Skip navigation

Data dilemma: one in five businesses admit breaching Data Protection Act

05 June 2009

Almost one in five businesses has unwittingly breached the Data Protection Act (DPA) at least once according to a survey of over 500 small and medium businesses conducted by BSI*. Of these, nearly half said they had breached the Act on several occasions and an additional 18% said they were not sure whether they had or not. A ‘breach’ could refer to the illegal transfer of information to a third party, failure to hold information securely or neglect of other legal obligations. 

The survey provides a snapshot of how UK businesses manage the personal information they hold on staff and customers, including sensitive data such as racial or ethnic origin, trade union membership and criminal proceedings. It was carried out to mark the publication of a new British Standard on data protection which will help organizations put in place a framework for maintaining and improving compliance with data protection legislation and good practice.

Survey Results

The survey also found that:

  • 65% of businesses provide no data protection training for their staff.
  • Nearly half of those surveyed admit that there is no one in their business with specific responsibility for data protection.
  • 15% of businesses are not confident that their data sharing practices conform to the DPA and worryingly, almost 5% of these frequently share data regardless.
  • 18% of businesses said that data protection is less of a priority in the current economic climate. 

Mike Low, Director, Standards, BSI, said: “The five million small and medium sized businesses in the UK form the backbone of the British economy. These organizations are handling vast amounts of personal information on a daily basis and while it is encouraging that some already have appropriate data protection measures in place this survey shows that there is still a long way to go.

“A third of businesses we surveyed stated that the complexity of the legislation restricts their compliance with the DPA. BS 10012 is a new standard, published by BSI today, which addresses this and many other issues, providing organizations with a framework for maintaining and improving compliance.”

Gordon Wanless, Chairman of the Data Protection Forum, said:  “The BSI survey backs up what we have known for some time – that many organizations find the legislation in this area complex. The standard can help organizations put in place the measures which will lead to compliance and demonstrate that they are handling personal information responsibly.

“BS 10012, launched by BSI today, is the first standard of its kind in the area of Data Protection and is expected to be used widely by both public and private sector organizations.”

Protect and maintain

The new British Standard, BS10012, Data protection – Specification for a personal information management system has been developed to establish best practice and aid compliance with data protection legislation.  It is the first standard for the management of personal information.

Rather than prescribing exactly how operations should be run, BS 10012 provides the framework which will enable effective management of personal information.  It can be used by organizations of any size and sector to create a tailored management system which includes procedures in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties.   

BS 10012 was developed by a panel of experts including representatives from industry, government, academia and consumer groups. A three month public comment period produced a high number of comments all of which were considered by the panel before preparation of the final version of the standard.

BS 10012 Data protection. Specification for a personal information management system was launched on Tuesday 2 June 2009 at the Data Protection Forum in London.

 

* This survey was conducted on behalf of BSI by Opinion Matters/ Tickbox.net between 11/05/2009 and 18/05/2009 amongst a nationally representative sample of 516 senior decision makers in SMEs.

 

© British Standards Institution 2009. This article was first published on BusinessStandards.com, BSI Group's online corporate magazine, in June 2009. It has been reproduced here with permission.

Want to comment? Post a message on the Talking Business Continuity Forum.

You'll find free BCM resources and links to publications in Useful Business Continuity Management resources. There are links to Business Continuity training courses and advice on getting certified to BS 25999, the internationally recognised standard for Business Continuity Management.

Email Newsletter

Subscribe to our newsletter Subscribe to our newsletter to receive the latest Business Continuity Management news and information.

Training courses

View our BCM training courses View our Business Continuity training courses offered worldwide. These cover every aspect of BS 25999, the world's first British standard for BCM.
Feedback Form