Only half of the big businesses which hold personal customer data are aware of the need to store it securely, according to a survey by the Information Commissioner’s Office, which exposes high levels of ignorance among firms about data laws.
This lack of awareness is reflected in the large number of organisations taken to task by the ICO for data protection breaches. The ICO was recently given extra powers by the Government, meaning it can fine miscreants up to £500,000. Previously the maximum fine it could impose was just £5,000.
The ICO Annual Track 2010 found that just 48 per cent of private and 60 per cent of public sector organisations said, unprompted, that they should store personal information securely.
The research also found that just 14 per cent of all organisations can identify the Eight Data Protection Principles unprompted, a fall of 8 per cent on the same survey in 2007.
This is in stark contrast to consumer awareness of the Data Protection Act, with nearly 90 per cent of individuals having a clear understanding of their right to see information about them held by an organisation.
Some 84 per cent know that they can request information from authorities through the Freedom of Information Act. Around 80 per cent described the Freedom of Information Act as ‘necessary’, while 93 per cent said that the Data Protection Act is ‘necessary’.
Information commissioner Christopher Graham said this should act as a warning to businesses. “Individuals are concerned about the collection and secure storage of their personal information. Ignoring data protection obligations is ignoring a key customer concern,” he said. “Businesses need to show that they are taking data protection seriously. Failing to do so could not only lead to enforcement action, but do significant damage to their reputation.”
