WIREDGOV

...but less than half of individuals believe that their data is handled properly

Businesses may be ‘waking up’ to their obligations under the Data Protection Act (DPA) but public confidence in how personal information is being handled continues to decline, the Information Commissioner’s Office (ICO) said last week.

New figures published recently show that nearly three quarters of businesses surveyed now know that the DPA requires them to keep personal information secure – up 26% on last year’s figure.

Despite this, public confidence has fallen - less than half of individuals surveyed believe that organisations process their data in a fair and proper manner. Concern is particularly high in relation to web-based businesses – almost three quarters of individuals believe that online companies are not keeping their details secure.

In addition, the number of data security breaches in the private sector continues to rise – 58% more breaches have been reported to the ICO so far in 2011/12 than in the same period last year.

Information Commissioner, Christopher Graham said:

“I’m encouraged that the private sector is waking up to its data protection responsibilities, with unprompted awareness of the Act’s principles higher than ever. However, the sector does not seem to be putting its knowledge to good use. The fact is that security breaches in the private sector are on the rise, and public confidence in good information handling is declining. Businesses seem to know what they need to do – now they just need to get on with doing it. It’s not just the threat of a £500,000 fine that should provide the incentive. Companies need to consider the damage that can be done to a brand’s reputation when data is not handled properly. Customers will turn away from brands that let them down.”

The ICO’s annual track survey looks at information rights issues across the board. Other figures released today show that awareness of citizens’ rights under the Freedom of Information Act is increasing.

More than nine out of ten public authorities surveyed are aware that individuals have a right to see information. The vast majority - 84% - also agreed that the Act is needed. Despite unprompted awareness of the Act among individuals being higher than ever, at 24%, respondents were sceptical that the information they’d like to see is actually being made public. Just half of those surveyed are satisfied that information is readily available and accessible.

Other figures published recently show that recognition of the ICO’s role as the enforcer of the Data Protection Act is now at 70% – the highest awareness level since the question was introduced to the annual survey in 2004. This increase is partly driven by the private sector; 53% of businesses surveyed now have a clear understanding of the ICO’s role in this area compared with 20% last year.

Mr Graham added:

“This survey highlights the increasing importance of accountability and transparency, and the public’s right to know. Almost all public authorities can see the clear benefits of having freedom of information laws. But more needs to be done to make sure that the right information is being made available since only half of citizens surveyed feel they have easy access to the information they want.”

The ICO’s 2011 annual track survey was undertaken by SMSR on behalf of the ICO. Nearly 2,500 individuals and over 800 companies were interviewed – both from the private and public sector.

Notes to Editors

1. The full research report is available at: http://www.ico.gov.uk/about_us/research/information_rights.aspx.

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection

4. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter. Our For the media page provides more information for journalists.

5. If you need more information, please contact the ICO press office on 0303 123 9070 or ico.gov.uk/press