You need to be aware of data protection issues if you are requiring or encouraging your users to sign up to external sites and thus disclose personal data. You should always make clear that data is held by the external service provider and not the University.

Essential
If requiring users to sign up to a site:

• Do the site's terms of service include a section on data protection/privacy?
• If data is to be held outside the EEA, are their data protection standards compliant with the DPA?

Desirable

• Can users participate anonymously (eg, by posting anonymously or using aliases)?
• Does the site use tracking cookies? This should be avoided as it collects and transfers a certain amount of personal data without the user's consent.
• Is it clear, when signing up or logging in, that users are signing up to the application, and not to a University-owned service? This is particularly important to consider when branding a service.

JISC has an extensive web 2.0 section in their revised code of practice on the Data Protection Act, which can be found online at: http://www.jisclegal.ac.uk/publications/DPACodeofPractice.htm#_Toc197501973.