The Data Protection Act is a morass of ill-defined requirements, but the best practice is relatively clear. Users must be given the opportunity to opt into any electronic communications you would like to send them, and they must always be given the opportunity to unsubscribe. There is only one exception: you have a legal right to contact people about financial transactions.
In practice, every form on your website should have an opt-in check box for communications you would like to send out. Whether people are completing job applications, signing up as campaigners or giving money, if you want to send them anything more than an acknowledgement you should be asking them to opt in to those communications.
Complexity arises when you want to offer more than one form of communication - for example, more than one email newsletter. The options are either to offer a complex sign-up form, whereby people opt in to what they want, or to offer a single sign-up and then use the first email sent to offer them options to sign up to the range on offer.
The one simple sign-up you can offer without a tick box is to an email newsletter. If your online or printed form says "sign up to our e-news", you do not need an opt-in tick box as long as you only use the email address for e-news. Several barristers have confirmed that the act of completing the email sign-up is considered an opt-in, so long as it is to a single, named subscription.
Once you have an opt-in, it is vital you offer an opt-out option on every message you send. Otherwise, you will be in breach of the act. And make sure you respect the wishes of people who unsubscribe. The act is a matter of trust, and the sector must be seen to do its best to comply with users' preferences.
- Sue Fidler is an independent charity ICT and internet consultant.