Brand owners are leading the way in data protection compliance, according to a series of reports by the regulator, although as so few have agreed to an audit they are being warned not to “rest on their laurels”.
The findings have been released across four reports that summarise the outcomes of over 60 Information Commissioner’s Office audits carried out in private and public sector organisations.
“The private-sector organisations we have audited so far should be commended for their positive approach to looking after people’s data. However, this does not mean that businesses in the UK should rest on their laurels,” said Louise Byers, head of good practice at the ICO. “We are still seeing relatively few companies agree to an ICO audit and further improvements can be made, particularly when it comes to the retention and deletion of data,” she added.
Only one in 15 organisations in the health service that were audited and only one in 19 in local government provided a high level of assurance to the ICO. Just two out of 11 government departments that the ICO examined achieved the highest level of assurance.
“While the NHS and central government departments we’ve audited generally have good information governance and training practices in place, they need to do more to keep people’s data secure. Local government authorities also need to improve how they record where personal information is held and who has access to it,” said Byers.
“Organisations in these areas will be handling sensitive information, often relating to the care of vulnerable people. It is important that we have the powers available to us to help these sectors improve,” she added.
The audits were carried out between February 2010 and July 2012.
