A Privacy Policy is not just for your website

An Insolvency Support Services (ISS) survey of 70 insolvency practitioners’ websites has revealed that only 25% contain any information about the rights of the various parties an insolvency practitioner will routinely process data about during the course of an insolvency engagement: debtors, directors, creditors, employees and other stakeholders.

While 80% of websites contained a privacy policy of sorts, 68% of these privacy policies related only to visitors’ use of the website and information collected about their website usage through cookies.

Most policies were found to be lengthy, generic templates which failed to adopt the “layering” approach recommended by the Information Commissioner’s Office. In one case, the privacy policy was labelled “US” and failed to mention the GDPR regulations at all!

Only 13% of the websites surveyed sought express permission for cookies and explained both the privacy policy in relation to the website and in relation to data held by the practice in connection with insolvency appointments.

Alison Curry, a director of ISS, commented: “These findings might not mean that practitioners are falling down in their GDPR obligations. They may be supplying the necessary information within privacy notices that are distributed by email or in hard copy during the course of insolvency proceedings. However, even if that is the case, these firms are missing an opportunity to make this information readily available at nominal additional cost and inconvenience, by placing it on their website. Of more concern would be if practitioners are failing to provide the relevant data subjects with an appropriate privacy notice, explaining their rights, the insolvency practitioner’s lawful basis for processing and the retention and destruction policies adopted by the practice.”

Do you have all the GDPR documentation that your firm needs in order to comply fully with the new legislation, both online and offline? ISS can assist you with insolvency-specific, layered, GDPR documents; including a full suite of policies, procedures and notices, which can be easily customised for use in your firm.

Was your firm surveyed? If you would like to know if yours was one of the firms surveyed, please get in touch for a no-obligation chat about our findings.

For further details, call 0845 6017570 or email enquiries@insolvencysupportservices.com

Research note:

Insolvency Support Services’ review surveyed the websites of 70 insolvency practitioners in London and South East England at the end of September 2018. Our main objective was to assess the extent to which insolvency practitioners’ have published a privacy policy on their website that satisfies GDPR requirements some four months after the new legislation came into force.