Three-quarters of the organisations that employ a data protection officer are unprepared for an important change in privacy law.
A survey of 40 data protection staff by training provider Keep IT Legal has found that only 27% had completed a full data audit, including manual systems, as required by the latest Data Protection Act.
Employers have had to audit the type, location and uses of computer data for years. The inclusion of manual systems is one of a series of changes that most organisations have to comply with by 24 October 2001.
The 2001 deadline applies to those that were already handling personal data on 24 October 1998.Anybody setting up since then has to comply immediately.
The survey, conducted after a specialist conference, found that three-quarters of the data protection officers had computer-related jobs on top of their privacy roles. On average, only a third of the specified officer's role was spent on data protection.
Ian Burkland, managing director of Keep IT Legal, said, "There is no way that anyone who hasn't carried out a full data audit can comply with the new legislation and yet 94% of respondents claimed they would be ready in time for the 2001 deadline.
"The fact that most data protection roles are still in computing means that either IT staff will have to get involved in the rest of the organisation, or manual systems will fall by the wayside."
Jonathan Bamford, assistant data protection commissioner, said that the Data Protection Commission was working on guidance on data audits that would be available by this autumn.
"We will have no sympathy for people that wait until 24 October 2001 to begin work on data audits," Bamford said.