Last week web analytics company Site Intelligence warned that companies that allow third-party cookies on their web sites run the risk of exposing sensitive personal information about their customers, and could be breaking the law. This development followed the DTI's statement last month that companies using cookies on their sites will have to warn consumers that the technology is operating.

John Woods, director at Site Intelligence, said his company had studied the use of cookies on the web sites of financial services companies, and found some worrying results. He said the privacy policies of many of the sites were "sloppy", adding that the use of shared third-party cookies ought to be avoided where possible. "Operators of web sites that use such cookies are taking on a significant risk," said Woods. "There is not much benefit in tracking customers through a third party. Companies could do the same things using their own first-party data. That would be much more transparent to the user and much better from a legal and data protection point of view." Woods said some third-party shared cookies come from providers serving up to 1,000 sites - meaning that the same cookie could gather personal information at all these locations. According to Woods this is dangerous because separate pieces of information could be linked together - for example, details of the bank a person uses might be linked to their email address.

"You potentially have a very rich source of personal data," he explained. "With some malicious intent you could use that information in all sorts of ways." Woods added that although systems could be set up to protect personal information and data there could be major problems if that security was compromised, because of the potentially huge amount of data that could be accessed.

To reduce problems, Site Intelligence said firms should give their customers as much information about the cookies and their use as possible. This would involve a clear statement that cookies are in use, an explanation of what they are being used for, details of which company - or companies - have issued the cookies, and confirmation that any third-party cookies will adhere to recognised privacy rules.

In its research Site Intelligence found that only 11 percent of the companies already using third-party cookies complied with this best practice. At the link below, Site Intelligence offers guidelines for firms creating their own cookie policies.