Almost one in five businesses has breached the Data Protection Act (DPA) at least once, and nearly two-thirds do not train their staff on the issue, according to a survey by BSI.

Nearly a fifth of businesses have breached the Data Protection Act, according to a survey of 500 small and medium sized businesses, carried out by BSI – the British Standards Institution – which is today publishing a data protection Standard, for the treatment of the personal information which businesses hold about staff and customers.

Some of these breaches involved leaking personal information to third parties, while others involved holding personal information improperly or without the owner’s consent. The survey does not specify how many of the breaches involved data leaks, but half the companies that admitted to a breach said they had probably breached it many times, and another 18 percent of the sample admitted they did not know whether they had breached the Act or not.

Despite this situation, 65 percent of businesses provide no data protection training at all for their staff, according to the survey, and in half of them there was no-one with responsibility for data protection. The report turned up other worrying facts, with 18 percent of businesses saying that “data protection is less of a priority in the current economic climate”.

The new British Standard for the management of personal information, BS 10012, is intended to provide a framework for companies complying with the Act. The Standard, “Data protection – Specification for a personal information management system” is being launched at today’s Data Protection Forum meeting in London.

Five million small and medium sized businesses in the UK handle vast amounts of personal data and the survey showed they need to get their act together, and the problem may be dealing with the complexity of the regulations, said Mike Low, Director of standards at BSI: “A third of businesses stated that the complexity of the legislation restricts their compliance with the DPA. The new standard addresses this and many other issues, providing organisations with a framework for maintaining and improving compliance and demonstrating that they are handling personal information responsibly.”

Originally formed as the British Standards Institution, to ratify national standards in all areas, BSI has been making a name for itself in business management standards, which are often accepted as international ISO standards which BSI markets worldwide under the name BSI Group. These standards include areas like quality (ISO 9001, developed from BS 5750) and security management, (ISO 27001, developed from BS 7799).

Like these estalbished standard, BS 10012 does not prescribe exact methods, but explains best practice and sets a framework. Any kind of organisation can use it to create their own tailored management system, said Low. Experts from industry, government, academia and consumer groups contributed to the standard, and comments from the public were gathered during a three month public comment period before the final version was published today.

The research on data breaches was conducted on its behalf by Opinion Matters.

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

View Comments

  • Nonsense. Walk around your office, can you see any personal data to which you should not have access - on a desk, in the bin perhaps? The mindset of employees still has not been focussed on security. Sure, there are organisations with a great focus on security but where did that statistic come from?

    http://infosecrecy.blogspot.com/

  • It?s no wonder that almost one in five businesses in the UK has breached the Data Protection Act (DPA) at least once, in fact in reality it is probably more than that. Recent research we have undertaken ourselves shows how a large proportion of IT managers are largely unaware of which employees have access to which systems. If you don?t know who has access to your system that how do you know that you are plugging all the potential holes? The time for over confidence has passed. It is important for IT Managers to start undertaking regular audits of their systems, ensuring that employees have access to only the information they need to do their jobs. Otherwise the DPA will continue to be breached, whether accidently or through malicious intent.

    Stuart Hodkinson, UK General Manager, Courion (www.courion.com)

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

6 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

8 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

10 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

10 hours ago