Data protection worryingly poor in SMEs

AROUND one in five businesses has unwittingly breached the Data Protection Act (DPA) at least once according to a survey of more than 500 small and medium businesses.

The survey, which was conducted by the British Standards Institute (BSI), showed that nearly half had breached the act on several occasions while an additional 18% said there weren’t sure whether they had or not.

A ‘breach’ can refer to the illegal transfer of information to a third party, failure to hold information securely or neglect of other legal obligations.

The study also found that more than 60% of businesses provide no data protection training for their staff.

Almost half admitted that there is no one in their business with specific responsibility for data protection.

Confidence over data sharing practice was also shakey with 15% of firms saying they did not think they were compliant with the DPA. More worryingly, 18% said that data protection was less of a priority in the current economic climate.

Mike Low, director of tandards at the BSI, said: “The five million small and medium sized businesses in the UK form the backbone of the British economy.

“These organizations are handling vast amounts of personal information on a daily basis and while it is encouraging that some already have appropriate data protection measures in place this survey shows that there is still a long way to go.

The survey co-incides with the launch of a new BSI standard – the BS 10012 – which provides organisations with a framework for maintaining and improving compliance.

It is the first standard of its kind in the area of Data Protection and is expected to be used widely by both public and private sector organisations.