Most Accounting Firm Websites are ‘Illegal’

Share this content

When was the last time your firm broke the law?

Given the professional nature of the accountancy community, it may surprise you that many firms are unknowingly breaking the law 24 hours a day, 7 days a week.

Illegal Accountants

Illegal? Moi?

Let’s talk about your website. Did you know that you are legally obliged as a business in the UK to have both Privacy and Terms of Use policies on your website? Of the accounting firm websites we tested, fewer than 25% have these policies.

The EU ePrivacy Law Is Here to Stay

There has been much talk too about what to do about the new EU ePrivacy law. So here is a quick bullet list of what you need to know:

  • It is here to stay… even if the interpretation of it has been somewhat watered down, it’s not going away
  • The deadline for this law has now passed (26th May 2012) and it is an EU-wide law that all firms need to comply with
  • All the main online websites and brands in the UK have now placed functionality on their websites to comply with this law
  • The law is open to interpretation but it now seems that most have settled for ‘implied consent’ where all visitors are informed by a visible message and have full disclosure in their website legal policies
  • Whilst the Information Commissioners Office is not likely to fine or go after every business which doesn’t comply, any business who does nothing is vulnerable to being reported and investigated by the ICO
  • It does not need to be intrusive to the website visitor and, installed correctly, will not affect the user experience

In time, it is our view that it is likely to become as accepted and normal as the opt-in tick boxes which appear on online and offline registration forms – which is why we took the step of making sure our website is compliant. There is very little reason not to be!

If you want any help, advice or a complete cookie compliance solution you can read more here


Please login or register to join the discussion.

20th Jun 2012 15:29

Disabled access ...

Don't forget disabled access -


Thanks (0)
22nd Jun 2012 09:11

Disabled accessibility is, of course, now a necessity of all modern websites, and should not be taken lightly.

However, any site which is 'accessible' may still be non-compliant if it doesn't give all visitors consent to use cookies (and, in fact, all forms of 'tracking' whether cookies or not).

Thanks (0)
By Old Greying Accountant
22nd Jun 2012 09:41

Scaremongering ...

... to drum up business!

If like 75% of accountants websites you effectively just have a virtual notice board, and do not capture and use "covert" information such as cookies, then you will not need this.

Even if you capture data from online registration forms, my understanding is this is covered by your Data Protection registration as it is explicitly and consensually given data, not secretly harvested unknown to the visitor.

May be I'm getting cynical in my old age?




Thanks (0)
22nd Jun 2012 10:09

Cookies - Does this help ...

cookies notification -

However, some sites may fail completely if cookies are denied because they are used to

Track shopping cartsSession ID's

One of the main problems with browser based applications is the difficulty with 'global variables' and each screen pretty much works in isolation - not knowing entries on the previous screen

There are a number of way of passing the information around, from QueryStrings (not cookie dependant), Session variables (cookie dependant - if not used in conjunction with db)

What the EU has failed to do in all their wisdom is make a distinction between cookies used to facilitate the internal operation of the application and those used to track site metrics for 3rd parties (Google Analytics) - hence the issue of potentially breaking existing applications

Thanks (0)
22nd Jun 2012 20:46

Failure to understand?

I suspect there is an awful lot of misinformation about the e-privacy Directive.

For a start off, web pages for which cookies are *essential* (shopping carts and the like) are specifically exempted from the UK's implementation of the Directive. If your "Contact Us" page uses session cookies to pass information from the form to its processor and then back to the form (for example, providing a non-javascript backup for form validation) will also be exempt under the essential use provision.

If, however, you use Google Analytics or Statcounter (or a similar statistics monitoring service), then the regulations apply. 

Thanks (0)
By Old Greying Accountant
23rd Jun 2012 17:06

Horse's mouth

Rather than listen to scare-mongering by those with vested interests, have a listen to the official line here: 

If you hear it the same as me, the chances of you getting anything more than some sound advice from ICO are very negligible.

Get informed, then make your decision, but find someone who doesn't abuse public forums for private gain.


Thanks (0)