A survey of over 500 SMEs carried out by the British Standards Institution (BSI) has found that nearly one in five businesses has unwittingly breached the Data Protection Act (DPA) at least once.
Almost 50% of businesses said they had breached the DPA on several occasions and an additional 18% said they were not sure whether they had or not.
A “breach” could refer to the illegal transfer of information to a third party, failure to hold information securely or neglect of other legal obligations.
The survey provides a snapshot of how UK businesses manage the personal information they hold on staff and customers, including sensitive data such as racial or ethnic origin, trade union membership and criminal proceedings. It was carried out to mark the publication of a new British Standard on data protection which will help organizations put in place a framework for maintaining and improving compliance with data protection legislation and good practice.
The survey also found that:
- 65% of businesses provide no data protection training for their staff;
- nearly half of those surveyed admit that there is no one in their business with specific responsibility for data protection;
- 15% of businesses are not confident that their data sharing practices conform to the DPA and, worryingly, almost 5% of these frequently share data regardless;
- 18% of businesses said that data protection is less of a priority in the current economic climate.