Member Article

UK firms breaching data protection rules

Nearly 20% of UK businesses have accidentally breached the rules of the Data Protection Act, according to a recent survey.

Nearly half of this number had unwittingly disobeyed the Act on several occasions. Another 18% said they may have broken the rules, but weren’t sure whether they had or not.

BSI, the organisation which carried out the research, said that a ‘breach’ of the Data Protection Act could refer to the illegal transfer of information to a third party, failure to hold information securely or neglect of other legal obligations.

The survey also found that 65% of businesses provide no data protection training for their staff, and that nearly half of those surveyed admit that there is no one in their business with specific responsibility for data protection.

18% of businesses even said that data protection is less of a priority in the current economic climate.

Mike Low, Director of Standards at BSI, said: “The five million small and medium sized businesses in the UK form the backbone of the British economy. These organisations are handling vast amounts of personal information on a daily basis and while it is encouraging that some already have appropriate data protection measures in place this survey shows that there is still a long way to go.”

Judy Baker, partner in the IT team at North law firm Ward Hadaway, has advised a range of public and private sector clients on data protection issues.

Judy said: “Data protection and information security is undoubtedly a hot topic at the moment, not just for politicians but also for consumer and customer confidence.

“Companies may think they are doing enough to cover themselves, but under data protection law, you can also remain responsible for your contractors, so you need to make sure you have the right agreement in place to protect your customers and yourself.

“Soon, there will be significant financial penalties for infringing data protection laws and, in the more extreme cases, the possibility of a prison sentence – so it is an area which companies cannot afford to ignore.

“While the law governing data protection and information security is complex, the Information Commissioner’s Office at www.ico.gov.uk provides a good starting point for companies to learn more about compliance.”

This was posted in Bdaily's Members' News section by Ruth Mitchell .