A Privacy Policy is not just for your website

An Insolvency Support Services (ISS) survey of 70 insolvency practitioners’ websites has revealed that only 25% contain any information about the rights of the various parties an insolvency practitioner will routinely process data about during the course of an insolvency engagement: debtors, directors, creditors, employees and other stakeholders.

While 80% of websites contained a privacy policy of sorts, 68% of these privacy policies related only to visitors’ use of the website and information collected about their website usage through cookies.

Most policies were found to be lengthy, generic templates which failed to adopt the “layering” approach recommended by the Information Commissioner’s Office. In one case, the privacy policy was labelled “US” and failed to mention the GDPR regulations at all!

Only 13% of the websites surveyed sought express permission for cookies and explained both the privacy policy in relation to the website and in relation to data held by the practice in connection with insolvency appointments.

Alison Curry, a director of ISS, commented: “These findings might not mean that practitioners are falling down in their GDPR obligations. They may be supplying the necessary information within privacy notices that are distributed by email or in hard copy during the course of insolvency proceedings. However, even if that is the case, these firms are missing an opportunity to make this information readily available at nominal additional cost and inconvenience, by placing it on their website. Of more concern would be if practitioners are failing to provide the relevant data subjects with an appropriate privacy notice, explaining their rights, the insolvency practitioner’s lawful basis for processing and the retention and destruction policies adopted by the practice.”

Do you have all the GDPR documentation that your firm needs in order to comply fully with the new legislation, both online and offline? ISS can assist you with insolvency-specific, layered, GDPR documents; including a full suite of policies, procedures and notices, which can be easily customised for use in your firm.

Was your firm surveyed? If you would like to know if yours was one of the firms surveyed, please get in touch for a no-obligation chat about our findings.

For further details, call 0845 6017570 or email enquiries@insolvencysupportservices.com

Research note:

Insolvency Support Services’ review surveyed the websites of 70 insolvency practitioners in London and South East England at the end of September 2018. Our main objective was to assess the extent to which insolvency practitioners’ have published a privacy policy on their website that satisfies GDPR requirements some four months after the new legislation came into force.

GDPR: practical support for IPs – supporting your business and issues on appointment

One of our recent webinars considered the forthcoming provisions of GDPR and the practical implications for IPs, in terms of our own businesses and those of the insolvent entities to which we are appointed. There is lots of generic advice out there, but little if any that is insolvency-specific. That’s where we can help.

We are designing policy and process documents for insolvency practitioners, a GDPR checklist for use on appointments and sample privacy notices for the different categories of people that insolvency practitioners will encounter. We can also provide bespoke webinars to support regular staff training and induction.

If you would like to know more about how we can help you meet your data processing obligations, please contact Alison Curry at ac@insolvencysupportservices.com

We can offer several options to help meet your specific needs:

  • GDPR checklist on Insolvency Appointment: priced at £500 plus VAT
  • Package of Sample Privacy Notices: priced at £750 plus VAT
    o Employees
    o Directors, shareholders and owners
    o Debtor clients
    o Creditors, book debtors and employees of insolvent entities
    o Marketing and Contacts
  • Package of Sample Policies and Registers: priced at £750 plus VAT
    o Data Processing Registers for Insolvency Practices
    o Data Breach Register
    o Sample Policies:
    – Employees (IP practice staff)
    – Confidentiality and Data Security
    – Special Category Data
    – Data Security Breach
    – Data Retention and Destruction
    – Subject Access Requests
    – Vulnerable Clients

Or purchase the complete package for £1,850 plus VAT

We can also offer bespoke webinars to support regular staff training and induction from £750 plus VAT.

Please contact Alison Curry at ac@insolvencysupportservices.com to discuss your requirements.

And don’t forget that our GDPR webinar: A practical approach to GDPR for IPs is still available for £50 plus VAT per view. Contact courses@insolvencysupportservices.com to register.