Background

As of 26th May 2012, the EU e-privacy Directive requesting end user consent to store cookies will become law. This law was implemented in the EU last May 2011 however the Information Commissioners Office (ICO) allowed UK companies a years grace to understand and apply the changes required.

This law requires the user to actively consent to the use of certain cookies on each website the first time they visit it on their equipment. Exactly how this is to be implemented is at present vague and left to each company to decide themselves. All the new law does insist on is that, if certain cookies are used, each user of a machine / terminal is:

'a) provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

1. b) has given his or her consent.'*

What should you do to ensure Asset Bank complies with the new law?

There is only one cookie that is essential for Asset Bank to function, which is a session cookie used to maintain a user's session. Any other cookies it uses are used for optional functionality that can be 'turned off' if you require to minimise cookie use. See details of cookies used by Asset Bank

This session cookie is likely to be except from the 'right to refuse a cookie':

The Regulations specify that service providers should not have to provide the information and obtain consent where that device is to be used:

• for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or
• where such storage or access is strictly necessary to provide an information society service requested by the subscriber or user. *

* all quotes in italics taken from the ICO website. See the Cookies Regulations and the New EU Cookie Law on the ICO's website for more about the EU e-privacy Directive.

Therefore, if your Asset Bank is configured such that only this session cookie is used you may not need to take any action.

However, if you make use of optional functionality that uses cookies, or you want to be explicit even about the use of the session cookie, below are some suggestions for how to change your Asset Bank to make the user aware of its use of cookies and, if you require it, to obtain their consent.

Suggested Changes

We are not suggesting that all of our clients need to implement all, or even any, of these changes. These are suggestions for relatively simple changes you can make to Asset Bank if you decide you want or need to.

Add copy to the 'Login' page

You can change the copy that is shown on the login page as follows:

• Go to Admin->Content
• Click 'edit' next to the 'Page Copy' item.
• Find the item 'Login page copy' in the list.
• Click 'edit' and change the copy. For example, you could add a paragraph as follows:

Asset Bank may store cookies on your computer - by logging in you give your consent for this. View details of cookies used by Asset Bank

Ask the user explicitly to tick to give their consent

Asset Bank can be configured to show a Terms and Conditions checkbox on the login page. If the user does not check this checkbox then they cannot login. By default this is used to check that they have read the site's Terms & Conditions. However, you can change the text of this checkbox either to also include their permission to store cookies or just to say this.

To change the text shown to the right of this checkbox:

• Go to Admin > Content
• Click 'edit' next to the 'Labels' item.
• Find the item 'Label - Agree to terms' in the list.
• Click 'edit' and change the copy. For example, you could change it to:

I agree to comply with the Terms and Conditions of Asset Bank and I give my consent for it to store cookies on my computer

OR, just:

I give my consent for Asset Bank to store cookies on my computer.

Add copy to the home page

If your Asset Bank does not require users to view the login page, for example if it is available to the public or it uses Single Sign-on (SSO) then you may want to change the 'welcome' text on the home page to include information about the use of cookies. To change this text:

• Go to Admin-> Content
• Click 'edit' next to the 'Page Copy' item.
• Find the item 'Home page Welcome text' in the list.
• Click 'edit' and change the copy. For example, you could change it to:

Asset Bank may store cookies on your computer - by using this site you give your consent for this. View details of cookies used by Asset Bank

Change your 'Privacy Policy' link and page copy

Asset Bank contains a link called 'Privacy Policy' in its footer. You can change the name of this link as follows:

• Go to Admin-> Content
• Click 'edit' next to the 'Page Copy' item.
• Find the item 'Footer copy' in the list.
• Click 'edit' and change the name of the 'Privacy Policy'. For example, you could change it to: 'Privacy and Cookie Policy'

To change the copy of the Privacy Policy page, for example:

• Go to Admin-> Content
• Click 'edit' next to the 'Page Copy' item.
• Find the item 'Privacy Policy' in the list.
• Click 'edit' and change the copy, for example to contain a link to details of cookies used by Asset Bank

If you use the 'Remember me?' functionality:

We suggest changing the label of this check box to something like "Login automatically next time? (This will use a cookie to remember you next time you visit).