ 26 quid it’s a but steep, but think of it as an invesment.


    George
  2. § Drew: Is that this one, George? In what way was it most useful?
  3. § George: I had to buy it for one of my classes at uni. this one https://www.cis.strath.ac.uk/teaching/ug/classes/52.235/ to be precise. FWIW the BCS (British Computer Society) insist on this subject being taught to Computer Science/Software Engineering students and other computer related subjects.

    I just found that the topics relevant to the real world, not as abstract, as I imagined. As it so happened I was faced (in the course of some freelance work) with two of the ethical issues covered in the book, and I was grateful for the guidance.

    it also has excellent coverage of the Data Protection act and the Computer Misuse act.

    George

Photographs

Work With Me

edgeofmyseat.com logo

At edgeofmyseat.com we build custom content management systems, ecommerce solutions and develop web apps.

Recent Links

Affiliation

  • Web Standards Project
  • Britpack
  • 24 ways

About Drew McLellan

Photo of Drew McLellan

Drew McLellan has been hacking on the web since around 1996 following an unfortunate incident with a margarine tub. Since then he’s spread himself between both front- and back-end development projects, and now is Director and Senior Web Developer at edgeofmyseat.com in Maidenhead, UK (GEO: 51.5217, -0.7177). Prior to this, Drew was a Web Developer for Yahoo!, and before that primarily worked as a technical lead within design and branding agencies for clients such as Nissan, Goodyear Dunlop, Siemens/Bosch, Cadburys, ICI Dulux and Virgin.net. Somewhere along the way, Drew managed to get himself embroiled with Dreamweaver and was made an early Macromedia Evangelist for that product. This lead to book deals, public appearances, fame, glory, and his eventual downfall.

Picking himself up again, Drew is now a strong advocate for best practises, and stood as Group Lead for The Web Standards Project 2006-08. He has had articles published by A List Apart, Adobe, and O’Reilly Media’s XML.com, mostly due to mistaken identity. Drew is a proponent of the lower-case semantic web, and is currently expending energies in the direction of the microformats movement, with particular interests in making parsers an off-the-shelf commodity and developing simple UI conventions. He writes here at all in the head and, with a little help from his friends, at 24 ways.

Recommended