02 Jun 2009
Nearly one in five small businesses admit to unwittingly breaching the Data Protection Act (DPA), according to research.
The survey by standards body BSI suggests that half of these firms have repeatedly flouted the act, while 18 per cent were not sure whether they had or not.
Two-thirds of the 516 small- and medium-sized businesses polled do not provide data protection training for staff, while nearly half do not have anyone specifically employed to ensure legal compliance – despite the law stipulating that all organisations dealing with personal information must have someone assigned as a data controller.
And 18 per cent of respondents said data protection was less important during the economic downturn, despite the continuing bad publicity surrounding data-loss incidents.
“The five million small- and medium-sized businesses in the UK form the backbone of the British economy. These organisations are handling vast amounts of personal information on a daily basis, and while it is encouraging that some already have appropriate data protection measures in place, this survey shows that there is still a long way to go,” said Mike Low, director of standards at BSI.
The BSI has today launched a new British standard for data protection to help firms achieve best practice and regulatory compliance.
The BS10012 standard provides the framework for effective management of personal information. It can be used by organisations of any size and sector to create a tailored management system which includes procedures in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties.
“A third of businesses we surveyed stated that the complexity of the legislation restricts their compliance with the DPA,” said Low.
“BS10012 addresses this and many other issues, providing organisations with a framework for maintaining and improving compliance.”
It's no wonder that almost one in five businesses in the UK has breached the Data Protection Act (DPA) at least once, in fact in reality it is probably more than that.
Recent research we have undertaken shows how a large proportion of IT managers are largely unaware of which employees have access to which systems. If you don't know who has access to your system then how do you know that you are plugging all the potential holes?
The time for overconfidence has passed. It is important for IT managers to start undertaking regular audits of their systems, ensuring that employees have access to only the information they need to do their jobs. Otherwise the DPA will continue to be breached, whether accidentally or through malicious intent.
Posted by: Stuart Hodkinson, UK General Manager, Courion 04 Jun 2009
Have your say on this article
Newsletters
Latest stories from Privacy
Latest videos
You may also like
Privacy jobs
Will Google’s new privacy policy impact how you use its services?
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
Join us to meet other professionals tackling this issue, and hear from Goy Roper, interim head of ICT of Norfolk County Council how his organisation deployed a flexible and intelligent network to cope with the challenge
Date: 07 Mar 2012
Time: 9am
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
