There is some new legislation regarding the use of internet cookies that you should be aware of. It sets out to give visitors greater transparency and control over what information is stored about them when using websites. The change to the legislation is small but focuses on getting consent from the visitor to store certain types of information (i.e. opt in) rather than offering them a way to opt out. The interpretation of this legislation and guidelines for compliance are quite woolly.
The bottom line is that they want to ensure that intrusive cookies – especially those centred around collecting personal information – cannot be used subtly, but have to be opted into. For most website owners, they may not use anything beyond analytics cookies to track anonymous visitor information or login cookies essential for authentication. These should be OK. We are not legal experts however and this should be checked to the satisfaction of your lawyers.
You have another year before anything can happen. I'd give it 6 months and see what others are doing or what developments there have been in the guidelines of this new law.
In the meantime, enjoy the abject failure to collect any data when the ICO implemented their own current guidelines.