To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/smedirector/0,39024679,39168786,00.htm

SMEs in dark over data protection
But this needs to change, says info commissioner...

By Tim Ferguson

Published: Thursday 11 October 2007

Small and medium-sized enterprises are not as aware of the principles of the Data Protection Act as larger organisations, according to the Information Commissioner's Office (ICO).

Only 22 per cent of SMEs surveyed are aware the Act requires them to keep customer information accurate and up to date, according to research commissioned by the ICO.

silicon.com's Full Disclosure campaign - what we are asking for...

silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.

We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.

We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below, emailing us at editorial@silicon.com or signing the 10 Downing Street e-petition.

And only around half of respondents said they recognise the importance of keeping personal information secure.

The information commissioner, Richard Thomas, said these findings are a "considerable concern", when the increasing risk of identity fraud is taken into account.

He added that while individuals are urged to protect their personal information, businesses also have this responsibility - and must take it seriously.

Thomas said most organisations know it makes business sense to comply with the Act - according to the research, 94 per cent of businesses feel the legislation is needed.

The ICO has published official guidelines aimed at the SME sector, suggesting how they should train their staff to handle personal information properly.

Thomas added the ICO will not hesitate to take action against businesses that fail to protect customer information effectively.

The research was carried out in August and September this year and covered 813 organisations in the UK.