> Can anyone recommend a good dumbed-down resource online which > outlines what information you legally can and cannot hold > online in a date store? Another thought: if your leased server is physically located outside of the European Economic Area (e.g. in the US) then I think you need to be wary of the regulations about internation transfer of personal data: http://www.ico.gov.uk/what_we_cover/data_protection/international/intern ational_transfers.aspx Jason